CVE-2026-31381

CVE-2026-31381 and related entries describe a Gainsight Assist plugin information-disclosure vulnerability. The core issue is that user email addresses (PII) are exposed in base64-encoded form via the OAuth callback URL’s state parameter. This can allow an attacker to recover emails if the OAuth ...

CVE-2025-68596 WordPress Bit Assist plugin <= 1.5.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through = 1.5.11...

EUVD-2025-1885

Malicious code in bioql PyPI...

EUVD-2023-44311

Malicious code in bioql PyPI...

EUVD-2025-1884

Malicious code in bioql PyPI...

CVE-2023-3667

The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0822

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...

CVE-2024-13791

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...

CVE-2025-0822 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...

CVE-2025-0821

Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-13791

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...

CVE-2024-13791

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...

CVE-2025-0821 Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter

Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-13791 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...

CVE-2024-13791

CVE-2024-13791 (Bit Assist for WordPress) is a path traversal vulnerability that affects Bit Assist up to version 1.5.2. An authenticated attacker with Administrator-level access can use downloadResponseFile() to read arbitrary server files containing sensitive information. Connected sources indi...

WordPress plugin Bit Assist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Bit Assist Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51371 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e6a54b9372e2 Credits emad Required privilege Administrator Publish...

WordPress Bit Assist Plugin < 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Bit Assist Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6fe902b57878 Credits Unknown Required privilege Administrator...

CVE-2023-3667 Bit Assist < 1.1.9 - Admin+ Stored Cross-Site Scripting

The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Bit Assist Plugin < 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Bit Assist Type Plugin Vulnerable versions 1.1.9 Fixed in 1.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3667 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1c9556717c81 Credits Dipak Panchal th3.d1pak Require...