14 matches found
EUVD-2023-44311
Malicious code in bioql PyPI...
EUVD-2025-1884
Malicious code in bioql PyPI...
EUVD-2025-1885
Malicious code in bioql PyPI...
CVE-2023-3667
The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-0822
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...
CVE-2024-13791
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...
CVE-2025-0822 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...
CVE-2025-0821
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-13791
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...
CVE-2025-0821 Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-13791
CVE-2024-13791 (Bit Assist for WordPress) is a path traversal vulnerability that affects Bit Assist up to version 1.5.2. An authenticated attacker with Administrator-level access can use downloadResponseFile() to read arbitrary server files containing sensitive information. Connected sources indi...
CVE-2024-13791 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...
WordPress plugin Bit Assist 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2023-3667 Bit Assist < 1.1.9 - Admin+ Stored Cross-Site Scripting
The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...