4 matches found
CVE-2025-0822
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...
CVE-2025-0822
creationtimestamp| type| source ---|---|--- 2025-02-15 12:51:42+00:00| seen| https://infosec.exchange/users/cve/statuses/114007991998567307 2025-02-15 13:15:39+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li7sf7m6nn2o 2025-02-15 15:10:48+00:00| seen|...
CVE-2025-0822 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...
CVE-2025-0822 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...