CVE-2025-0821

CVE-2025-0821 Bit Assist for WordPress: The Bit Assist plugin is vulnerable to a time-based SQL Injection via the id parameter in all versions up to 1.5.2. An authenticated attacker with Subscriber+ privileges can inject additional SQL into existing queries to exfiltrate data. The CVE entry notes...

CVE-2025-0822

CVE-2025-0822 : The Bit Assist WordPress plugin is vulnerable to a path traversal issue via the fileID parameter, allowing authenticated users with Subscriber+ privileges to read arbitrary server files. Affected: Bit Assist plugin versions up to and including 1.5.2. Impact: potential exposure of ...

CVE-2024-13791

CVE-2024-13791 (Bit Assist for WordPress) is a path traversal vulnerability that affects Bit Assist up to version 1.5.2. An authenticated attacker with Administrator-level access can use downloadResponseFile() to read arbitrary server files containing sensitive information. Connected sources indi...

CVE-2023-3667

CVE-2023-3667 describes a stored cross-site scripting (XSS) vulnerability in the Bit Assist WordPress plugin prior to version 1.1.9. The issue arises because the plugin does not sanitize and escape several settings, enabling high-privilege users (e.g., admins) to inject scripts even when unfilter...

CVE-2023-51371

The CVE-2023-51371 entry concerns the WordPress Bit Assist Plugin (