CVE-2024-13791

Published Feb 14, 2025

Last updated 3 days ago

CVSS medium 4.9

Overview

Description: Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Source: security@wordfence.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.9
Impact score: 3.6
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

security@wordfence.com: CWE-23
nvd@nist.gov: CWE-22

Hype score: Not currently trending

CVE-2024-13791 Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it pos… https://t.co/XpEEdISEzW
@CVEnew
14 Feb 2025
298 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bitapps:bit_assist:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8653E9F3-AEDD-4AAC-BC5F-058BB77C62F5",
            "versionEndExcluding": "1.5.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References