CVE-2025-0822

Published Feb 15, 2025

Last updated 8 days ago

CVSS medium 6.5

Overview

Description: Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Source: security@wordfence.com
NVD status: Received

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

security@wordfence.com: CWE-23

Hype score: Not currently trending

CVE-2025-0822 Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authent… https://t.co/BVVZPLgwqS
@CVEnew
15 Feb 2025
695 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References