CVE-2024-13791

MEDIUM

Bit Assist < 1.5.2 - Authenticated Path Traversal via downloadResponseFile()

Title source: llm

Description

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

References (4)

Core 4

Core References

Product

https://github.com/WordPressBugBounty/plugins-bit-assist/blob/main/bit-assist/backend/app/HTTP/Controllers/DownloadController.php

View Writeup ZIP pw:eip

Patch

https://plugins.trac.wordpress.org/changeset/3239816/#file3

Product, Release Notes

https://wordpress.org/plugins/bit-assist/#developers

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/17fd14e7-503a-49e4-9344-5f8d51801eb3?source=cve

Scores

CVSS v3 4.9

EPSS 0.0061

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22 CWE-23

Status published

Products (2)

bitapps/bit_assist < 1.5.3

bitpressadmin/Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist < 1.5.2

Published Feb 14, 2025

Tracked Since Feb 18, 2026