Vulnerability Description
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitapps | Bit Assist | < 1.5.3 |
Related Weaknesses (CWE)
References
- https://github.com/WordPressBugBounty/plugins-bit-assist/blob/main/bit-assist/baProduct
- https://plugins.trac.wordpress.org/changeset/3239816/#file3Patch
- https://wordpress.org/plugins/bit-assist/#developersProductRelease Notes
- https://www.wordfence.com/threat-intel/vulnerabilities/id/17fd14e7-503a-49e4-934Third Party Advisory
FAQ
What is CVE-2024-13791?
CVE-2024-13791 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers,...
How severe is CVE-2024-13791?
CVE-2024-13791 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-13791?
Check the references section above for vendor advisories and patch information. Affected products include: Bitapps Bit Assist.