Koffee

**Name of the Vulnerable Software and Affected Versions** Bit Assist plugin for WordPress versions up to, and including, 1.5.2 **Description** The issue allows authenticated attackers with Administrator-level access and above to read the contents of arbitrary files on the server, which can contain sensitive information, via the `downloadResponseFile()` function. This is a Path Traversal issue. **Recommendations** For Bit Assist plugin for WordPress versions up to, and including, 1.5.2, consider disabling the `downloadResponseFile()` function until a patch is available to prevent exploitation. Restrict access to sensitive files on the server to minimize the risk of information disclosure.