CVE-2025-0822

Name of the Vulnerable Software and Affected Versions Bit Assist plugin for WordPress versions up to, and including, 1.5.2

Description The issue allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server, which can contain sensitive information, via the fileID Parameter. This is a Path Traversal issue.

Recommendations For versions up to, and including, 1.5.2, consider restricting access to the fileID Parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the fileID Parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.