Path Traversal Vulnerability in Bit Assist Plugin for WordPress
CVE-2025-0822

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Chat Widget: Customer Support Button With Sms Call Button, Click To Chat Messenger, Live Chat Support Chat Button – Bit Assist
Vendor: CVE Published:; 15 February 2025

Summary

The Bit Assist plugin for WordPress, up to version 1.5.2, is susceptible to a Path Traversal vulnerability through the fileID parameter. This security issue allows authenticated attackers with Subscriber-level access or higher to access and read arbitrary files on the server. Such unauthorized access can lead to the exposure of sensitive information stored on the server, posing significant risks to the confidentiality of the web application.

Affected Version(s)

Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger, Live Chat Support Chat Button – Bit Assist * <= 1.5.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/bit-assist/tag...

https://wordpress.org/plugins/bit-assist/#developers

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2025
Vulnerability Reserved
Jan 29, 2025

Credit

Arkadiusz Hydzik