Description
Path Traversal: '.../...//' vulnerability in Bit Apps Bit Assist bit-assist allows Path Traversal.This issue affects Bit Assist: from n/a through <= 1.5.4.
Published: 2025-04-01
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A path traversal flaw allows an attacker to craft requests that include patterns such as ".../...//" which the Bit Assist plugin does not properly sanitize. This leads to the ability to read or potentially download arbitrary files located on the underlying file system, compromising the confidentiality of sensitive data and possibly exposing system configuration files. The vulnerability is classified as CWE‑35, indicating unchecked input paths can resolve to unintended files.

Affected Systems

WordPress sites that have installed Bit Apps Bit Assist plugin version 1.5.4 or earlier are affected. The flaw exists in all releases from the first public version up until and including 1.5.4, regardless of other plugins or themes present on the site.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, but the EPSS score of less than 1% shows a low likelihood of exploitation in the wild according to current data. The vulnerability is not listed in the CISA KEV catalog. Attackers can likely exploit the flaw via a crafted HTTP request to the plugin’s endpoints without authentication, as no authentication requirement is stated in the description. Once exploited, the impact is read or delivery of arbitrary file contents, which could be used to further compromise the system.

Generated by OpenCVE AI on May 1, 2026 at 02:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Bit Assist plugin to the latest available version (1.5.5 or later).
  • If an update is not immediately possible, configure the web server or file permissions to restrict the web application’s readable file scope, preventing access to critical directories such as /etc, /var, or the site’s root.
  • Monitor web logs for anomalous requests containing double slashes or path traversal patterns and block offending IP addresses.

Generated by OpenCVE AI on May 1, 2026 at 02:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9087 Path Traversal vulnerability in Bit Apps Bit Assist allows Path Traversal. This issue affects Bit Assist: from n/a through 1.5.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in Bit Apps Bit Assist allows Path Traversal. This issue affects Bit Assist: from n/a through 1.5.4. Path Traversal: '.../...//' vulnerability in Bit Apps Bit Assist bit-assist allows Path Traversal.This issue affects Bit Assist: from n/a through <= 1.5.4.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Tue, 01 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 05:45:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in Bit Apps Bit Assist allows Path Traversal. This issue affects Bit Assist: from n/a through 1.5.4.
Title WordPress Bit Assist plugin <= 1.5.4 - Path Traversal vulnerability
Weaknesses CWE-35
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:58.633Z

Reserved: 2025-03-26T09:20:47.108Z

Link: CVE-2025-30834

cve-icon Vulnrichment

Updated: 2025-04-01T16:07:02.273Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T06:15:52.383

Modified: 2026-04-23T15:27:09.690

Link: CVE-2025-30834

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T02:45:06Z

Weaknesses
  • CWE-35

    Path Traversal: '.../...//'