The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
2023-08-21T17:15:49.617
2025-05-05T16:15:46.607
Modified
CVSSv3.1: 4.8 (MEDIUM)
-
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | bitapps | bit_assist | < 1.1.9 | Yes |