CVE-2025-0821: 
WordPress vulnerability analysis and mitigation

The Bit Assist plugin for WordPress contains a time-based SQL Injection vulnerability (CVE-2025-0821) discovered on February 14, 2025. This vulnerability affects all versions up to and including 1.5.2, where the 'id' parameter is susceptible to SQL injection attacks due to insufficient escaping of user-supplied input and inadequate SQL query preparation (NVD).

The vulnerability is classified as a CWE-89 (SQL Injection) type issue with a CVSS v3.1 base score of 6.5 (Medium). The attack vector is network-accessible (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The scope is unchanged (S:U) with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD, Wordfence).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to append additional SQL queries to existing queries, potentially enabling the extraction of sensitive information from the database (NVD).

Users should upgrade to version 1.5.3 or later of the Bit Assist plugin to address this vulnerability. The fix has been implemented in the latest version available through the WordPress plugin repository (WordPress Plugin).