CVE-2025-30834: 
WordPress vulnerability analysis and mitigation

A Path Traversal vulnerability was discovered in Bit Apps Bit Assist WordPress plugin affecting versions through 1.5.4. The vulnerability was reported on February 17, 2025, by security researcher Falgun Patel and publicly disclosed on March 28, 2025. This security flaw allows unauthenticated attackers to perform actions on files outside of the originally intended directory (Patchstack, WPScan).

The vulnerability is classified as CWE-35 (Path Traversal: '.../...//') and has received a CVSS v3.1 Base Score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability can be exploited remotely without requiring privileges or user interaction (Patchstack).

The vulnerability allows unauthenticated attackers to access and manipulate files outside of the intended directory structure, potentially leading to unauthorized access to sensitive files on the affected WordPress installations (WPScan).

The vulnerability has been fixed in version 1.5.5 of the Bit Assist plugin. Website administrators are strongly advised to update to this version immediately. Patchstack has also issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).