Vulnerabilities and security researches forassistant assistant

Jun 07, 2024

CVE, Research URL: 276a67044e9badbdac5a71b473bf0870347b6461
Home page URL: Security reports for Assistant – Every Day Productivity Apps
Application: Assistant – Every Day Productivity Apps
Date: Jul 27, 2023
Research Description: Assistant – Every Day Productivity Apps [assistant] < 1.4.4 Assistant <= 1.4.3 - Authenticated (Editor+) Server Side Request Forgery The Assistant plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.4.3 via the /posts/(?P<id>\d+)/library/(?P<library_id>\d+) REST API endpoint. This can allow authenticated attackers, with editor-level capabilities and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-33538
Home page URL: Security reports for Assistant – Every Day Productivity Apps
Application: Assistant – Every Day Productivity Apps
Date: Apr 29, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-5798
Home page URL: Security reports for Assistant – Every Day Productivity Apps
Application: Assistant – Every Day Productivity Apps
Date: Oct 26, 2023
Research Description: The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks
Affected versions: Min -, max -.
Status: vulnerable

Mar 01, 2025

CVE, Research URL: CVE-2025-26885
Home page URL: Security reports for Assistant – Every Day Productivity Apps
Application: Assistant – Every Day Productivity Apps
Date: Mar 03, 2025
Research Description: Deserialization of Untrusted Data vulnerability in Brent Jett Assistant allows Object Injection. This issue affects Assistant: from n/a through 1.5.1.
Affected versions: Min -, max -.
Status: vulnerable

Sep 07, 2025

CVE, Research URL: CVE-2025-53307
Home page URL: Security reports for Assistant – Every Day Productivity Apps
Application: Assistant – Every Day Productivity Apps
Date: Sep 05, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brent Jett Assistant allows Reflected XSS. This issue affects Assistant: from n/a through 1.5.2.
Affected versions: Min -, max -.
Status: vulnerable