CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-9933 – WatchTowerHQ <= 3.9.6 - Authentication Bypass to Administrator due to Missing Empty Value Check
https://notcve.org/view.php?id=CVE-2024-9933
25 Oct 2024 — The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user. The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to th... • https://github.com/RandomRobbieBF/CVE-2024-9933 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25701 – WordPress WatchTowerHQ plugin <= 3.6.16 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-25701
14 Feb 2023 — Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. Una vulnerabilidad de gestión de privilegios incorrecta en WhatArmy WatchTowerHQ permite la escalada de privilegios. Este problema afecta a WatchTowerHQ: desde n/a hasta 3.6.16. The WatchTowerHQ plugin for WordPress is vulnerable to a type juggling issue in versions up to, and including, 3.6.16. This is due to an incorrect comparison in the check_ota func... • https://patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-16-privilege-escalation?_s_id=cve • CWE-269: Improper Privilege Management CWE-697: Incorrect Comparison •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44583 – WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2022-44583
01 Nov 2022 — Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. Vulnerabilidad de descarga de archivos arbitrarios no autenticada en el complemento WatchTowerHQ en WordPress en versiones <= 3.6.15. The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 3.6.15 due to missing capability checks on several REST API endpoints. This makes it possible for unauthenticated attackers to download arbitrary files on the affected ... • https://patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-15-unauth-arbitrary-file-download-vulnerability?_s_id=cve • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44584 – WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2022-44584
01 Nov 2022 — Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. Vulnerabilidad de eliminación arbitraria de archivos no autenticada en el complemento WatchTowerHQ en WordPress en versiones <= 3.6.15. The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including, 3.6.15 due to missing capability checks on several REST API endpoints. This makes it possible for unauthenticated attackers to delete arbitrary files on the affected s... • https://patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-15-unauth-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-73: External Control of File Name or Path •