CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44583 – WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2022-44583
01 Nov 2022 — Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. Vulnerabilidad de descarga de archivos arbitrarios no autenticada en el complemento WatchTowerHQ en WordPress en versiones <= 3.6.15. The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 3.6.15 due to missing capability checks on several REST API endpoints. This makes it possible for unauthenticated attackers to download arbitrary files on the affected ... • https://patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-15-unauth-arbitrary-file-download-vulnerability?_s_id=cve • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44584 – WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2022-44584
01 Nov 2022 — Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. Vulnerabilidad de eliminación arbitraria de archivos no autenticada en el complemento WatchTowerHQ en WordPress en versiones <= 3.6.15. The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including, 3.6.15 due to missing capability checks on several REST API endpoints. This makes it possible for unauthenticated attackers to delete arbitrary files on the affected s... • https://patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-15-unauth-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-1134
https://notcve.org/view.php?id=CVE-2007-1134
27 Feb 2007 — Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts." Vulnerabilidad sin especificar en el Watchtower (WT) anterior al 0.12 tiene un impacto desconocido y vectores de ataque, relacionados con "cuentas sin autorización". • http://osvdb.org/41106 •