CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-9933 – WatchTowerHQ <= 3.9.6 - Authentication Bypass to Administrator due to Missing Empty Value Check
https://notcve.org/view.php?id=CVE-2024-9933
25 Oct 2024 — The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user. The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to th... • https://github.com/RandomRobbieBF/CVE-2024-9933 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25701 – WordPress WatchTowerHQ plugin <= 3.6.16 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-25701
14 Feb 2023 — Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. Una vulnerabilidad de gestión de privilegios incorrecta en WhatArmy WatchTowerHQ permite la escalada de privilegios. Este problema afecta a WatchTowerHQ: desde n/a hasta 3.6.16. The WatchTowerHQ plugin for WordPress is vulnerable to a type juggling issue in versions up to, and including, 3.6.16. This is due to an incorrect comparison in the check_ota func... • https://patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-16-privilege-escalation?_s_id=cve • CWE-269: Improper Privilege Management CWE-697: Incorrect Comparison •