VYPR

Watchtower

by Watchtower

CVEs (3)

  • CVE-2024-9933CriOct 26, 2024
    risk 0.60cvss 9.8epss 0.02

    The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes…

  • CVE-2025-13972MedDec 12, 2025
    risk 0.32cvss 4.9epss 0.00

    The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht_download_big_object_origin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient path validation in the handle_big_object_download_request function. This makes…

  • CVE-2007-1134Mar 2, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."