Watchtowerhq
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-9933 | Cri | 0.60 | 9.8 | 0.02 | Oct 26, 2024 | The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes… | ||
| CVE-2023-25701 | 0.00 | — | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. | |||
| CVE-2022-44583 | 0.00 | — | 0.01 | Nov 18, 2022 | Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. | |||
| CVE-2022-44584 | 0.00 | — | 0.01 | Nov 18, 2022 | Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. |
- risk 0.60cvss 9.8epss 0.02
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes…
- CVE-2023-25701May 17, 2024risk 0.00cvss —epss 0.01
Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.
- CVE-2022-44583Nov 18, 2022risk 0.00cvss —epss 0.01
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
- CVE-2022-44584Nov 18, 2022risk 0.00cvss —epss 0.01
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.