VYPR

Watchtowerhq

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-9933CriOct 26, 2024
    risk 0.60cvss 9.8epss 0.02

    The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes…

  • CVE-2023-25701May 17, 2024
    risk 0.00cvss epss 0.01

    Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.

  • CVE-2022-44583Nov 18, 2022
    risk 0.00cvss epss 0.01

    Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.

  • CVE-2022-44584Nov 18, 2022
    risk 0.00cvss epss 0.01

    Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.