Vulnerabilities and security researches forwatchtowerhq watchtowerhq

Jun 07, 2024

CVE, Research URL: CVE-2023-25701
Home page URL: Security reports for WatchTowerHQ
Application: WatchTowerHQ
Date: May 17, 2024
Research Description: Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-44584
Home page URL: Security reports for WatchTowerHQ
Application: WatchTowerHQ
Date: Nov 19, 2022
Research Description: Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-44583
Home page URL: Security reports for WatchTowerHQ
Application: WatchTowerHQ
Date: Nov 19, 2022
Research Description: Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
Affected versions: Min -, max -.
Status: vulnerable

Oct 27, 2024

CVE, Research URL: CVE-2024-9933
Home page URL: Security reports for WatchTowerHQ
Application: WatchTowerHQ
Date: Oct 26, 2024
Research Description: The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.
Affected versions: Min -, max -.
Status: vulnerable