Watchtowerhq vulnerabilities
2 known vulnerabilities affecting watchtowerhq/watchtowerhq.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-9933P2CRITICALCVSS 9.8≤ 3.10.12024-10-26
CVE-2024-9933 [CRITICAL] CWE-288 CVE-2024-9933: The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ cl
nvd
CVE-2025-13972P4MEDIUMCVSS 4.9≤ 3.16.02025-12-12
CVE-2025-13972 [MEDIUM] CWE-22 CVE-2025-13972: The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht_download_big
The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht_download_big_object_origin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient path validation in the handle_big_object_download_request function. This makes it possible for authenticated attackers, with administrator-level access
nvd