Search criteria
4 vulnerabilities found for WatchTowerHQ by watchtowerhq
CVE-2025-13972 (GCVE-0-2025-13972)
Vulnerability from nvd – Published: 2025-12-12 03:20 – Updated: 2025-12-15 18:17
VLAI?
Title
WatchTowerHQ <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter
Summary
The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht_download_big_object_origin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handle_big_object_download_request function. This makes it possible for authenticated attackers, with administrator-level access and a valid access token, to read arbitrary files on the server, which can contain sensitive information such as database credentials and authentication keys.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| watchtowerhq | WatchTowerHQ |
Affected:
* , ≤ 3.15.0
(semver)
|
Credits
Camilla Flocco
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T18:08:23.670986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:17:03.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WatchTowerHQ",
"vendor": "watchtowerhq",
"versions": [
{
"lessThanOrEqual": "3.15.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Camilla Flocco"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the \u0027wht_download_big_object_origin\u0027 parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handle_big_object_download_request function. This makes it possible for authenticated attackers, with administrator-level access and a valid access token, to read arbitrary files on the server, which can contain sensitive information such as database credentials and authentication keys."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T03:20:40.150Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13fcbff8-8560-48ca-82df-8b620961d9c6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/watchtowerhq/tags/3.15.0/src/Download.php#L104"
},
{
"url": "https://plugins.trac.wordpress.org/browser/watchtowerhq/trunk/src/Download.php#L104"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-11T14:28:08.000+00:00",
"value": "Disclosed"
}
],
"title": "WatchTowerHQ \u003c= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via \u0027wht_download_big_object_origin\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13972",
"datePublished": "2025-12-12T03:20:40.150Z",
"dateReserved": "2025-12-03T15:58:53.268Z",
"dateUpdated": "2025-12-15T18:17:03.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9933 (GCVE-0-2024-9933)
Vulnerability from nvd – Published: 2024-10-26 01:58 – Updated: 2024-10-28 19:39
VLAI?
Title
WatchTowerHQ <= 3.9.6 - Authentication Bypass to Administrator due to Missing Empty Value Check
Summary
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.
Severity ?
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| watchtowerhq | WatchTowerHQ |
Affected:
* , ≤ 3.9.6
(semver)
|
Credits
István Márton
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:watchtowerhq:watchtower:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "watchtower",
"vendor": "watchtowerhq",
"versions": [
{
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:33:35.407554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T19:39:04.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WatchTowerHQ",
"vendor": "watchtowerhq",
"versions": [
{
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the \u0027watchtower_ota_token\u0027 default value is empty, and the not empty check is missing in the \u0027Password_Less_Access::login\u0027 function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-26T01:58:35.013Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50349086-e7b0-4f73-8722-1367cc05180e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/watchtowerhq/tags/3.9.6/src/Password_Less_Access.php#L56"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-10-12T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-10-25T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WatchTowerHQ \u003c= 3.9.6 - Authentication Bypass to Administrator due to Missing Empty Value Check"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9933",
"datePublished": "2024-10-26T01:58:35.013Z",
"dateReserved": "2024-10-14T11:53:51.301Z",
"dateUpdated": "2024-10-28T19:39:04.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13972 (GCVE-0-2025-13972)
Vulnerability from cvelistv5 – Published: 2025-12-12 03:20 – Updated: 2025-12-15 18:17
VLAI?
Title
WatchTowerHQ <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter
Summary
The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht_download_big_object_origin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handle_big_object_download_request function. This makes it possible for authenticated attackers, with administrator-level access and a valid access token, to read arbitrary files on the server, which can contain sensitive information such as database credentials and authentication keys.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| watchtowerhq | WatchTowerHQ |
Affected:
* , ≤ 3.15.0
(semver)
|
Credits
Camilla Flocco
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T18:08:23.670986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:17:03.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WatchTowerHQ",
"vendor": "watchtowerhq",
"versions": [
{
"lessThanOrEqual": "3.15.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Camilla Flocco"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the \u0027wht_download_big_object_origin\u0027 parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handle_big_object_download_request function. This makes it possible for authenticated attackers, with administrator-level access and a valid access token, to read arbitrary files on the server, which can contain sensitive information such as database credentials and authentication keys."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T03:20:40.150Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13fcbff8-8560-48ca-82df-8b620961d9c6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/watchtowerhq/tags/3.15.0/src/Download.php#L104"
},
{
"url": "https://plugins.trac.wordpress.org/browser/watchtowerhq/trunk/src/Download.php#L104"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-11T14:28:08.000+00:00",
"value": "Disclosed"
}
],
"title": "WatchTowerHQ \u003c= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via \u0027wht_download_big_object_origin\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13972",
"datePublished": "2025-12-12T03:20:40.150Z",
"dateReserved": "2025-12-03T15:58:53.268Z",
"dateUpdated": "2025-12-15T18:17:03.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9933 (GCVE-0-2024-9933)
Vulnerability from cvelistv5 – Published: 2024-10-26 01:58 – Updated: 2024-10-28 19:39
VLAI?
Title
WatchTowerHQ <= 3.9.6 - Authentication Bypass to Administrator due to Missing Empty Value Check
Summary
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.
Severity ?
9.8 (Critical)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| watchtowerhq | WatchTowerHQ |
Affected:
* , ≤ 3.9.6
(semver)
|
Credits
István Márton
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:watchtowerhq:watchtower:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "watchtower",
"vendor": "watchtowerhq",
"versions": [
{
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:33:35.407554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T19:39:04.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WatchTowerHQ",
"vendor": "watchtowerhq",
"versions": [
{
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the \u0027watchtower_ota_token\u0027 default value is empty, and the not empty check is missing in the \u0027Password_Less_Access::login\u0027 function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-26T01:58:35.013Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50349086-e7b0-4f73-8722-1367cc05180e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/watchtowerhq/tags/3.9.6/src/Password_Less_Access.php#L56"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-10-12T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-10-25T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WatchTowerHQ \u003c= 3.9.6 - Authentication Bypass to Administrator due to Missing Empty Value Check"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9933",
"datePublished": "2024-10-26T01:58:35.013Z",
"dateReserved": "2024-10-14T11:53:51.301Z",
"dateUpdated": "2024-10-28T19:39:04.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}