Lucene search

PatchstackCVELIST:CVE-2022-44584

HistoryNov 18, 2022 - 10:01 p.m.

CVE-2022-44584 WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Deletion vulnerability

2022-11-1822:01:01

Patchstack

www.cve.org

cve-2022-44584

wordpress

watchtowerhq

unauthenticated

arbitrary file deletion

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.

CNA Affected

[
  {
    "vendor": "WhatArmy",
    "product": "WatchTowerHQ (WordPress plugin)",
    "versions": [
      {
        "version": "<= 3.6.15",
        "status": "affected",
        "lessThanOrEqual": "3.6.15",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-15-unauth-arbitrary-file-deletion-vulnerability?_s_id=cve

wordpress.org/plugins/watchtowerhq/#developers

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

Related for CVELIST:CVE-2022-44584