CVE-2023-25701

Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16...

CVE-2025-13972

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

EUVD-2025-203011

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

CVE-2025-13972

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

CVE-2025-13972 WatchTowerHQ <= 3.16.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

CVE-2025-13972

WatchTowerHQ (WordPress) CVE-2025-13972: Arbitrary file read via wht_download_big_object_origin in all versions up to 3.15.0 due to insufficient path validation in handle_big_object_download_request. Exploitation requires authenticated Admin access with a valid access token, enabling reading sens...

CVE-2025-13972 WatchTowerHQ <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

WordPress plugin WatchTowerHQ 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path...

PT-2025-50839

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht download big object origin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handle big object download request function. This makes it possible for...

WordPress WatchTowerHQ plugin <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter vulnerability

Authenticated Administrator+ Arbitrary File Read via 'whtdownloadbigobjectorigin' Parameter vulnerability discovered by ChamlaVic in WordPress Plugin WatchTowerHQ versions = 3.15.0...

EUVD-2022-47521

Malicious code in bioql PyPI...

EUVD-2022-47522

Malicious code in bioql PyPI...

EUVD-2023-29611

Malicious code in bioql PyPI...

Exploit for CVE-2024-9933

CVE-2024-9933 WatchTowerHQ = 3.10.1 - Authentication Bypas...

CVE-2024-9933

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtowerotatoken' default value is empty, and the not empty check is missing in the 'PasswordLessAccess::login' function. This makes it possible for...

CVE-2024-9933

CVE-2024-9933 (WatchTowerHQ WordPress plugin) The vulnerability is an authentication bypass in WatchTowerHQ versions up to 3.9.6 (and patched in 3.10.1+). The flaw stems from an empty default value for watchtower_ota_token and a missing not-empty check in Password_Less_Access::login, enabling una...

CVE-2024-9933 WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtowerotatoken' default value is empty, and the not empty check is missing in the 'PasswordLessAccess::login' function. This makes it possible for...

CVE-2024-9933 WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtowerotatoken' default value is empty, and the not empty check is missing in the 'PasswordLessAccess::login' function. This makes it possible for...

PT-2024-39948 · WordPress · Watchtowerhq

Name of the Vulnerable Software and Affected Versions: WatchTowerHQ plugin for WordPress versions up to, and including, 3.9.6 Description: The issue is related to authentication bypass. This is due to the watchtower ota token default value being empty and the missing not empty check in the Passwo...

WordPress plugin WatchTowerHQ 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...