EUVD-2025-203011

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

CVE-2025-13972

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

CVE-2025-13972 WatchTowerHQ <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

WordPress plugin WatchTowerHQ 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path...

PT-2025-50839

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht download big object origin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handle big object download request function. This makes it possible for...

EUVD-2022-47522

Malicious code in bioql PyPI...

Exploit for CVE-2024-9933

CVE-2024-9933 WatchTowerHQ = 3.10.1 - Authentication Bypas...

WordPress plugin WatchTowerHQ 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WatchTowerHQ Plugin <= 3.10.1 is vulnerable to Broken Authentication

Software WatchTowerHQ Type Plugin Vulnerable versions = 3.10.1 Fixed in 3.10.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9933 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b771d8428a0 Credits István...

WordPress plugin WatchTowerHQ 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2022-44584

Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin = 3.6.15 on WordPress...

CVE-2022-44583

Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin = 3.6.15 on WordPress...

CVE-2022-44584

Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin = 3.6.15 on WordPress...

CVE-2022-44583

Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin = 3.6.15 on WordPress...

Arbitrary file deletion

Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin = 3.6.15 on WordPress...

CVE-2022-44583 WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Download vulnerability

Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin = 3.6.15 on WordPress...

CVE-2022-44584

CVE-2022-44584 affects WordPress WatchTowerHQ plugin up to version 3.6.15. The vulnerability stems from improper access control in the plugin’s REST API endpoints, allowing unauthenticated attackers to delete arbitrary files. Impact is described as unauthenticated arbitrary file deletion with hig...

WordPress plugin WatchTowerHQ 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-27256 · Unknown · Watchtowerhq

Name of the Vulnerable Software and Affected Versions: WatchTowerHQ plugin versions prior to 3.6.16 Description: The issue is related to an Unauth. Arbitrary File Download vulnerability. This means that unauthorized users may be able to download arbitrary files, potentially leading to sensitive...

PT-2022-27257 · Unknown · Watchtowerhq

Name of the Vulnerable Software and Affected Versions: WatchTowerHQ plugin versions 3.6.15 and earlier Description: The issue concerns an Unauth. Arbitrary File Deletion vulnerability. This vulnerability allows for unauthorized deletion of files. Recommendations: For WatchTowerHQ plugin versions...