CVE-2024-9933 · CVEKit

cve.orgen

376 chars

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.

NVDen

376 chars

The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.

NVDes

425 chars

El complemento WatchTowerHQ para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 3.9.6 incluida. Esto se debe a que el valor predeterminado 'watchtower_ota_token' está vacío y la función 'Password_Less_Access::login' no muestra la casilla de verificación que indica que no está vacío. Esto permite que atacantes no autenticados inicien sesión con el usuario administrador del cliente WatchTowerHQ.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H