The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the \'watchtower_ota_token\' default value is empty, and the not empty check is missing in the \'Password_Less_Access::login\' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.
Metrics
CVSS Version: 3.1 |
Base Score: 9.8 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H