Headline
CVE-2022-44584: WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Deletion vulnerability - Patchstack
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
Verified
Fixed
9.1
CVSS 3.1 score Critical severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 3.6.15
PSID
068462f3f616
Classification
Arbitrary File Deletion
OWASP Top 10
A6: Security Misconfiguration
Required privilege
Can be exploited remotely without any authentication.
Publicly disclosed
2022-11-01
Details
Unauth. Arbitrary File Deletion vulnerability discovered by Dave Jong (Patchstack) in the WordPress WatchTowerHQ plugin (versions <= 3.6.15).
Solution
Update the WordPress WatchTowerHQ plugin to the latest available version (at least 3.6.16).
References