Description
WordPress Plugin WatchTowerHQ is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently download/delete arbitrary files. WordPress Plugin WatchTowerHQ version 3.6.15 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.6.16 or latest
References
Related Vulnerabilities
WordPress Plugin Essential Widgets Security Bypass (1.8)
CubeCart Improper Input Validation Vulnerability (CVE-2013-1465)
WordPress Plugin Daily Maui Photo Widget Multiple Cross-Site Scripting Vulnerabilities (0.2)
WordPress Plugin copy-me Cross-Site Request Forgery (1.0.0)
WordPress Plugin Store Locator Plus for WordPress Privilege Escalation (5.5.14)