Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-9933 PoC — WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check

Source
https://github.com/Nxploited/CVE-2024-9933
Associated Vulnerability
Title:WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check (CVE-2024-9933)
Description:The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.
Readme
# CVE-2024-9933
# Usage
Usage: python CVE-2024-9933 .py [option] [URL]

Options:
  check   : Verify if the target URL is vulnerable.
  exploit : Attempt to exploit the vulnerability on the provided URL.
  

Examples:
  python CVE-2024-9933 .py check http://example.com
  python CVE-2024-9933 .py exploit http://example.com
File Snapshot

 [4.0K]  /data/pocs/d1601a2cb4b95cb34de85af6956dc446275e5f2e
├── [2.6K]  CVE-2024-9933 .py
└── [ 324]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →