Vulnerability Description
The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht_download_big_object_origin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient path validation in the handle_big_object_download_request function. This makes it possible for authenticated attackers, with administrator-level access and a valid access token, to read arbitrary files on the server, which can contain sensitive information such as database credentials and authentication keys.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/watchtowerhq/tags/3.15.0/src/Download
- https://plugins.trac.wordpress.org/browser/watchtowerhq/trunk/src/Download.php#L
- https://www.wordfence.com/threat-intel/vulnerabilities/id/13fcbff8-8560-48ca-82d
FAQ
What is CVE-2025-13972?
CVE-2025-13972 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht_download_big_object_origin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient ...
How severe is CVE-2025-13972?
CVE-2025-13972 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13972?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.