The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.

**Disclosure**: _This is a global disclosure for product review articles on HighTechDad. It does not apply to Automobile reviews and there are other exceptions. Therefore, it may or may not be applicable to this particular article._ I may have a material connection because I may have received a sample of a product for consideration in preparing to review the product and write this or other content. I was/am not expected to return the item after my review period. All opinions within this and other articles are my own and are typically not subject to the editorial review from any 3rd party. Also, some of the links in the post above may be “affiliate” or “advertising” links. These may be automatically created or placed by me manually. This means if you click on the link and purchase the item (sometimes but not necessarily the product or service being reviewed), I will receive a small affiliate or advertising commission. More information can be found on my About page.

CVE-2022-1581: WARNING: WP-Polls WordPress Poll Plugin Can Be Exploited - HighTechDad™

SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected

@@ -0,0 +1,178 @@ <?php /\* Copyright (C) 2010 Laurent Destailleur <eldy@users.sourceforge.net> \* \* This program is free software; you can redistribute it and/or modify \* it under the terms of the GNU General Public License as published by \* the Free Software Foundation; either version 3 of the License, or \* (at your option) any later version. \* \* This program is distributed in the hope that it will be useful, \* but WITHOUT ANY WARRANTY; without even the implied warranty of \* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \* GNU General Public License for more details. \* \* You should have received a copy of the GNU General Public License \* along with this program. If not, see <https://www.gnu.org/licenses/>. \* or see https://www.gnu.org/ \*/  
/\*\* \* \\file test/phpunit/WebsiteTest.php \* \\ingroup test \* \\brief PHPUnit test \* \\remarks To run this script as CLI: phpunit filename.php \*/  
global $conf,$user,$langs,$db; //define('TEST\_DB\_FORCE\_TYPE','mysql'); // This is to force using mysql driver //require\_once 'PHPUnit/Autoload.php';  
if (! defined('NOREQUIRESOC')) { define('NOREQUIRESOC', '1'); } if (! defined('NOCSRFCHECK')) { define('NOCSRFCHECK', '1'); } if (! defined('NOTOKENRENEWAL')) { define('NOTOKENRENEWAL', '1'); } if (! defined('NOREQUIREMENU')) { define('NOREQUIREMENU', '1'); // If there is no menu to show } if (! defined('NOREQUIREHTML')) { define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php } if (! defined('NOREQUIREAJAX')) { define('NOREQUIREAJAX', '1'); } if (! defined("NOLOGIN")) { define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) } if (! defined("NOSESSION")) { define("NOSESSION", '1'); }  
require\_once dirname(\_\_FILE\_\_).'/../../htdocs/main.inc.php'; require\_once dirname(\_\_FILE\_\_).'/../../htdocs/core/lib/website.lib.php';  
  
if (empty($user\->id)) { print "Load permissions for admin user nb 1\\n"; $user\->fetch(1); $user\->getrights(); } $conf\->global\->MAIN\_DISABLE\_ALL\_MAILS\=1;  
  
/\*\* \* Class for PHPUnit tests \* \* @backupGlobals disabled \* @backupStaticAttributes enabled \* @remarks backupGlobals must be disabled to have db,conf,user and lang not erased. \*/ class WebsiteTest extends PHPUnit\\Framework\\TestCase { protected $savconf; protected $savuser; protected $savlangs; protected $savdb;  
/\*\* \* Constructor \* We save global variables into local variables \* \* @return SecurityTest \*/ public function \_\_construct() { parent::\_\_construct();  
//$this->sharedFixture global $conf,$user,$langs,$db; $this\->savconf\=$conf; $this\->savuser\=$user; $this\->savlangs\=$langs; $this\->savdb\=$db;  
print \_\_METHOD\_\_." db->type=".$db\->type." user->id=".$user\->id; //print " - db ".$db->db; print "\\n"; }  
/\*\* \* setUpBeforeClass \* \* @return void \*/ public static function setUpBeforeClass() { global $conf,$user,$langs,$db; $db\->begin(); // This is to have all actions inside a transaction even if test launched without suite.  
print \_\_METHOD\_\_."\\n"; }  
/\*\* \* tearDownAfterClass \* \* @return void \*/ public static function tearDownAfterClass() { global $conf,$user,$langs,$db; $db\->rollback();  
print \_\_METHOD\_\_."\\n"; }  
/\*\* \* Init phpunit tests \* \* @return void \*/ protected function setUp() { global $conf,$user,$langs,$db; $conf\=$this\->savconf; $user\=$this\->savuser; $langs\=$this\->savlangs; $db\=$this\->savdb;  
print \_\_METHOD\_\_."\\n"; }  
/\*\* \* End phpunit tests \* \* @return void \*/ protected function tearDown() { print \_\_METHOD\_\_."\\n"; }  
  
/\*\* \* testGetPagesFromSearchCriterias \* \* @return void \*/ public function testGetPagesFromSearchCriterias() { global $db;  
$s = "123') OR 1=1-- \\' xxx"; /\* var\_dump($s); var\_dump($db->escapeforlike($s)); var\_dump($db->escape($db->escapeforlike($s))); \*/  
$res = getPagesFromSearchCriterias('page,blogpost', 'meta,content', $s, 2, 'date\_creation', 'DESC', 'en'); //var\_dump($res); print \_\_METHOD\_\_." message=".$res\['code'\]."\\n"; // We must found no line (so code should be KO). If we found somethiing, it means there is a SQL injection of the 1=1 $this\->assertEquals($res\['code'\], 'KO'); } }

CVE-2022-4093: Fix sqli ->escape after ->escapeforlike · Dolibarr/dolibarr@7c1eac9

Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.

@@ -0,0 +1,30 @@

<?php

  

namespace App\\Http\\Middleware;

  

use Closure;

use Illuminate\\Http\\Request;

use Illuminate\\Support\\Facades\\Auth;

  

class VerifyUserEnabled

{

/\*\*

\* Handle an incoming request.

\*

\* @param \\Illuminate\\Http\\Request $request

\* @param \\Closure(\\Illuminate\\Http\\Request): (\\Illuminate\\Http\\Response|\\Illuminate\\Http\\RedirectResponse) $next

\* @return \\Illuminate\\Http\\Response|\\Illuminate\\Http\\RedirectResponse

\*/

public function handle(Request $request, Closure $next)

{

if (Auth::check() && ! Auth::user()->enabled) {

Auth::logout();

$request\->session()->invalidate();

$request\->session()->regenerateToken();

  

return redirect()->route('login')->withErrors(\['msg' => \_\_('auth.disabled')\]);

}

  

return $next($request);

}

}

CVE-2022-4070: Block disabled user session auth · librenms/librenms@ce8e5f3

Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.

CVE-2022-41155: iQ Block Country

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.

CVE-2022-43492: Comments – wpDiscuz

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Creative Mail was designed specifically for WordPress and WooCommerce.

Our intelligent (and super fun) email editor simplifies email marketing campaign creation and pulls your WordPress blog posts, website images and WooCommerce products right into your email content. Leads from your WordPress website, ecommerce store and contact forms are automatically captured and routed into our included Contacts CRM and synced with your email marketing lists.

It’s perfect for automatic blog post syndication, newsletters and announcements, event promotion, WooCommerce product specials, retargeting ecommerce shoppers, sending postcards, providing updates and more.

Create awesome email marketing campaigns right from your WordPress Admin Dashboard that are all powered by the award-winning & rock-solid reliability of Constant Contact.

**CREATIVE MAIL IS:**

1.  Incredibly easy WordPress email marketing
2.  Deeply connected to your website & WooCommerce store
3.  Accessed from within your WP Admin Dashboard
4.  Automatically syncing your contacts and building your marketing lists
5.  Powered by the reliability superior deliverability of Constant Contact
6.  Fun, which makes life way better

**VIEW OUR DETAILED FEATURES****WOOCOMMERCE & WORDPRESS INTEGRATION:**

Turn your WooCommerce store and your WordPress site into efficient marketing engines. All ecommerce contacts and form entries are all captured in our included CRM and synced automatically with Creative Mail.

*   **Enhanced Ecommerce:** WooCommerce store customers and ecommerce interactions are all captured automatically within your email marketing list. Retarget and re-engage your customers. Sell more stuff.
*   **Beautiful Transactional Emails:** Standard WooCommerce triggered emails can be replaced to match your branding and style. Build one, and then all your other WooCommerce emails managed by Creative will inherit the same branded look. Hey, style matters.
*   **Jetpack Forms Integration:** Collect, sync, and manage opt-in subscribers directly from Jetpack forms into Creative Mail.
*   **Build Better Branding:** Creative Mail includes our free LogoBuilder and image editing suite to enhance your brand.
*   **Amazing Stock Images:** You get free access to the completely integrated photo library (in addition to your own WordPress media library) to make amazing email marketing campaigns with award-winning images.
*   **Get Better Deliverability:** Other email marketing solutions require complex SMTP solutions, external gateways or have you sending from their less than stellar IPs. As a result, your emails can get bounced or never delivered. Creative Mail is an all-in-one solution that uses Constant Contact’s rock solid infrastructure, for superior deliverability. Boom! ‘nuff said.
*   **Live Support:** With our paid plans (Awesome & Ultimate) you get access to phone and chat support to help you get answers from real live, helpful humans. Imagine that!

**OPT-IN EMAIL FORMS:**

*   **Jetpack Newsletter Form:** Jetpack has a JMML (join my mailing list) Newsletter Signup form. When activated, contacts who sign up for your Newsletter through the Jetpack form are brought right into your Newsletter email marketing list. Easy-peasy.
*   **Other WordPress Website Forms:** Creative Mail detects the current website forms used on your site, and automatically adds contacts to your email marketing lists. Automagically awesome!
*   **Creative Mail Form:** If you are not using a form on your site, you can easily add your Creative Mail Gutenberg form to start collecting email addresses of your site visitors

**EMAIL AUTOMATIONS:**

*   **Scheduled Sends:** Schedule the time and date of outgoing email marketing campaigns based on your business or organization’s preferences.
*   **Single-Step Triggered Emails:** Replace your non-branded WooCommerce order notification triggered emails with on-brand Creative Mail emails for deeper customer engagement.
*   **Abandoned Cart:** With Creative Mail and a WooCommerce store you can send emails to customers who abandon their WooCommerce shopping cart. They’ll get an email that reminds them of the items they were considering before they left.
*   **Multi-Step Marketing Journeys:** Develop sophisticated CLM (that’s marketing speak for – customer lifecycle marketing) campaigns by leveraging our “if this, then that” campaign automation engine that responds to a customer’s actions, birthdays or purchases. Welcome your customers with email automation.

**ANALYTICS & INSIGHTS:**

*   **Realtime Email Marketing Statistics:** Bounces, opens, clicks, forwards, complaints, unsubscribes and more are easily tracked and managed. Be a control freak, it’s OK.
*   **Marketing Campaign Mapview:** With our mapview you can see who’s opening your emails on what devices on an awesome, interactive visual map.

**CONTACTS CRM:**

*   **Contact Lists:** Within the Creative Mail Contacts CRM you can quickly and easily manage all your Contacts, Subscribers and Unsubscribes.
*   **Contact Activity:** Drill into the purchases and behaviors of your contacts.
*   **List Sources:** You’ll know where your contacts come from whether it’s a manual entry, your Jetpack forms, WooCommerce Store, or another defined source.
*   **Custom Labels:** Further refine your marketing by adding custom labels to subscribers or customers (ex. Truck Buyers, Concert Attendee, Dog Owners, etc.).

**IMPORT & EXPORT:**

*   **Contacts Sync & Import:** No need anymore for complex integrations between your WordPress site and your email marketing provider. With Creative Mail it all simply works with WordPress out of the box. We do the heavy lifting to sync and import your Jetpack, WordPress, WooCommerce and most used Contact form plugins contacts automatically.
*   **Import & Export Via CSV:** Import bulk email marketing lists (limits may apply), add subscribers one by one, or export your contacts into a CSV file.

**CAMPAIGNS:**

*   **AI Emails:** Forget templates, let our A.I. build your email marketing campaigns for you. Pull in WordPress posts or WooCommerce products for sale, and you’re good to go. Let our robots do your bidding!
*   **Email Campaign Creation:** Build your email marketing campaigns in seconds from your WordPress admin dashboard.
*   **Awesome Deliverability:** All email marketing campaigns are sent and delivered by the award-winning power of Constant Contact technology. We got you.
*   **Automated Email Marketing:** Send multistep email campaigns automatically, with triggers you define, whether that’s based on time, a customer birthday or behavioral actions. Create a flow to welcome your customers and send a special discount and reminder on their birthday.

**EMAIL LIST MANAGEMENT:**

*   **Contact List Growth:** Creative Mail collects leads from Jetpack forms or the top WordPress lead capture forms and adds them directly to your email lists.
*   **Automate Emails:** With our “Welcome” email trigger you can send a Creative Mail welcome email series to new subscribers and blog readers.
*   **Auto List Updater:** Creative Mail automatically updates your contact lists for unsubscribes.

**ADD ONS**

*   **Social Campaigns:** Connect your social media accounts with your Creative Mail account to share your newsletters with your followers on social.
*   **Marketing Calendar:** With your socials connected we give you an overview of all the newsletters and posts that you’ve sent and scheduled. An easy overview to engage with your audience.
*   **Booking:** Set up Bookings for your business with the Bookings tool. Give clients and customers an easy, quick way to set up appointments with you.
*   **LogoBuilder:** Create an amazing logo for your business or social with LogoBuilder and add it to your email campaigns.

**TERMS OF SERVICE & PRIVACY NOTICE**

On behalf of our lawyers (seriously, they’re nice people), please feel free to review our:

Creative Mail by Constant Contact Terms of Service  
Creative Mail by Constant Contact Privacy Notice

This plugin provides 1 block.

*   Creative Mail Let your contact subscribe to a mailing list for creative mail.

*   Go to your admin dashboard
*   Click the “Plugins” menu on the left side navigation bar
*   Click on “Add New”
*   Search for “Creative”
*   Click “Install Now”
*   Click “Activate”
*   You will be redirected to Creative Mail where you can set up your account

**Requirements**

*   Your website or blog must be using WordPress.org version 4.6 or higher on your server.
*   The plugin can be installed on regular WordPress environments and also on WordPress.com sites.

**What does the Creative Mail plugin do?**

The Creative mail plugin allows you to create awesome email marketing campaigns right from your WordPress Admin Dashboard that are all powered by the award-winning & rock-solid reliability of Constant Contact.  
Our intelligent (and super fun) email editor simplifies email marketing campaign creation and pulls your WordPress blog posts, website images and WooCommerce products right into your email content. Leads from your WordPress website, ecommerce store and contact forms are automatically captured and routed into our included Contacts CRM and synced with your email marketing lists.  
It’s perfect for automatic blog post syndication, newsletters and announcements, event promotion, WooCommerce product specials, retargeting ecommerce shoppers, sending postcards, providing updates and more.

**Are coding skills needed to use Creative Mail?**

Creative Mail is built for non-developers, you don’t even need to fill in API keys. If you know how to install a plugin on your website, you are good to go! You will have your images, blog posts and products from your WordPress site available to make campaigns without having to lift a finger.

**What is available for free with CreativeMail?**

With Creative Mail you can send campaigns to your contacts for free. Promote your blog articles, WooCommerce products, events and much more with your followers. Advanced functionality like sending Welcome series Automations and WooCommerce order notifications are part of a paid plan.  
You can see the overview of all the features per plan on our plans page.

**What forms can I use in combination with Creative mail?**

You can add the Creative Mail Form to your site to gather contacts and add contacts automatically to a specific list.  
Creative Mail also integrated with one of the form builders below. For those you can easily activate Contact Synchronization:  
– Jetpack forms  
– Contact form 7  
– WPForms lite and WPForms  
– Newsletter  
– Gravity forms  
– Elementor  
– Ninja forms  
– Caldera Forms  
– Formidable

**Does Creative Mail support ecommerce stores?**

Creative mail is fully integrated with WooCommerce, which enables you to share your WooCommerce products via email campaigns. You can also replace your non-branded WooCommerce order notification triggered emails with on-brand Creative Mail emails for deeper customer engagement. Build one, and then all your other WooCommerce emails managed by Creative Mail will inherit the same branded look. Hey, style matters.

I built a new website on WordPress for a new business. I'm starting with free plugins until I get the ball rolling. Creative Mail by Constant Contact was already in my dashboard with a free subscription option. It is the only newsletter email option available if you use the included WPForms contact forms (also included in initial install). Unlike any other plugin I've used, Creative Mail functions outside your dashboard. It doesn't link to WPForms even after telling it that's what you're using. In addition to creating a Constant Contact account & adding WP Forms to your settings, you have to go back to your dashboard & click a button in WP Forms that then asks you to log in to Creative Mail to give it permission to connect with WP Forms. This permission doesn't exist on the Creative Mail account. I couldn't get past this, because I couldn't log in (even though I was already logged in having just signed up). When signing up, it wanted my name, address, email address, & then to create a password (no user name selection). I tried every variation of my name or email address with my password (I have a generator & only have to copy the password, so no typos). It couldn't find me. I clicked that I forgot my username & got an email saying my user name was... ce- & a string of 26 alpha-numeric characters. That also didn't work. Their support page offers number for 2 issues: account suspension & enabling debugging. I got a support number from the chat bot. When you call, they want your phone number associated with the account. That was never included, so it didn't find me but put me on hold for the "next available" agent. After 15 minutes, it hung up on me. I waited a while & tried again. This time, I waited on hold for over 40 minutes before hanging up. WordPress should remove this from the plugins. WP Forms should allow you to use some other plugin (there's a long list available with paid subscriptions). This is a most disreputable business practice & has all the ear-markings of a scam. Don't take just my word for it. Read some of the other 1 star reviews.

Excellent produit, avec un système très simple à comprendre.

I love it.its very easy to use.that helps a lot.thsnk u

It is a very good program

This is an awesome plugin!

Haven't had a chance to use it

Read all 315 reviews

“Creative Mail – Easier WordPress & WooCommerce Email Marketing” is open source software. The following people have contributed to this plugin.

Contributors

*    Constant Contact

*   1.6.3 – Hotfix: Fixed a bug where the plugin was not working on some servers.
*   1.6.2 – Security updates and removal of Unsupported Plugin (Caldera Forms)
*   1.6.1 – Security update
*   1.6.0 – Security update, Bug fixes and Support to sync Address Fields for Contact Form 7
*   1.5.4 – Migration to WordPress version 6.0.2 and Checkout mail templates update
*   1.5.3 – README update
*   1.5.2 – Small bug fix for PHP versions previous to 7.1
*   1.5.1 – Fix outdated PHP classes
*   1.5.0 – Fix WooCommerce product lists, improved WooCommerce order workflows and improved contact management.
*   1.4.9 – Fixes regarding WooCommerce and Contact Sync Updates.
*   1.4.8 – Redirect to main CreativEmail templates page when user has abandoned cart template deactivated. Fix sync error with contact form 7. Added automation trigger for customer buying products.
*   1.4.7 – Fix currency type being shown in “Abandoned Cart” emails for WooCommerce.
*   1.4.6 – Add phone number handling for Jetpack Forms. Bug fixes.
*   1.4.5 – This version contains a fix for Creative mail customers who also use the Bluehost WebsiteBuilder functionality to build their WordPress site.
*   1.4.4 – Add support for ‘return to shop’ urls
*   1.4.3 – Updated brand name.
*   1.4.2 – Fixed a crash that could occur when using the elementor contact sync.
*   1.4.1 – Fixed several bugs
*   1.4.0 – Added gutenberg contact form block CreativeMail
*   1.3.9 – Include notice when you have enabled a password protection plugin.
*   1.3.8 – Fixes an issue with WooCommerce recommendations.
*   1.3.7 – Fixes an issue specific to PHP 7.4
*   1.3.6 – Improved integrations with WooCommerce to support features like Abandoned Cart emails.
*   1.3.5 – Addresses two small issues where some relative URLs would not work for WP installs in subdirectories.
*   1.3.4 – Improved initial contact sync: we can now import all your contacts without any limits!
*   1.3.3 – Direct access to Creative Mail features from the left side nav in WP Admin.
*   1.3.2 – Fixes an issue where the contact sync might cause a critical error.
*   1.3.1 – Add the ability to show the amount of recovered revenue via abandoned carts.
*   1.3.0 – Support for abandoned cart emails
*   1.2.4 – Introduces a ‘Reset’ button on the settings page for accounts that are stuck.
*   1.2.3 – Fixes an issue where the banner would show up again after being dismissed.
*   1.2.2 – Introduction of multistep automations and fixes a couple of small issues in the CreativeMail widgets
*   1.2.1 – Fixes an issue where some users would experience an issue where our UI was blocked by pop-up blockers.
*   1.2.0 – Context aware notifications, add support for Ninja forms, add support for Caldera forms

CVE-2022-44740: Creative Mail – Easier WordPress & WooCommerce Email Marketing

Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

WatchTowerHQ Website Monitoring: Done Right  
Fed up with using tools that get sold to GoDaddy, lose their founding team, and slowly die?  
Tired of half-assed customer service that takes 72-144 hours to get a response?  
Looking for one solution to cut the costs of many tools?  
Our founding team is intact and not only focused on a world-class customer service experience, we’re focused on making WatchTowerHQ the best tool agencies and companies turn to when managing multiple websites.

**Automated Updates**

Set it and forget it by scheduling WordPress theme and plugin updates in advance. Every Tuesday at 7am? Not a problem with WatchTowerHQ

**Performance Insights**

Wondering why no one stays on your website? It’s probably because it’s slow…like Ford Fiesta slow. Figure out what you need to do to transform it into the Porsche it deserves to be.

**Daily Backups**

Take them daily, store them for a year. Don’t be at the mercy of the intern who accidentally deleted all of your blog posts from the last 6 years. Restore them quickly from one of your backups. Automate these as you would like, or take them manually.

**Historical Data Tracking**

A snapshot in time is great for some. You’re not some. Most are like you, they want to see how data looks over time. Screen shots from last May? Easy peasy. Site speed today relative to 2 months ago? One click.

**Notifications?**

We’ve got you covered. You control who gets alerts, which alerts they get, and when. All for you to control within your account.

**Domain and SSL Registration Monitoring**

The dreaded call from a client at 12:47am when they realize their domain has expired and a 12 year old North Korean is holding it hostage for 72 BTC. Don’t let that happen to you or your clients. Always know when your domain or SSL certificate are about to expire so you can proactively renew.

**Real-time Uptime Monitoring**

Kiss false positives good-bye. Set your limits, get updated when they’re triggered.

**One-Click Access**

Access your WordPress site or staging environment with one click right from the website dashboard.  
WatchTowerHQ is the most robust website monitoring and management tool. Increase operational efficiency by eliminating wasted time, improving your security, and taking preventive action.

**Custom User Roles**

Select from one of WatchTowerHQ’s user roles with granular permissions selection or create custom roles to fit your organizational needs.

Please note that WatchTowerHQ tracks information about your site including:  
\* Domain information (Registrar, DNS, SSL, Blacklist Status, Site & Proxy IP addresses)  
\* WordPress plugins, themes, and core  
\* Google Lighthouse & Google Analytics data  
\* Screen captures  
\* CSS & JavaScript code

After installing the WatchTowerHQ plugin you will need to do a few things to start monitoring your site.  
1\. Activate the WatchTowerHQ plugin.  
2\. Copy the access token found in the WatchTowerHQ Settings (you will need this in a future step).  
3\. Go to WatchTowerHQ to sign up for an account.  
4\. Fill in information about your websites – including the access token that you’d copied earlier.  
5\. Save the website’s information once complete. Happy monitoring!

If you’ve already signed up on WatchTowerHQ, you can also follow the alternative installation:  
1\. Download the WatchTowerHQ client from the Settings dropdown menu  
2\. Go to the Plugins tab in WordPress and select “Add New Plugin”.  
3\. Click the “Upload Plugin” button and upload the zip file you downloaded from WatchTowerHQ.  
4\. Click to activate the client and copy the access token from the WatchTowerHQ settings.  
5\. Go to the “Add new website” form found on the Websites page of your WatchTowerHQ dashboard.  
6\. Select WordPress as your CMS and paste the access token in the space.

**Can I have multiple environments on WatchTowerHQ?**

Yes, you can include your development and other environments to your WatchTowerHQ account for convenient one-click access.

**What does WatchTowerHQ do with my site’s information?**

The information tracked by WatchTowerHQ is used to provide real-time analytics and alerts on your site’s status including vulnerabilities, site downtime, and performance. As well as to notify you about WordPress-specific issues such as abandoned plugins.

**How much is WatchTowerHQ?**

To view our plans and get started with WatchTowerHQ check out our website.

**Can I limit access to other users?**

We have a number of standard roles, that many users requested, along with that we’ve created custom user roles. With custom user roles the options are endless to the access that you can give any one user. Custom User roles are included in all plans at no additional cost.

It's packed with features. One of the best tools available to manage my websites.

Read all 1 review

“WatchTowerHQ” is open source software. The following people have contributed to this plugin.

Contributors

*    watchtowerhq

**3.6.20**

*   remove unused code

**3.6.19**

*   db backup fix

**3.6.18**

*   WordPress 6.1.x compatibility declaration update

**3.6.17**

*   Fix security issue

**3.6.16**

*   Fix security issue

**3.6.15**

*   Fix theme updates info

**3.6.13**

*   Fix plugin updates info

**3.6.12**

*   Fix plugin slug

**3.6.11**

*   Fix plugin slug

**3.6.10**

*   WP 6.x compatibility declaration

**3.6.7**

*   WP 5.9.x compatibility declaration

**3.6.6**

*   fix open basedir warnings

**3.6.1**

*   Add endpoint for removing database backup file

**3.6.0**

*   updated action scheduler

**3.5.69**

*   WP Engine – exception

**3.5.67**

*   code improvements

**3.5.65**

*   code improvements
*   fetch info about debug log

**3.5.1**

*   update action scheduler

**3.5.0**

*   new backup system

**3.4.16**

*   WordPress 5.8 compatibility

**3.4.15**

*   fix UI issue

**3.4.13**

*   better settings UI

**3.4.12**

*   allow resume downloading backup
*   include backup integrity checksum to confirm error free transfer

**3.4.10**

*   code refactoring

**3.4.9**

*   update composer properties

**3.4.8**

*   WordPress 5.7 compatibility

**3.4.4**

*   new backup queue file limits

**3.4.2**

*   increase timeout

**3.4.0**

*   added ZipArchive fallback

**3.3.10**

*   fix curl timeout

**3.3.7**

*   minimum PHP version: 7.1

**3.3.6**

*   readme improvements

**3.3.0**

*   WordPress.org first release.
*   removed custom updates library

CVE-2022-44583: WatchTowerHQ

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.

CVE-2022-41618: Media Library Assistant

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.

CVE-2022-41634: Media Library Folders

IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.

    # Exploit Title: IOTransfer V4 - Unquoted Service Path
    # Exploit Author: BLAY ABU SAFIAN (Inveteck Global)
    # Discovery Date: 2022-28-07
    # Vendor Homepage: http://www.iobit.com/en/index.php
    # Software Link: https://iotransfer.itopvpn.com/download/
    # Tested Version: V4
    # Vulnerability Type: Unquoted Service Path
    # Tested on OS: Microsoft Windows Server 2019 Standard Evaluation CVE-2022-37197
    # Step to discover Unquoted Service Path:
    
    C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
    
    IOTransfer Updater IOTUpdaterSvc C:\Program Files (x86)\IOTransfer\Updater\IOTUpdater.exe
                          Auto
    
    C:\>sc qc IOTUpdaterSvc
    [SC] QueryServiceConfig SUCCESS
    
    SERVICE_NAME: IOTUpdaterSvc
            TYPE : 10 WIN32_OWN_PROCESS
            START_TYPE : 2 AUTO_START
            ERROR_CONTROL : 1 NORMAL
            BINARY_PATH_NAME : C:\Program Files (x86)\IOTransfer\Updater\IOTUpdater.exe
    
    
    LOAD_ORDER_GROUP :
            TAG : 0
            DISPLAY_NAME : IOTransfer Updater
            DEPENDENCIES :
            SERVICE_START_NAME : LocalSystem
    
    C:\>systeminfo
    
    OS Name: Microsoft Windows Server 2019 Standard Evaluation
    OS Version: 10.0.17763 N/A Build 17763
    OS Manufacturer: Microsoft Corporation

Tag

#php