28 matches found
CVE-2024-9686
CVE-2024-9686 affects the WordPress plugin “Order Notification for Telegram” (
CVE-2024-9686 Order Notification for Telegram <= 1.0.1 - Missing Authorization to Unauthenticated Send Telegram Test Message
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfwsendtestmessage' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messa...
PT-2024-39730 · WordPress · Wps Telegram Chat
Name of the Vulnerable Software and Affected Versions: WPS Telegram Chat plugin for WordPress versions up to, and including, 4.5.4 Description: The issue is related to authorization bypass due to a missing capability check when accessing messages. This allows unauthenticated attackers to view...
WordPress WPS Telegram Chat plugin <= 4.5.4 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API vulnerability
Authenticated Subscriber+ Unauthorized Access to Telegram Bot API vulnerability discovered by István Márton in WordPress Plugin WPS Telegram Chat versions = 4.5.4...
CVE-2024-9685
The CVE-2024-9685 entry concerns the WordPress plugin Notification for Telegram. Technical details in connected sources show a missing capability check in the nftb_test_action function up to and including version 3.3.1, enabling authenticated users with subscriber-level access to send unauthorize...
CVE-2024-9685 Notification for Telegram <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Send Telegram Test Message
The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftbtestaction' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...
Malicious code in telegram-bot_api (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Analyzing a Facebook Profile Stealer Written in Node.js
We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication...