25 matches found
WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Notification for Telegram versions = 3.5...
CVE-2025-62993 WordPress Notification for Telegram plugin <= 3.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notification for Telegram: from n/a through = 3.5.1...
WordPress plugin Notification for Telegram 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...
EUVD-2024-50090
Malicious code in bioql PyPI...
CVE-2025-5939 Telegram for WP <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2025-5236
The CVE concerns the NinjaTeam Chat for Telegram WordPress plugin (≤1.1). The root cause is insufficient input sanitization and output escaping for the username parameter, leading to Stored Cross-Site Scripting. Exploitation requires an authenticated attacker with Contributor-level access or high...
WordPress plugin NinjaTeam Chat for Telegram 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress NinjaTeam Chat for Telegram plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via username Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin NinjaTeam Chat for Telegram versions = 1.1...
CVE-2024-9628
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wit...
CVE-2024-11885
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtelebutton shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-9629
The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wpcf7Telegram::ajax' function in versions up to, and including, 0.8.5. This makes it possible for authenticated attackers, with...
WordPress plugin Bot for Telegram on WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-11885 NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtelebutton shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-17322 · WordPress · Ninjateam Chat For Telegram
Name of the Vulnerable Software and Affected Versions: NinjaTeam Chat for Telegram plugin for WordPress version 1.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'njtele button' shortcode in the NinjaTeam Chat for Telegram plugin for WordPress. This...
WordPress NinjaTeam Chat for Telegram plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin NinjaTeam Chat for Telegram versions = 1.0...
CVE-2024-9629
CVE-2024-9629 affects the WordPress plugin Contact Form 7 + Telegram (cf7-telegram) up to version 0.8.5. The root cause is a missing capability check in wpcf7_Telegram::ajax, enabling authenticated users with subscriber-level access and above to modify subscription state (approve, pause, refuse),...
WordPress Contact Form 7 Telegram plugin <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse vulnerability
Missing Authorization to Authenticated Subscriber+ Subscription Approve/Pause/Refuse vulnerability discovered by István Márton in WordPress Plugin Contact Form 7 Telegram versions = 0.8.5...
WordPress Contact Form 7 Telegram Plugin <= 0.8.5 is vulnerable to Broken Access Control
Software Contact Form 7 Telegram Type Plugin Vulnerable versions = 0.8.5 Fixed in 0.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9629 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc9031e15885 Credits István Márton Required...
CVE-2024-9686
CVE-2024-9686 affects the WordPress plugin “Order Notification for Telegram” (
WordPress WP 2FA with Telegram plugin <= 3.0 - Authenticated (Subscriber+) Authentication Bypass vulnerability
Authenticated Subscriber+ Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin WP 2FA with Telegram versions = 3.0...