14 matches found
CVE-2024-9628
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.5.4. This makes it possible for authenticated attackers, wit...
CVE-2024-9628
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wit...
CVE-2024-9628 WPS Telegram Chat <= 4.6.0 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wit...
CVE-2024-9630 WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure
The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API...
CVE-2024-9628 WPS Telegram Chat <= 4.6.0 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wit...
CVE-2024-9630 WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure
The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API...
CVE-2024-9630
The CVE-2024-9630 entry concerns the WPS Telegram Chat plugin for WordPress. Affected versions: up to 4.5.4. Root cause: missing capability check when accessing messages, resulting in an authorization bypass. Impact: unauthenticated attackers can view messages sent through the Telegram Bot API (i...
CVE-2024-9628
CVE-2024-9628 affects the WordPress plugin WPS Telegram Chat . The vulnerability arises from a missing capability check in the function Wps_Telegram_Chat_Admin::checkСonnection , in versions up to and including 4.5.4 . This design flaw enables authenticated attackers with subscriber-level access ...
WordPress plugin WPS Telegram Chat 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin WPS Telegram Chat 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-39728 · WordPress · Wps Telegram Chat
Name of the Vulnerable Software and Affected Versions: WPS Telegram Chat plugin for WordPress versions up to, and including, 4.5.4 Description: The issue allows authenticated attackers with subscriber-level access and above to have full access to the Telegram Bot API endpoint and communicate with...
WordPress WPS Telegram Chat plugin <= 4.5.4 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API vulnerability
Authenticated Subscriber+ Unauthorized Access to Telegram Bot API vulnerability discovered by István Márton in WordPress Plugin WPS Telegram Chat versions = 4.5.4...
WordPress WPS Telegram Chat Plugin <= 4.5.4 is vulnerable to Broken Access Control
Software WPS Telegram Chat Type Plugin Vulnerable versions = 4.5.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-9628 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 35d166ea4c51 Credits...
WordPress WPS Telegram Chat Plugin <= 4.5.4 is vulnerable to Broken Access Control
Software WPS Telegram Chat Type Plugin Vulnerable versions = 4.5.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9630 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9cb16fad33b1 Credits István Márton Required privile...