Lucene search
+L

62 matches found

cve
cve
added 2024/10/12 2:5 a.m.55 views

CVE-2024-9821

CVE-2024-9821 : The WordPress plugin “Bot for Telegram on WooCommerce” is vulnerable to sensitive information disclosure due to missing authorization checks on the stm_wpcfto_get_settings AJAX action, affecting all versions up to 1.2.4. Authenticated attackers with subscriber-level access and abo...

8.8CVSS5.8AI score0.01159EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2024/10/12 2:5 a.m.14 views

CVE-2024-9821 Bot for Telegram on WooCommerce <= 1.2.7 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass

The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.01159EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2024/10/12 12:0 a.m.13 views

PT-2024-39866 · WordPress · The Bot For Telegram On Woocommerce

Name of the Vulnerable Software and Affected Versions: The Bot for Telegram on WooCommerce plugin for WordPress versions up to, and including, 1.2.4 Description: The issue is related to sensitive information disclosure due to missing authorization checks on the 'stm wpcfto get settings' AJAX...

8.8CVSS6AI score0.01159EPSS
Exploits1References7
githubexploit
githubexploit
added 2024/10/11 3:35 p.m.89 views

Exploit for CVE-2024-9821

CVE-2024-9821 Bot for Telegram on WooCommerce = 1.2.4 - Au...

8.8CVSS8.9AI score0.01159EPSS
Exploits1
osv
osv
added 2024/05/02 3:30 p.m.85 views

GHSA-94PR-W968-H923 Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file jenkinsci.plugins.telegrambot.TelegramBotGlobalConfiguration.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

3.3CVSS4.8AI score0.0052EPSS
Exploits0References4
osv
osv
added 2024/05/02 2:15 p.m.3 views

CVE-2024-34147

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

4.3CVSS5.8AI score0.0052EPSS
Exploits0References2
github
github
added 2022/07/01 12:1 a.m.33 views

Plaintext Storage of a Password in Jenkins Build Notifications Plugin

Build Notifications Plugin 1.5.0 and earlier stores multiple tokens unencrypted in its global configuration files on the Jenkins controller as part of its configuration:- Pushover Application Token in tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml\n- Slack Bot Token in...

4.3CVSS5.1AI score0.00557EPSS
Exploits0References3Affected Software1
osv
osv
added 2022/04/22 8:39 p.m.32 views

GHSA-FRXG-HF44-Q765 Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp

Impact Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to a web server not affiliated with Discord...

6.5CVSS6.5AI score0.00846EPSS
Exploits0References3
nvd
nvd
added 2022/04/14 10:15 p.m.16 views

CVE-2022-24849

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

6.5CVSS0.00846EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/04/14 9:25 p.m.4 views

CVE-2022-24849 Contact to DisCatSharp-owned server using authenticated client

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

6.5CVSS6.5AI score0.00846EPSS
Exploits0References1
cvelist
cvelist
added 2022/04/14 9:25 p.m.25 views

CVE-2022-24849 Contact to DisCatSharp-owned server using authenticated client

DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two RequireDisCatSharpDeveloperAttributes or the BaseDiscordClient.LibraryDeveloperTeam have potentially had their bot token sent to ...

6.5CVSS6.7AI score0.00846EPSS
Exploits0References1
cve
cve
added 2022/04/14 9:25 p.m.794 views

CVE-2022-24849

DisCatSharp (Discord API wrapper for .NET) versions 9.8.5–9.9.0 and prereleases of 10.0.0 may have sent bot tokens to a DisCatSharp-owned web server when using either the two RequireDisCatSharpDeveloperAttribute attributes or BaseDiscordClient.LibraryDeveloperTeam. The issue was addressed in 9.9....

6.5CVSS6.5AI score0.00846EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2022/04/14 12:0 a.m.5 views

DisCatSharp 信息泄露漏洞

DisCatSharp is a lovely wrapper for the Discord API. An information disclosure vulnerability exists in DisCatSharp versions 9.8.5, 9.8.6, 9.9.0, and 10.0.0 pre-release, which stems from the use of two RequireDisCatSharpDeveloperAttribute or BaseDiscordClient. One of the LibraryDeveloperTeam sends...

6.5CVSS6.5AI score0.00846EPSS
Exploits0References2
cnvd
cnvd
added 2022/01/13 12:0 a.m.17 views

PuddingBot Trust Management Issue Vulnerability

PuddingBot is a group management bot. PuddingBot is vulnerable to a trust management issue, which can be exploited by attackers to obtain a bot token in main.py...

9.1CVSS3.5AI score0.01032EPSS
Exploits0References1
nvd
nvd
added 2022/01/11 3:15 p.m.31 views

CVE-2022-21669

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are plannin...

9.1CVSS0.01032EPSS
Exploits0References2
prion
prion
added 2022/01/11 3:15 p.m.17 views

Code injection

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are plannin...

5CVSS7.5AI score0.01032EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2022/01/11 12:0 a.m.4 views

CVE-2022-21669 Bot token exposed in main.py

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are plannin...

9.1CVSS9.2AI score0.01032EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/01/11 12:0 a.m.3 views

Pudding-Bot 信任管理问题漏洞

PuddingBot is a group management bot. PuddingBot is vulnerable to a trust management issue, which can be exploited by attackers to obtain a bot token in main.py...

9.1CVSS5.5AI score0.01032EPSS
Exploits0References3
cve
cve
added 2022/01/11 12:0 a.m.75 views

CVE-2022-21669

The CVE-2022-21669 entry concerns PuddingBot, a group-management bot. Affected versions are 0.0.6-b933652 and earlier, where the bot token is publicly exposed in main.py due to the trust/credential handling issue. The token has been revoked and a new version is already deployed on the server. Pub...

9.1CVSS7.7AI score0.01032EPSS
Exploits0References2Affected Software1
osv
osv
added 2022/01/11 12:0 a.m.23 views

CVE-2022-21669 Bot token exposed in main.py

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are plannin...

9.1CVSS8.1AI score0.01032EPSS
Exploits0References4
Rows per page
Query Builder