2 matches found
CVE-2024-9685 Notification for Telegram <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Send Telegram Test Message
The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftbtestaction' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...
WordPress Notification for Telegram Plugin <= 3.3.1 is vulnerable to Broken Access Control
Software Notification for Telegram Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9685 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4b8ba917ec79 Credits István Márton Requir...