2 matches found
CVE-2024-9821
CVE-2024-9821 : The WordPress plugin “Bot for Telegram on WooCommerce” is vulnerable to sensitive information disclosure due to missing authorization checks on the stm_wpcfto_get_settings AJAX action, affecting all versions up to 1.2.4. Authenticated attackers with subscriber-level access and abo...
CVE-2024-9821 Bot for Telegram on WooCommerce <= 1.2.7 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...