MAL-2026-4593 Malicious code in klaudius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0b40ecfc7aa434ac63d620d4aaab0434dd57b0fac274bb9f5d1514e263be4a3 The package's CLI bundle dist/bin.js and an associated chunk dist/chunk-SZ4KCTSL.js contain hardcoded fetch POST calls to https://api.telegram.org, t...

CVE-2024-9628

The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wit...

CVE-2024-9630

The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API...

CVE-2024-9686

The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfwsendtestmessage' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test messa...

PT-2024-39728 · WordPress · Wps Telegram Chat

Name of the Vulnerable Software and Affected Versions: WPS Telegram Chat plugin for WordPress versions up to, and including, 4.5.4 Description: The issue allows authenticated attackers with subscriber-level access and above to have full access to the Telegram Bot API endpoint and communicate with...