WordPress TelSender plugin <= 1.14.14 - Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title vulnerability

Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title vulnerability discovered by Kai Aizen in WordPress Plugin TelSender versions = 1.14.14...

EUVD-2025-21608

Malicious code in bioql PyPI...

EUVD-2024-33081

Malicious code in bioql PyPI...

WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Site Chat on Telegram versions = 1.0.4...

CVE-2024-10390

The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia

The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram...

CVE-2024-10390

The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-10390

CVE-2024-10390 affects the Elfsight Telegram Chat CC WordPress plugin (versions up to and including 1.1.0). The issue is a missing capability check in updatePreferences, enabling authenticated attackers with subscriber-level access and above to inject arbitrary scripts into pages, executed when a...

CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-10390 Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

WordPress Elfsight Telegram Chat CC plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by István Márton in WordPress Plugin Elfsight Telegram Chat CC versions = 1.1.0...

PT-2024-16240 · Elfsight · Elfsight Telegram Chat Cc

Name of the Vulnerable Software and Affected Versions: Elfsight Telegram Chat CC plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to a missing capability check on the updatePreferences function, allowing authenticated attackers with subscriber-level acce...

WordPress Elfsight Telegram Chat CC Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Elfsight Telegram Chat CC Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10390 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 79fba1da063a Credits István...

CVE-2024-9628

The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.5.4. This makes it possible for authenticated attackers, wit...

CVE-2024-9630

The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API...

CVE-2024-9628

The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wit...

CVE-2024-9630 WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure

The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API...

CVE-2024-9630

The CVE-2024-9630 entry concerns the WPS Telegram Chat plugin for WordPress. Affected versions: up to 4.5.4. Root cause: missing capability check when accessing messages, resulting in an authorization bypass. Impact: unauthenticated attackers can view messages sent through the Telegram Bot API (i...

CVE-2024-9628

CVE-2024-9628 affects the WordPress plugin WPS Telegram Chat . The vulnerability arises from a missing capability check in the function Wps_Telegram_Chat_Admin::checkСonnection , in versions up to and including 4.5.4 . This design flaw enables authenticated attackers with subscriber-level access ...

CVE-2024-9628 WPS Telegram Chat <= 4.6.0 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API

The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'WpsTelegramChatAdmin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wit...