Filtered by vendor 10web
Subscriptions
Filtered by product Wps Telegram Chat
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9630 | 1 10web | 1 Wps Telegram Chat | 2025-01-24 | 5.4 Medium |
| The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API. | ||||
| CVE-2024-9628 | 1 10web | 1 Wps Telegram Chat | 2025-01-23 | 6.3 Medium |
| The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the Telegram Bot API endpoint and communicate with it. | ||||
Page 1 of 1.