The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the settings.
References
Configurations
History
06 Nov 2024, 16:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:choplugins:order_notification_for_telegram:*:*:*:*:*:wordpress:*:* | |
References | () https://plugins.trac.wordpress.org/browser/order-notification-for-telegram/tags/1.0.1/inc/admin_ajax.php#L5 - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/c182b4f2-c67b-4e82-a790-6d98946ebf2c?source=cve - Third Party Advisory | |
First Time |
Choplugins order Notification For Telegram
Choplugins |
25 Oct 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Oct 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-25 05:15
Updated : 2024-11-06 16:19
NVD link : CVE-2024-9686
Mitre link : CVE-2024-9686
CVE.ORG link : CVE-2024-9686
JSON object : View
Products Affected
choplugins
- order_notification_for_telegram
CWE
CWE-862
Missing Authorization