Vulnerabilities (CVE)

Filtered by vendor Choplugins Subscribe
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-9686 1 Choplugins 1 Order Notification For Telegram 2024-11-06 N/A 5.3 MEDIUM
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the settings.