📦

wps_telegram_chat

Vendor: 10web

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 4 Total Indexed

Avg. EPSS 0.26% Exploit Prob.

Latest CVE CVE-2024-9630 Oct 25

Security Vulnerability Index

Page 1 / 1

5.4 CVSS

CVE-2024-9630

The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.

EPSS: 0.21%

Severity: MEDIUM

Oct 25, 2024

6.3 CVSS

CVE-2024-9628

The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the Telegram Bot API endpoint and communicate with it.

EPSS: 0.32%

Severity: MEDIUM

Oct 25, 2024

Displaying 2 of 4 Total Entries

Total 1 Sections