CVE-2024-9630

Published Oct 25, 2024

Last updated 23 days ago

CVSS medium 5.4

Overview

Description
The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
5.4
Impact score
2.5
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-862

Social media

Hype score
Not currently trending

  1. CVE-2024-9630 The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and includ… https://t.co/CfWHk7NEtc

    @CVEnew

    25 Oct 2024

    334 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References