CVE-2024-9630

Published Oct 25, 2024

Last updated a month ago

CVSS medium 5.4

Overview

Description: The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.
Source: security@wordfence.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

security@wordfence.com: CWE-862

Hype score: Not currently trending

CVE-2024-9630 The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and includ… https://t.co/CfWHk7NEtc
@CVEnew
25 Oct 2024
334 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:10web:wps_telegram_chat:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BAC192A-D279-4D3F-B4DD-156EC53C329D",
            "versionEndIncluding": "4.5.4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References