CVE-2024-9630

MEDIUM

WPS Telegram Chat < 4.6.0 - Unauthenticated Authorization Bypass via Telegram Bot API

Title source: llm
STIX 2.1

Description

The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.

Scores

CVSS v3 5.4
EPSS 0.0026
EPSS Percentile 17.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
10web/wps_telegram_chat < 4.5.4
wpsolution/WPS Telegram Chat < 4.6.0
Published Oct 25, 2024
Tracked Since Feb 18, 2026