First published: Fri Oct 25 2024(Updated: )
The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
WPSolutions WPS Telegram Chat WordPress | <=4.5.4 | |
WordPress | ||
WPSolutions WPS Telegram Chat WordPress | <=4.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.