Approved changes feed: RSS · Atom

cpe:2.3:a:10web:wps_telegram_chat:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor10Web (a48aaa7e-f686-5cd9-9b59-60b5c3bf60d0)
ProductWps Telegram Chat (c651b982-36f8-5d0b-8057-05130774a555)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-9630 vulnerable 2026-06-08 07:00:28.350078 WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure
MEDIUM (5.4)
The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.
Published: 2024-10-25T07:38:00.356Z
Updated: 2026-04-08T17:04:52.967Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-9628 vulnerable 2026-06-08 07:00:28.346490 WPS Telegram Chat <= 4.6.0 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API
MEDIUM (6.3)
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the Telegram Bot API endpoint and communicate with it.
Published: 2024-10-25T07:38:00.869Z
Updated: 2026-04-08T17:21:30.508Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.