Описание
The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.
Уязвимые конфигурации
Конфигурация 1Версия до 4.5.4 (включая)
cpe:2.3:a:10web:wps_telegram_chat:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 36%
0.00152
Низкий
5.4 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.4
github
больше 1 года назад
The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.
EPSS
Процентиль: 36%
0.00152
Низкий
5.4 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-862