Vulnerabilities and security researches fornotification-for-telegram notification-for-telegram

Oct 11, 2024

CVE, Research URL: CVE-2024-9685
Home page URL: Security reports for Notification for Telegram
Application: Notification for Telegram
Date: Oct 10, 2024
Research Description: The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings.
Affected versions: Min -, max -.
Status: vulnerable

Sep 07, 2025

CVE, Research URL: CVE-2025-58794
Home page URL: Security reports for Notification for Telegram
Application: Notification for Telegram
Date: Sep 05, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in rainafarai Notification for Telegram allows Cross Site Request Forgery. This issue affects Notification for Telegram: from n/a through 3.4.6.
Affected versions: Min -, max -.
Status: vulnerable