Vulnerabilities and security researches fororder-notification-for-telegram order-notification-for-telegram

Oct 26, 2024

CVE, Research URL: CVE-2024-9686
Home page URL: Security reports for Order Notification for Telegram
Application: Order Notification for Telegram
Date: Oct 25, 2024
Research Description: The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the settings.
Affected versions: Min -, max -.
Status: vulnerable