Vulnerabilities and security researches fortelegram-bot telegram-bot

Jun 06, 2024

CVE, Research URL: CVE-2023-34006
Home page URL: Security reports for Telegram Bot & Channel
Application: Telegram Bot & Channel
Date: Jun 22, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions.
Affected versions: max 3.6.3.
Status: vulnerable

Jul 24, 2024

CVE, Research URL: CVE-2024-38789
Home page URL: Security reports for Telegram Bot & Channel
Application: Telegram Bot & Channel
Date: Jan 02, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2.
Affected versions: max 3.8.2.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-13068
Home page URL: Security reports for Telegram Bot & Channel
Application: Telegram Bot & Channel
Date: Nov 25, 2025
Research Description: The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 4.1.1.
Status: vulnerable