Vulnerabilities and security researches fortelsender telsender

Jun 16, 2026

CVE, Research URL: 064e9b811efe47de47856256d48e5f52f3b89f04
Home page URL: Security reports for TelSender – Wp to telegram СF 7, Events, Wpforms, Ninja forms, Wooccommerce
Application: TelSender – Wp to telegram СF 7, Events, Wpforms, Ninja forms, Wooccommerce
Date: Jan 27, 2026
Research Description: TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot [telsender] < 1.14.15 TelSender <= 1.14.14 - Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for unauthenticated attackers to inject malicious scripts via Telegram chat titles that execute when an administrator opens the TelSender settings page and clicks the "Tested" button.
Affected versions: max 1.14.15.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-41683
Home page URL: Security reports for TelSender – Wp to telegram СF 7, Events, Wpforms, Ninja forms, Wooccommerce
Application: TelSender – Wp to telegram СF 7, Events, Wpforms, Ninja forms, Wooccommerce
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11.
Affected versions: max 1.14.12.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: 7d9d8268f23f57867d0b85ff74fa4663e9384959
Home page URL: Security reports for TelSender – Wp to telegram СF 7, Events, Wpforms, Ninja forms, Wooccommerce
Application: TelSender – Wp to telegram СF 7, Events, Wpforms, Ninja forms, Wooccommerce
Date: Sep 04, 2023
Research Description: TelSender – Wp to telegram СF 7, Events, Wpforms, Ninja forms, Wooccommerce [telsender] < 1.14.12 WordPress TelSender Plugin <= 1.14.7 is vulnerable to Broken Access Control No patched version is available. No reply from the vendor. Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress TelSender Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
Affected versions: max 1.14.12.
Status: vulnerable