cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9628,https://securityvulnerability.io/vulnerability/CVE-2024-9628,Unauthorized Access to Telegram Bot API Endpoint,"The WPS Telegram Chat plugin for WordPress contains a vulnerability that exposes the application to unauthorized data modification and potential data loss. This issue arises from a missing capability check in the 'Wps_Telegram_Chat_Admin::check?onnection' function, affecting all versions up to and including 4.5.4. Authenticated attackers with subscriber-level access or higher can leverage this vulnerability to gain full access to the Telegram Bot API endpoint, enabling them to manipulate data without appropriate permissions.",Wordpress,WPs Telegram Chat,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,2024-10-25T07:38:00.869Z,0
CVE-2024-9630,https://securityvulnerability.io/vulnerability/CVE-2024-9630,Unauthenticated Access to Telegram Bot API Messages Possible Through Version 4.5.4,"The WPS Telegram Chat plugin for WordPress contains a vulnerability that allows unauthorized users to bypass authentication checks. This issue arises from a missing capability verification when accessing messages sent via the Telegram Bot API. As a result, unauthenticated attackers can view sensitive messages, posing a significant risk to privacy and security for users of versions up to and including 4.5.4. It is essential for website administrators to take immediate action to secure their WordPress installations and update the plugin to prevent potential data exposure.",Wordpress,WPs Telegram Chat,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-10-25T07:38:00.356Z,0