Security Advisory

CVE-2024-9686

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-25 04:33:41

Last updated 2026-04-08 17:19:54

Assigner Wordfence

State PUBLISHED

Description

The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the nktgnfw_send_test_message function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the settings.

← Browse all CVEs View on cve.org ↗