cvedb.io
CVE-2024-9627
HIGH · CVSS 8.6
EPSS exploitation probability: 0%
Published 2024-10-22T07:15:02.687 · Last modified 2026-06-17T08:24:56.640

Summary

The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot Token, which is a secret token to control the bot.

Affected products

te-st — teplobot

Does this affect you?

Add your gear to cvedb and we'll alert you only when te-st ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.