Search
Search Results (3 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7620 | 2 Rainafarai, Wordpress | 2 Notification For Telegram, Wordpress | 2026-07-13 | 4.3 Medium |
| The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to create, modify, or reschedule the nftb_cron_hook WordPress cron event, enabling unauthorized manipulation of the plugin's background task scheduling logic. | ||||
| CVE-2026-40732 | 2 Rainafarai, Wordpress | 2 Notification For Telegram, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions. | ||||
| CVE-2025-62993 | 2 Rainafarai, Wordpress | 2 Notification For Telegram, Wordpress | 2026-04-24 | 4.3 Medium |
| Missing Authorization vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notification for Telegram: from n/a through <= 3.5.1. | ||||
Page 1 of 1.