{"api_version":"1","generated_at":"2026-04-23T15:42:47+00:00","cve":"CVE-2024-9630","urls":{"html":"https://cve.report/CVE-2024-9630","api":"https://cve.report/api/cve/CVE-2024-9630.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-9630","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-9630"},"summary":{"title":"WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure","description":"The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.","state":"PUBLISHED","assigner":"Wordfence","published_at":"2024-10-25 08:15:03","updated_at":"2026-04-08 18:22:57"},"problem_types":["CWE-862","CWE-862 CWE-862 Missing Authorization"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"security@wordfence.com","type":"Secondary","score":"5.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"5.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","data":{"baseScore":5.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86b9b17f-f819-4316-8565-4e7603cd5de7?source=cve","name":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86b9b17f-f819-4316-8565-4e7603cd5de7?source=cve","refsource":"security@wordfence.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/wps-telegram-chat/tags/4.5.4/public/partials/wps-telegram-chat-public-handler.php#L92","name":"https://plugins.trac.wordpress.org/browser/wps-telegram-chat/tags/4.5.4/public/partials/wps-telegram-chat-public-handler.php#L92","refsource":"security@wordfence.com","tags":["Broken Link"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-9630","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9630","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"wpsolution","product":"WPS Telegram Chat","version":"affected 4.6.0 semver","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-10-08T00:00:00.000Z","lang":"en","value":"Discovered"},{"source":"CNA","time":"2024-10-08T00:00:00.000Z","lang":"en","value":"Vendor Notified"},{"source":"CNA","time":"2024-10-24T00:00:00.000Z","lang":"en","value":"Disclosed"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"István Márton","lang":"en"}],"nvd_cpes":[{"cve_year":"2024","cve_id":"9630","vulnerable":"1","versionEndIncluding":"4.5.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"10web","cpe5":"wps_telegram_chat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"9630","cve":"CVE-2024-9630","epss":"0.002070000","percentile":"0.430830000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:17"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-9630","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-10-25T15:21:16.079779Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-10-25T15:21:28.685Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"WPS Telegram Chat","vendor":"wpsolution","versions":[{"lessThanOrEqual":"4.6.0","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"István Márton"}],"descriptions":[{"lang":"en","value":"The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API."}],"metrics":[{"cvssV3_1":{"baseScore":5.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-08T17:04:52.967Z","orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence"},"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/86b9b17f-f819-4316-8565-4e7603cd5de7?source=cve"},{"url":"https://plugins.trac.wordpress.org/browser/wps-telegram-chat/tags/4.5.4/public/partials/wps-telegram-chat-public-handler.php#L92"}],"timeline":[{"lang":"en","time":"2024-10-08T00:00:00.000Z","value":"Discovered"},{"lang":"en","time":"2024-10-08T00:00:00.000Z","value":"Vendor Notified"},{"lang":"en","time":"2024-10-24T00:00:00.000Z","value":"Disclosed"}],"title":"WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure"}},"cveMetadata":{"assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","assignerShortName":"Wordfence","cveId":"CVE-2024-9630","datePublished":"2024-10-25T07:38:00.356Z","dateReserved":"2024-10-08T13:02:17.969Z","dateUpdated":"2026-04-08T17:04:52.967Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-10-25 08:15:03","lastModifiedDate":"2026-04-08 18:22:57","problem_types":["CWE-862","CWE-862 CWE-862 Missing Authorization"],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:10web:wps_telegram_chat:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"4.5.4","matchCriteriaId":"6BAC192A-D279-4D3F-B4DD-156EC53C329D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"9630","Ordinal":"1","Title":"WPS Telegram Chat <= 4.6.0 - Missing Authorization to Informatio","CVE":"CVE-2024-9630","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"9630","Ordinal":"1","NoteData":"The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.","Type":"Description","Title":"WPS Telegram Chat <= 4.6.0 - Missing Authorization to Informatio"}]}}}