CVE-2024-9821

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 12, 2024
Updated: Oct 15, 2024
CWE ID 200

Summary

CVE-2024-9821 identifies a vulnerability in the Bot for Telegram on WooCommerce plugin for WordPress, affecting all versions up to and including 1.2.4, which allows authenticated attackers with subscriber-level access or higher to disclose sensitive information, specifically the Telegram Bot Token. This token can enable an attacker to log in as any existing user, including administrators, when paired with the Login with Telegram feature. To remediate this vulnerability, it is recommended that users update the plugin to a patched version that incorporates proper authorization checks. The potential risk posed by this vulnerability is significant, as it can lead to unauthorized access and control over user accounts within affected systems. The exploitability score for this vulnerability is rated at 8.8 out of 10, indicating a high level of severity and impact on confidentiality and integrity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share