CVE-2024-9627

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-200
View all →

Vulnerability Description

The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot Token, which is a secret token to control the bot.

Related Vulnerabilities

CVE-1999-0059

HIGH
CVSS:7.3(High)

IRIX fam service allows an attacker to obtain a list of all files on the server.

CWE-2001999

CVE-2016-5722

HIGH
CVSS:7.3(High)

Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct r...

CWE-2002016

CVE-2017-3250

HIGH
CVSS:7.3(High)

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnera...

CWE-2002017

CVE-2017-8460

HIGH
CVSS:7.3(High)

Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially craf...

CWE-2002017

CVE-2018-21071

HIGH
CVSS:7.3(High)

An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung I...

CWE-2002018

CVE-2016-7561

HIGH
CVSS:7.2(High)

Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.

CWE-2002016