WooCommerce Bot for Telegram Auth Bypass via Token Disclosure (CVE-2024-9821)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. **Vulnerability Name**: Bot for Telegram on WooCommerce <= 1.2.4 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass 2. **CVSS Score**: 8.8 (High) 3. **Public Release Date**: October 11, 2024 4. **Last Updated**: October 12, 2024 5. **Researcher**: István Márton - Wordfence 6. **Vulnerability Description**: This vulnerability allows unauthorized attackers to view the Telegram Bot Token in all versions of Bot for Telegram on WooCommerce <= 1.2.4 due to missing authorization checks. The Telegram Bot Token is a key used to control the bot, and attackers can use it to log in as any existing user, including administrators, if they know the username. 7. **Reference Link**: plugins.trac.wordpress.org 8. **Affected Versions**: <= 1.2.4 9. **Fix Status**: No known fix available. 10. **Vulnerability Type**: Plugin 11. **Vulnerability ID**: CVE-2024-9821 12. **Vulnerability Score**: 8.8 (High) 13. **Public Release Date**: October 11, 2024 14. **Last Updated**: October 12, 2024 15. **Researcher**: István Márton - Wordfence 16. **Vulnerability Description**: This vulnerability allows unauthorized attackers to view the Telegram Bot Token in all versions of Bot for Telegram on WooCommerce <= 1.2.4 due to missing authorization checks. The Telegram Bot Token is a key used to control the bot, and attackers can use it to log in as any existing user, including administrators, if they know the username. 17. **Reference Link**: plugins.trac.wordpress.org 18. **Affected Versions**: <= 1.2.4 19. **Fix Status**: No known fix available. 20. **Vulnerability Type**: Plugin 21. **Vulnerability ID**: CVE-2024-9821 22. **Vulnerability Score**: 8.8 (High) 23. **Public Release Date**: October 11, 2024 24. **Last Updated**: October 12, 2024 25. **Researcher**: István Márton - Wordfence 26. **Vulnerability Description**: This vulnerability allows unauthorized attackers to view the Telegram Bot Token in all versions of Bot for Telegram on WooCommerce <= 1.2.4 due to missing authorization checks. The Telegram Bot Token is a key used to control the bot, and attackers can use it to log in as any existing user, including administrators, if they know the username. 27. **Reference Link**: plugins.trac.wordpress.org 28. **Affected Versions**: <= 1.2.4 29. **Fix Status**: No known fix available. 30. **Vulnerability Type**: Plugin 31. **Vulnerability ID**: CVE-2024-9821 32. **Vulnerability Score**: 8.8 (High) 33. **Public Release Date**: October 11, 2024 34. **Last Updated**: October 12, 2024 35. **Researcher**: István Márton - Wordfence 36. **Vulnerability Description**: This vulnerability allows unauthorized attackers to view the Telegram Bot Token in all versions of Bot for Telegram on WooCommerce <= 1.2.4 due to missing authorization checks. The Telegram Bot Token is a key used to control the bot, and attackers can use it to log in as any existing user, including administrators, if they know the username. 37. **Reference Link**: plugins.trac.wordpress.org 38. **Affected Versions**: <= 1.2.4 39. **Fix Status**: No known fix available. 40. **Vulnerability Type**: Plugin 41. **Vulnerability ID**: CVE-2024-9821 42. **Vulnerability Score**: 8.8 (High) 43. **Public Release Date**: October 11, 2024 44. **Last Updated**: October 12, 2024 45. **Researcher**: István Márton - Wordfence 46. **Vulnerability Description**: This vulnerability allows unauthorized attackers to view the Telegram Bot Token in all versions of Bot for Telegram on WooCommerce <= 1.2.4 due to missing authorization checks. The Telegram Bot Token is a key used to control the bot, and attackers can use it to log in as any existing user, including administrators, if they know the username. 47. **Reference Link**: plugins.trac.wordpress.org 48. **Affected Versions**: <= 1.2.4 49. **Fix Status**: No known fix available. 50. **Vulnerability Type**: Plugin 51. **Vulnerability ID**: CVE-2024-9821 52. **Vulnerability Score**: 8.8 (High) 53. **Public Release Date**: October 11, 2024 54. **Last Updated**: October 12, 2024 55. **Researcher**: István Márton - Wordfence 56. **Vulnerability Description**: This vulnerability allows unauthorized attackers to view the Telegram Bot Token in all versions of Bot for Telegram on WooCommerce <= 1.2.4 due to missing authorization checks. The Telegram Bot Token is a key used to control the bot, and attackers can use it to log in as any existing user, including administrators, if they know the username. 57. **Reference Link**: plugins.trac.wordpress.org 58. **Affected Versions**: <= 1.2.4 59. **Fix Status**: No known fix available. 60. **Vulnerability Type**: Plugin 61. **Vulnerability ID**: CVE-2024-9821 62. **Vulnerability Score**: 8.8 (High) 63. **Public Release Date**: October 11, 2024 64. **Last Updated**: October 12, 2024 65. **Researcher**: István Márton - Wordfence 66. **Vulnerability Description**: This vulnerability allows unaut

Goal Reached Thanks to every supporter — we hit 100%!

WooCommerce Bot for Telegram Auth Bypass via Token Disclosure (CVE-2024-9821)

More from this source