{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T10:52:19.053","vulnerabilities":[{"cve":{"id":"CVE-2024-9685","sourceIdentifier":"security@wordfence.com","published":"2024-10-10T02:15:06.440","lastModified":"2026-06-17T08:25:03.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings."},{"lang":"es","value":"El complemento Notification for Telegram para WordPress es vulnerable al envío no autorizado de mensajes de prueba debido a una falta de verificación de capacidad en la función 'nftb_test_action' en versiones hasta la 3.3.1 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, envíen un mensaje de prueba a través de la API de bots de Telegram a todos los usuarios configurados en los ajustes."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"rainafarai","product":"Notification for Telegram","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-10T14:26:54.393108Z","id":"CVE-2024-9685","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:andreamarinucci:notification_for_telegram:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"3.3.2","matchCriteriaId":"BF2C7B0B-324A-4EF3-AE62-0281C64DD713"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.3/index.php#L202","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset/3165615/notification-for-telegram","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/abaebd3b-69ab-4e9b-a528-c9d846e62238?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}