Medium severity4.3NVD Advisory· Published Oct 10, 2024· Updated Jun 17, 2026
CVE-2024-9685
CVE-2024-9685
Description
The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.3.1
- rainafarai/Notification for Telegramv5Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.