Telegram Bot
by WordPress
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13068 | Hig | 0.40 | 7.2 | 0.00 | Nov 25, 2025 | The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to… | ||
| CVE-2023-34006 | Med | 0.38 | 5.9 | 0.00 | Jun 22, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions. | ||
| CVE-2024-38789 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel telegram-bot allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through <= 3.8.2. |
- risk 0.40cvss 7.2epss 0.00
The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…
- risk 0.38cvss 5.9epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel telegram-bot allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through <= 3.8.2.