VYPR

Telegram Bot

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-13068HigNov 25, 2025
    risk 0.40cvss 7.2epss 0.00

    The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2023-34006MedJun 22, 2023
    risk 0.38cvss 5.9epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions.

  • CVE-2024-38789MedJan 2, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel telegram-bot allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through <= 3.8.2.