CVE-2025-5939 in Telegram for WP Pluginthông tin

Tóm tắt

Bởi MITRE • 13/06/2025

The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Đặt trước

09/06/2025

Tiết lộ

13/06/2025

Kiểm duyệt

được chấp nhận

EPSS

0.00199

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you know our Splunk app?

Download it now for free!