What the vulnerability does
01Description
Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bot for Telegram on WooCommerce: from n/a through <= 1.2.6.
Explanation of Vulnerability in Simple Terms
02Summary
Bot for Telegram on WooCommerce versions 1.2.6 and earlier lack proper authorization checks on certain functions. A logged-in user with low privileges can modify data or settings they should not have access to. The vulnerability does not affect confidentiality or availability, only data integrity. Update to a version newer than 1.2.6.
What an attacker can do
03Attacker Capabilities
Modify WooCommerce or bot settings without proper authorization.
Potential impact on your site
04Site Impact
Unauthorized users can alter bot configuration or WooCommerce settings, potentially disrupting Telegram integration or order handling.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the WooCommerce site.
Key dates
06Disclosure timeline
May 19, 2025
CVE published
April 28, 2026
Record updated