Missing Authorization in Guru Team Bot for Telegram on WooCommerce
CVE-2025-48268
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 19 May 2025
What is CVE-2025-48268?
The Guru Team Bot for Telegram utilized in WooCommerce is susceptible to a missing authorization vulnerability. This flaw arises from incorrectly configured access control levels, potentially allowing unauthorized users to exploit the bot's functionalities. Users running versions from n/a to 1.2.6 are advised to implement immediate security measures to secure their installations against potential access breaches.
Affected Version(s)
Bot for Telegram on WooCommerce <= 1.2.6