Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Network-accessible endpoint requires only subscriber auth (PR:L); integrity-only impact limited to cron manipulation; no confidentiality or availability effect.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to create, modify, or reschedule the nftb_cron_hook WordPress cron event, enabling unauthorized manipulation of the plugin's background task scheduling logic.
AnalysisAI
Authorization bypass in the Notification for Telegram WordPress plugin (all versions through 3.5.1) allows authenticated subscribers to manipulate WordPress cron scheduling logic. Authenticated attackers with subscriber-level access or above can create, modify, or reschedule the nftb_cron_hook cron event due to missing authorization checks in nftncron.php, disrupting the plugin's background task scheduling for Telegram notifications. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold a valid WordPress account with at minimum subscriber-level privileges on the target site - unauthenticated exploitation is not possible per CVSS PR:L. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, score 4.3) reflects a realistic, constrained risk profile: network-reachable, low complexity, but requiring authenticated subscriber access, with only low integrity impact and no confidentiality or availability compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who registers or already holds a WordPress subscriber account on a vulnerable site sends a crafted authenticated request targeting the plugin's cron management endpoint in nftncron.php, bypassing the missing authorization check. By rescheduling or repeatedly triggering nftb_cron_hook, the attacker could suppress legitimate Telegram security or operational notifications, potentially masking other malicious activity on the site. … |
| Remediation | Upstream fix available via WordPress plugin repository changeset 3524838 (https://plugins.trac.wordpress.org/changeset?reponame=&old=3524838%40notification-for-telegram&new=3524838%40notification-for-telegram); the exact patched release version is not independently confirmed from available data - WordPress site administrators should update to the latest available version of the plugin through the WordPress dashboard, which will deploy the trunk-based fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Notification For Telegram
View allReflected/stored cross-site scripting in the Notification for Telegram WordPress plugin (versions <= 3.5) allows unauthe
The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing c
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43131
GHSA-76px-9qj6-wjpg