Does Bot for Telegram on WooCommerce have any unpatched vulnerabilities?

Yes — Bot for Telegram on WooCommerce currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Bot for Telegram on WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Bot for Telegram on WooCommerce 1.2.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Bot for Telegram on WooCommerce compatible with PHP 7.0+?

Bot for Telegram on WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Bot for Telegram on WooCommerce updated?

Bot for Telegram on WooCommerce was last updated on May 31, 2025. Frequent updates are generally a positive security signal.

What is Bot for Telegram on WooCommerce's security score?

Bot for Telegram on WooCommerce has a WP-Safety security score of 74/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bot for Telegram on WooCommerce Security & Risk Analysis

wordpress.org/plugins/bot-for-telegram-on-woocommerce

Bot for Telegram on WooCommerce is a plugin that allows you to create a telegram online store based on your website with WooCommerce.

300 active installs v1.2.9 PHP 7.0+ WP 5.3+ Updated May 31, 2025

telegram-bottelegram-logintelegram-notificationstelegram-shopwoocommerce-telegram-addon

B · Generally Safe

CVEs total2

Unpatched1

Last CVEMay 19, 2025

Plugin page Download

Safety Verdict

Is Bot for Telegram on WooCommerce Safe to Use in 2026?

Mostly Safe

Score 74/100

Bot for Telegram on WooCommerce is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: May 19, 2025Updated 10mo ago

Risk Assessment

The "bot-for-telegram-on-woocommerce" plugin version 1.2.9 presents a mixed security posture. While it demonstrates good practices with a high percentage of properly escaped output and a substantial number of nonce and capability checks, several critical concerns emerge from the static analysis. The presence of 11 AJAX handlers, with one lacking authentication checks, and 5 REST API routes without permission callbacks represent significant attack vectors. Furthermore, the use of the `unserialize` function twice is a dangerous practice that could lead to code injection if user-supplied data is unserialized. The plugin's vulnerability history is also a major red flag, with two known CVEs, one of which remains unpatched and is rated as high severity. The common vulnerability types, missing authorization and exposure of sensitive information, directly correlate with the findings in the static analysis. The last vulnerability being in the future (2025-05-19) is highly unusual and suggests potential data integrity issues with the vulnerability history itself, but based on the provided data, it highlights a recent history of exploitable flaws.

Key Concerns

Unpatched High Severity CVE
AJAX handler without auth check
REST API routes without permission callbacks
Use of unserialize function
Medium Severity CVE

Vulnerabilities

Bot for Telegram on WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-48268medium · 4.3Missing Authorization

Bot for Telegram on WooCommerce <= 1.2.6 - Missing Authorization

May 19, 2025 Patched in 1.2.7 (10d)

CVE-2024-9821high · 8.8Exposure of Sensitive Information to an Unauthorized Actor

Bot for Telegram on WooCommerce <= 1.2.7 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass

Oct 11, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

Bot for Telegram on WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

790 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = unserialize( $value );nuxy\helpers\helpers.php:116

unserialize$value = unserialize( $value ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_unsenuxy\metaboxes\metabox.php:230

SQL Query Safety

60% prepared5 total queries

Output Escaping

98% escaped805 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

11 flows2 with unsanitized paths

bftow_action_with_rest_url (includes\functions.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Bot for Telegram on WooCommerce Attack Surface

Entry Points17

Unprotected6

AJAX Handlers 11

authwp_ajax_bftow_action_with_rest_urlincludes\functions.php:28

authwp_ajax_wpcfto_upload_filenuxy\helpers\file_upload.php:7

authwp_ajax_stm_wpcfto_get_settingsnuxy\helpers\helpers.php:55

authwp_ajax_wpcfto_get_image_urlnuxy\helpers\helpers.php:149

authwp_ajax_wpcfto_search_postsnuxy\metaboxes\metabox.php:20

authwp_ajax_wpcfto_save_settingsnuxy\settings\settings.php:18

authwp_ajax_wpcfto_create_termnuxy\settings\settings.php:19

authwp_ajax_wpcfto_regenerate_fontsnuxy\settings\settings.php:20

authwp_ajax_bftow_pro_create_new_recordpro\includes\alerts\admin\admin.php:13

authwp_ajax_bftow_pro_send_single_bulk_messagepro\includes\alerts\admin\admin.php:14

authwp_ajax_bftow_pro_action_get_channel_idpro\includes\BFTOW_PRO_Notifications.php:13

REST API Routes 5

GET/wp-json/woo-telegram/v1/product/includes\BFTOW_Product.php:19

GET/wp-json/woo-telegram/v1/main/includes\BFTOW_Telegram.php:91

GET/wp-json/woo-telegram/v1/orders/pro\includes\orders\orders.php:28

GET/wp-json/woo-telegram/v1/create-order/pro\includes\orders\orders.php:34

post/wp-json/license/v1de-activatepro\rest-api.php:6

Shortcodes 1

[bftow_login] includes\BFTOW_Login.php:13

WordPress Hooks 83

actioninitbot-for-telegram-on-woocommerce.php:20

actionadmin_noticesbot-for-telegram-on-woocommerce.php:37

actionadmin_noticesbot-for-telegram-on-woocommerce.php:67

actionplugins_loadedbot-for-telegram-on-woocommerce.php:73

filterbftow_message_delimiterincludes\BFTOW_Helpers.php:9

actioninitincludes\BFTOW_Login.php:10

actionlogin_formincludes\BFTOW_Login.php:165

actionregister_formincludes\BFTOW_Login.php:168

actionwoocommerce_login_formincludes\BFTOW_Login.php:171

actionwoocommerce_register_formincludes\BFTOW_Login.php:174

actionwoocommerce_after_checkout_registration_formincludes\BFTOW_Login.php:177

actionwoocommerce_admin_order_data_after_billing_addressincludes\BFTOW_Orders.php:15

actionrest_api_initincludes\BFTOW_Product.php:9

filterbftow_get_grouped_productincludes\BFTOW_Product.php:11

filterbftow_get_external_productincludes\BFTOW_Product.php:12

actioninitincludes\BFTOW_Products.php:14

filterbftow_get_products_filterincludes\BFTOW_Products.php:15

actioninitincludes\BFTOW_Telegram.php:41

actionrest_api_initincludes\BFTOW_Telegram.php:48

actionbftow_order_createdincludes\BFTOW_Telegram.php:49

actioninitincludes\BFTOW_WooCommerce.php:17

actionwp_loadedincludes\BFTOW_WooCommerce.php:27

actionwoocommerce_thankyouincludes\BFTOW_WooCommerce.php:30

actionwoocommerce_order_status_changedincludes\BFTOW_WooCommerce.php:32

actionadmin_noticesincludes\notices\settings.php:23

filterbftow_get_variable_productincludes\product_api\variable.php:10

actionadmin_enqueue_scriptsincludes\scripts_styles.php:24

actionwp_enqueue_scriptsincludes\scripts_styles.php:25

actionwp_headnuxy\helpers\helpers.php:25

actionadmin_headnuxy\helpers\helpers.php:26

actionadmin_headnuxy\helpers\helpers.php:52

actionwp_headnuxy\helpers\helpers.php:53

actionadd_meta_boxesnuxy\metaboxes\metabox.php:14

actionadmin_enqueue_scriptsnuxy\metaboxes\metabox.php:16

actionsave_postnuxy\metaboxes\metabox.php:18

filtersafe_style_cssnuxy\metaboxes\metabox.php:22

actionadmin_initnuxy\metaboxes\metabox.php:24

actionplugins_loadednuxy\NUXY.php:15

filterwpcfto_versionsnuxy\NUXY.php:57

actionadmin_menunuxy\settings\settings.php:17

filterwpcfto_enable_regenerate_fontsnuxy\settings\settings.php:21

filterwpcfto_field_fonts_download_settingsnuxy\settings\settings.php:22

actionadmin_bar_menunuxy\settings\settings.php:25

actionwp_headnuxy\settings\settings.php:26

actionadmin_headnuxy\settings\settings.php:27

actioninitnuxy\settings\settings.php:328

actionadmin_enqueue_scriptsnuxy\taxonomy_meta\enqueue.php:14

actionadmin_initnuxy\taxonomy_meta\metaboxes.php:24

filterstm_wpcfto_boxesnuxy_settings\main.php:17

filterstm_wpcfto_fieldsnuxy_settings\main.php:18

filterwpcfto_options_page_setupnuxy_settings\main.php:19

filterwpcfto_check_is_pro_fieldnuxy_settings\main.php:20

filterwpcfto_field_bftow_webhook_activationnuxy_settings\main.php:23

filterwpcfto_field_bftow_notification_channel_idnuxy_settings\main.php:26

filterbftow_nuxy_messages_settingsnuxy_settings\main.php:29

actionadmin_initnuxy_settings\main.php:31

actionplugins_loadedpro\bot-for-telegram-on-woocommerce-pro.php:31

actionadmin_noticespro\bot-for-telegram-on-woocommerce-pro.php:38

actionadmin_menupro\includes\alerts\admin\admin.php:10

actionadmin_enqueue_scriptspro\includes\alerts\admin\admin.php:11

actionadmin_initpro\includes\alerts\db\db.php:12

filterbftow_default_keyboardpro\includes\BFTOW_PRO_Account.php:26

actionbftow_get_tg_datapro\includes\BFTOW_PRO_Account.php:27

filterbftow_default_keyboardpro\includes\BFTOW_PRO_Keyboard.php:8

actionbftow_get_tg_datapro\includes\BFTOW_PRO_Keyboard.php:9

actionbftow_location_savedpro\includes\BFTOW_PRO_Location.php:8

actionwoocommerce_order_status_changedpro\includes\BFTOW_PRO_Notifications.php:11

actionbftow_update_userpro\includes\BFTOW_PRO_Notifications.php:12

actionbftow_get_tg_datapro\includes\BFTOW_PRO_Search.php:18

filterbftow_default_keyboardpro\includes\BFTOW_PRO_Search.php:19

actionshow_user_profilepro\includes\BFTOW_PRO_User_Settings.php:10

actionedit_user_profilepro\includes\BFTOW_PRO_User_Settings.php:11

actionpersonal_options_updatepro\includes\BFTOW_PRO_User_Settings.php:13

actionedit_user_profile_updatepro\includes\BFTOW_PRO_User_Settings.php:14

actionwoocommerce_email_settings_beforepro\includes\BFTOW_PRO_Woo_Emails.php:8

actionwoocommerce_update_optionspro\includes\BFTOW_PRO_Woo_Emails.php:9

actionwoocommerce_email_sentpro\includes\BFTOW_PRO_Woo_Emails.php:10

filterbftow_get_categories_argspro\includes\hooks\BFTOW_PRO_Hooks.php:6

filterbftow_categories_keyboardpro\includes\hooks\BFTOW_PRO_Hooks.php:7

actionrest_api_initpro\includes\orders\orders.php:21

actionbftow_get_tg_datapro\includes\orders\orders.php:22

actionbftow_get_tg_datapro\includes\orders\orders.php:23

actionrest_api_initpro\rest-api.php:3

Maintenance & Trust

Bot for Telegram on WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 31, 2025

PHP min version7.0

Downloads15K

Community Trust

Rating84/100

Number of ratings12

Active installs300

Alternatives

Bot for Telegram on WooCommerce Alternatives

Site Chat on Telegram

site-chat-on-telegram

Integrate a support chat on your website with Telegram. Customers message via chat widget; admins reply in Telegram.

100 1 CVE

Đẩy Thông Báo Woocommerce tới Telegram

wc-telegram-bot

Đây là plugin giúp đẩy thông báo đơn hàng Woocommerce qua Telegram BOT. Phát triển bởi Tám Tinh Tế.

100 No CVEs

Channeller – Telegram Channel Administrator

channeller-telegram-channel-administrator

Send Text, Link, Photo, Video and Audio Files from Wordpress to Telegram Channels and Groups using bots.

40 No CVEs

ChatBot for Telegram

chatbot-for-telegram

100

Telegram ChatBot. Create a Chat Bot for Telegram with the power of the WPBot. Supports Simple text Responses, conversational forms and more

10 No CVEs

Teletter Telegram Newsletter

teletter-telegram-newsletter

Send Newsletter from Telegram Bot, user can subscribe to your site from Telegram Bot.

10 No CVEs

Developer Profile

Bot for Telegram on WooCommerce Developer Profile

Guru Team

3 plugins · 400 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect Bot for Telegram on WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bot-for-telegram-on-woocommerce/assets/css/styles.css/wp-content/plugins/bot-for-telegram-on-woocommerce/assets/js/login.js

Version Parameters

bot-for-telegram-on-woocommerce/assets/css/styles.css?ver=bot-for-telegram-on-woocommerce/assets/js/login.js?ver=

HTML / DOM Fingerprints

Data Attributes

bftow_stylebftow_login

JS Globals

bftow_localize

FAQ