WP-Safety

TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot Security & Risk Analysis

wordpress.org/plugins/telsender

TelSender - a plugin that works with contact form 7 and the woocommerce store in wordpress. It sends applications from forms to a chat telegram.

5K active installs v1.14.15 PHP 7.4+ WP 5.8+ Updated Jan 29, 2026
%d1%81ontact-form-7-to-telegramninja-formstelegramtelegram-ninja-formswoocommerce-to-telegram
96
A · Safe
CVEs total2
Unpatched0
Last CVEJan 27, 2026
Download
Safety Verdict

Is TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot Safe to Use in 2026?

Generally Safe

Score 96/100

TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 27, 2026Updated 2mo ago
Risk Assessment

The 'telsender' plugin, version 1.14.15, exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output. The limited attack surface with only two entry points, both appearing to be protected by authorization checks, is also a strength. However, the presence of the `unserialize` function is a significant concern, as it can lead to remote code execution if used with untrusted input. Although the taint analysis did not reveal critical or high severity flows in this specific scan, the potential for exploiting `unserialize` remains high, especially if inputs are not strictly validated before being passed to it. The vulnerability history shows a concerning pattern of past issues, including a high-severity vulnerability related to missing authorization and cross-site scripting. The presence of a "high" severity vulnerability in the past, coupled with the potential risk of `unserialize`, suggests a history of security oversights that could resurface if not meticulously addressed. While the plugin currently has no unpatched CVEs, its past record warrants vigilance.

Key Concerns

  • Dangerous function unserialize present
  • High severity vulnerability in history (Missing Auth)
  • Medium severity vulnerability in history (XSS)
  • Taint flow with unsanitized paths
Vulnerabilities
2

TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

WF-cb02878a-2c85-4dcb-bdc0-e65addf9fb9c-telsenderhigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

TelSender <= 1.14.14 - Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title

Jan 27, 2026 Patched in 1.14.15 (7d)
CVE-2023-41683medium · 5.3Missing Authorization

TelSender <= 1.14.11 - Missing Authorization

Sep 4, 2023 Patched in 1.14.12 (151d)
Code Analysis
Analyzed Mar 16, 2026

TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
7
24 escaped
Nonce Checks
1
Capability Checks
0
File Operations
6
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$option = unserialize(get_option(TSCFWC_SETTING));clasess\TscfwcSetting.php:49

SQL Query Safety

100% prepared2 total queries

Output Escaping

77% escaped31 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<TelsenderEvent> (clasess\TelsenderEvent.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_tscfwc_form_reqestclasess\TelsenderCore.php:55

Shortcodes 1

[TS_PAGE] clasess\TelsenderEvent.php:208
WordPress Hooks 14
actionadmin_menuclasess\TelsenderCore.php:53
actionadmin_enqueue_scriptsclasess\TelsenderCore.php:54
actionwpforms_process_completeclasess\TelsenderCore.php:65
actionwoocommerce_after_order_object_saveclasess\TelsenderCore.php:68
actionshutdownclasess\TelsenderCore.php:69
actionwpcf7_mail_sentclasess\TelsenderCore.php:73
filterninja_forms_register_actionsclasess\TelsenderCore.php:76
actionadmin_menuclasess\TelsenderEvent.php:183
actioninitclasess\TelsenderEvent.php:184
actionwp_login_failedclasess\TelsenderEvent.php:189
actionwp_loginclasess\TelsenderEvent.php:193
actionwoocommerce_add_to_cartclasess\TelsenderEvent.php:198
actionwp_headclasess\TelsenderEvent.php:205
filtertscf_filter_codetemplateclasess\TelsenderWc.php:35
Maintenance & Trust

TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 29, 2026
PHP min version7.4
Downloads37K

Community Trust

Rating100/100
Number of ratings13
Active installs5K
Alternatives

TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot Alternatives

Đẩy Thông Báo Woocommerce tới Telegram

Đẩy Thông Báo Woocommerce tới Telegram

wc-telegram-bot

A
85

Đây là plugin giúp đẩy thông báo đơn hàng Woocommerce qua Telegram BOT. Phát triển bởi Tám Tinh Tế.

100 No CVEs
Joinchat

Joinchat

creame-whatsapp-me

A
100

WhatsApp, Messenger, Telegram, Phone call… capture users through their favorite Apps and turn into clients

700K No CVEs
WP Telegram (Auto Post and Notifications)

WP Telegram (Auto Post and Notifications)

wptelegram

A
100

Integrate your WordPress site perfectly with Telegram with full control.

30K No CVEs
Message Bridge for Contact Form 7 and Telegram

Message Bridge for Contact Form 7 and Telegram

cf7-telegram

A
99

Deliver Contact Form 7 submissions to Telegram instantly via a bot.

10K 1 CVE
WP Contact Slider – Contact Form Slider Widget

WP Contact Slider – Contact Form Slider Widget

wp-contact-slider

A
99

Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.

10K 2 CVEs
Developer Profile

TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot Developer Profile

pechenki

2 plugins · 5K total installs

82
trust score
Avg Security Score
91/100
Avg Patch Time
79 days
View full developer profile
Detection Fingerprints

How We Detect TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/telsender/assets/icon-plugin.png/wp-content/plugins/telsender/css/multiselect.css/wp-content/plugins/telsender/js/multiselect.js/wp-content/plugins/telsender/js/ajax.js/wp-content/plugins/telsender/css/telsender.css
Script Paths
/wp-content/plugins/telsender/js/multiselect.js/wp-content/plugins/telsender/js/ajax.js
Version Parameters
telsender/css/multiselect.css?ver=telsender/js/ajax.js?ver=telsender/css/telsender.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-telsender
JS Globals
tscfwc_params
FAQ

Frequently Asked Questions about TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot