WordPress · Telegram Bot & Channel Plugin · CVE-2025-13068
**Name of the Vulnerable Software and Affected Versions**
Telegram Bot & Channel plugin for WordPress versions prior to 4.2
**Description**
The Telegram Bot & Channel plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Telegram username. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page.
**Recommendations**
Update the Telegram Bot & Channel plugin to version 4.2 or later.