Product
The TelSender plugin for WordPress, versions up to and including 1.14.14, is vulnerable to DOM-Based Cross-Site Scripting (CWE-79), allowing unauthenticated attackers to inject malicious scripts via Telegram chat titles which execute within an administrator's browser upon interacting with the plugin's settings.