Tiktok Feed
Monthly
Broken access control in the bPlugins Tiktok Feed WordPress plugin (versions through 1.0.24) permits authenticated low-privileged users to perform actions that should be restricted to higher-privileged roles due to missing server-side authorization checks (CWE-862). Exploitation allows limited integrity impact - an attacker with a basic WordPress account could manipulate plugin-controlled data or settings without proper permission. No public exploit code exists and no active exploitation is confirmed at time of analysis; SSVC and EPSS signals both indicate low urgency.
Broken access control in the bPlugins Tiktok Feed WordPress plugin (versions through 1.0.24) permits authenticated low-privileged users to perform actions that should be restricted to higher-privileged roles due to missing server-side authorization checks (CWE-862). Exploitation allows limited integrity impact - an attacker with a basic WordPress account could manipulate plugin-controlled data or settings without proper permission. No public exploit code exists and no active exploitation is confirmed at time of analysis; SSVC and EPSS signals both indicate low urgency.