Skip to main content

Tiktok Feed

1 CVEs product

Monthly

CVE-2026-24520 MEDIUM This Month

Broken access control in the bPlugins Tiktok Feed WordPress plugin (versions through 1.0.24) permits authenticated low-privileged users to perform actions that should be restricted to higher-privileged roles due to missing server-side authorization checks (CWE-862). Exploitation allows limited integrity impact - an attacker with a basic WordPress account could manipulate plugin-controlled data or settings without proper permission. No public exploit code exists and no active exploitation is confirmed at time of analysis; SSVC and EPSS signals both indicate low urgency.

Authentication Bypass Tiktok Feed
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM This Month

Broken access control in the bPlugins Tiktok Feed WordPress plugin (versions through 1.0.24) permits authenticated low-privileged users to perform actions that should be restricted to higher-privileged roles due to missing server-side authorization checks (CWE-862). Exploitation allows limited integrity impact - an attacker with a basic WordPress account could manipulate plugin-controlled data or settings without proper permission. No public exploit code exists and no active exploitation is confirmed at time of analysis; SSVC and EPSS signals both indicate low urgency.

Authentication Bypass Tiktok Feed
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy