CVE-2025-63016 WordPress QuadLayers TikTok Feed plugin <= 4.6.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through = 4.6.5...

WordPress plugin QuadLayers TikTok Feed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-8906 Widgets for Tiktok Feed <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-46642

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin = 1.2.2 versions...

WordPress Embed Tik Tok Video Feed (Tiktok feed) for WordPress Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Embed Tik Tok Video Feed Tiktok feed for WordPress Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1c927ede470a Credits...

WordPress Embed Tik Tok Video Feed (Tiktok feed) for WordPress plugin <= 1.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Embed Tik Tok Video Feed Tiktok feed for WordPress plugin versions = 1.0.3. Solution No patched version available...

WordPress Embed Tik Tok Video Feed (Tiktok feed) for WordPress plugin <= 1.0.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Embed Tik Tok Video Feed Tiktok feed for WordPress plugin versions = 1.0.3. Solution No patched version available...

CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

A week in security (June 22 – 28)

Last week on Malwarebytes Labs, we provided a zero-day guide for 2020 featuring recent attacks and advanced preventive techniques, and we learned how to cough in the face of scammers, offering security tips for the 2020 tax season. We also looked at a web skimmer hiding within EXIF metadata that...

A week in security (December 30 – January 5)

Last week on Malwarebytes Labs, we took a dive into edge computing, looked at new web skimmer techniques, and rolled our eyes at silly people doing silly things. Other cybersecurity news: Stills and chills: A Reddit user notices their security camera is grabbing stills from other people’s devices...