8 matches found
Get paid to scroll TikTok? The data trade behind Freecash ads
Loyal readers and other privacy-conscious people will be familiar with the expression, “If it’s too good to be true, it’s probably false.” Getting paid handsomely to scroll social media definitely falls into that category. It sounds like an easy side hustle, which usually means there’s a catch. I...
TikTok: IDOR on ads.tiktok.com Allows Unauthorized Product Addition
An Insecure Direct Object Reference IDOR vulnerability was discovered on the TikTok Ads API that allowed the addition of arbitrary products to a user's catalog without proper authorization...
TikTok: Stored-XSS-ads.tiktok.com
A stored cross-site scripting XSS vulnerability was found on a TikTok Ads endpoint, allowing MP4 video files or files with HTML or JS code to be executed in a user's browser...
WordPress Add Tiktok Pixel for Tiktok ads (+Woocommerce) Plugin < 1.2.7 is vulnerable to Cross Site Scripting (XSS)
Software Add Tiktok Pixel for Tiktok ads +Woocommerce Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 92194b39a569 Credits Rafie...
TikTok: XSS at TikTok Ads Endpoint
Vulnerability description not provided...
TikTok: Internal Employee informations Disclosure via TikTok Athena api
A vulnerability was found where internal employee email address could be disclosed on a TikTok Ads endpoint API by adding an "employeeemail" value to the "metrics" field/array in the request body. We thank @heinthant for reporting this to our team...
WordPress Add Tiktok Pixel for Tiktok ads (+Woocommerce) plugin <= 1.2.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Add Tiktok Pixel for Tiktok ads +Woocommerce plugin versions = 1.2.1. Solution Update the WordPress Add Tiktok Pixel for Tiktok ads +Woocommerce plugin to the latest available version at least 1.2.2...
TikTok: Cross-Tenant IDOR ( graphql `AddRulesToPixelEvents` query ) allowing to add, update, and delete rules of any Pixel events on the platform
Due to an Insecure Direct Object Reference IDOR vulnerability, an attacker could have potentially added, deleted, or updated rules for other users' pixel events in the TikTok ads portal. We thank @bubbounty for reporting this to our team and confirming the resolution. This report is one of my...