5 matches found
CVE-2026-24520
CVE-2026-24520 concerns the WordPress Tiktok Feed plugin with a Missing Authorization vulnerability leading to Broken Access Control. Affected: Tiktok Feed versions up to and including 1.0.24. Root cause: incorrectly configured access control, enabling exploitation of access levels. CVSS 3.1 base...
WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Tiktok Feed versions = 1.0.24...
WordPress Tiktok Feed plugin <= 1.0.23 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Tiktok Feed versions = 1.0.23...
CVE-2025-8906
CVE-2025-8906 affects the WordPress plugin Widgets for Tiktok Feed (Widgets for TikTok Feed) up to version 1.7.3, enabling Stored XSS via the trustindex-feed shortcode. Exploitation requires attacker with contributor-level access or higher to inject script that runs in pages viewed by users. Word...
CVE-2025-54710 WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability
Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through = 1.0.21...