Directory Traversal Vulnerability in Video Downloader for TikTok Plugin
CVE-2020-24143

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Video Downloader For Tiktok
Vendor: CVE Published:; 7 July 2021

Summary

The Video Downloader for TikTok plugin version 1.3 for WordPress contains a directory traversal vulnerability that allows attackers to exploit the njt-tk-download-video parameter. By crafting a malicious request, an unauthorized user can access files stored outside the intended web root folder, potentially exposing sensitive data. This flaw underscores the importance of implementing proper input validation and restrictions on file access within WordPress plugins.

References

https://github.com/secwx/research/blob/main/cve/CVE-2020-...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 7, 2021
Vulnerability Reserved
Aug 13, 2020