Missing Authorization in bPlugins Tiktok Feed Plugin by bPlugins
CVE-2025-66110

Currently unrated

Key Information:

Vendor

WordPress
Status
Tiktok Feed
Vendor
CVE Published:
21 November 2025

What is CVE-2025-66110?

A vulnerability in the bPlugins Tiktok Feed plugin allows for the exploitation of incorrectly configured access control security levels. This issue affects Tiktok Feed versions up to and including 1.0.22. Attackers may leverage this security flaw to gain unauthorized access, exposing sensitive data and compromising the integrity of the application. To mitigate risks, it is crucial for users to update to the latest version and review access control configurations to ensure proper security measures are in place.

Affected Version(s)

Tiktok Feed <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/b-ti...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66110 : Missing Authorization in bPlugins Tiktok Feed Plugin by bPlugins