Access Control Issue in bPlugins Tiktok Feed for WordPress
CVE-2026-24520

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Tiktok Feed
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-24520?

The bPlugins Tiktok Feed for WordPress is affected by a missing authorization vulnerability that allows attackers to exploit improperly configured access control security levels. This issue compromises the integrity of the application, enabling unauthorized access to sensitive functionalities. Affected versions range from n/a to 1.0.24, emphasizing the need for users to update their plugins promptly to mitigate potential risks.

Affected Version(s)

Tiktok Feed <= 1.0.24

References

https://patchstack.com/database/wordpress/plugin/b-tiktok...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Jan 23, 2026

Credit

Nabil Irawan | Patchstack Bug Bounty Program

CVE-2026-24520 Data

JSON