Ninjateam: >> Video Downloader For Tiktok Security Vulnerabilities
Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services
CVSS Score
9.8
EPSS Score
0.007
Published
2021-07-07
Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2021-07-07