VYPR
Critical severity9.8NVD Advisory· Published Jul 7, 2021· Updated Jun 17, 2026

CVE-2020-24142

CVE-2020-24142

Description

Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.