VYPR

Video Downloader for TikTok

by WordPress

CVEs (2)

  • CVE-2020-24142CriJul 7, 2021
    risk 0.64cvss 9.8epss 0.02

    Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open…

  • CVE-2020-24143HigJul 7, 2021
    risk 0.49cvss 7.5epss 0.02

    Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter.