MEDIUM
bPlugins
CVE published 2026-05-26
CVE-2026-24520
CVE-2026-24520 is a Missing Authorization vulnerability in the bPlugins Tiktok Feed WordPress plugin, affecting versions up to and including 1.0.24. The vulnerability allows exploitation of incorrectly configured access control security levels, enabling authenticated attackers with low privileges to perform unauthorized actions. The issue was published in the NVD on May 26, 2026, with a CVSS 3.1 score of [truncated]