CVE-2026-6446 | bplugins My Social Feeds Plugin up to 1.0.4 on WordPress TikTok API get_accounts refresh_token insufficiently protected credentials

Inserito da Angelo Barbosa | Mag 2, 2026 | CVE

A vulnerability was found in bplugins My Social Feeds Plugin up to 1.0.4 on WordPress. It has been declared as critical. Affected by this vulnerability is the function get_accounts of the component TikTok API. Such manipulation of the argument refresh_token leads to insufficiently protected credentials.

This vulnerability is referenced as CVE-2026-6446. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.

CVE-2026-6446 | bplugins My Social Feeds Plugin up to 1.0.4 on WordPress TikTok API get_accounts refresh_token insufficiently protected credentials

Post correlati

CVE-2025-8867 | Graphina Plugin up to 3.1.3 on WordPress Chart Widget cross site scripting

CVE-2026-41279 | FlowiseAI Flowise up to 3.0.x generate authorization (GHSA-5fw2-mwhh-9947)

CVE-2024-47820 | MarkUsProject Markus up to 2.4.7 path traversal (GHSA-wq6v-vx8c-8fj8)

CVE-2026-22543 | EFACEC QC60/QC90/QC120 8 HTTP Header weak password encoding