CVE-2020-24142
Description
Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application. It can help identify open ports, local network hosts and execute command on services
VulnerabilityType Other
Server-side request forgery
Vendor of Product
Ninja Team
Affected Product Code Base
Wordpress Plugin - Video Downloader for TikTok - 1.3
Attack Type
Remote
Impact Denial of Service
true
Impact Information Disclosure
true
Reference
- http://ninja.com
- http://wordpress.com
- https://github.com/secwx/research/blob/main/cve/CVE-2020-24142.md
Has vendor confirmed or acknowledged the vulnerability?
true
Discoverer
Suzhou Aurora Infinity Information Technology Co., Ltd.