Description
WordPress Plugin Video Downloader for TikTok is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Video Downloader for TikTok version 1.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4 or latest
References
https://github.com/secwx/research/blob/main/cve/CVE-2020-24143.md
https://plugins.svn.wordpress.org/downloader-tiktok/trunk/readme.txt
Related Vulnerabilities
Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-29450)
WebLogic CVE-2021-2211 Vulnerability (CVE-2021-2211)
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-9707)
WordPress Plugin WP Photo Album Plus Cross-Site Request Forgery (4.8.11)
Drupal Core 8.x.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.8.12)