CVE-2026-6446 | bplugins My Social Feeds Plugin up to 1.0.4 on WordPress TikTok API get_accounts refresh_token insufficiently protected credentials

A vulnerability was found in bplugins My Social Feeds Plugin up to 1.0.4 on WordPress. It has been declared as critical. Affected by this vulnerability is the function get_accounts of the component TikTok API. Such manipulation of the argument refresh_token leads to insufficiently protected credentials.

This vulnerability is referenced as CVE-2026-6446. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More