CVE-2025-63016
WordPress QuadLayers TikTok Feed plugin <= 4.6.4 - Broken Access Control vulnerabilityMissing Authorization vulnerability in Quadlayers QuadLayers TikTok Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through 4.6.4.
We have discovered 690 live websites that are affected by CVE-2025-63016.
Affected Software
| Product |  Wp Tiktok Feed |
| Category | Wordpress Plugins |
| Vulnerable Domains | 690 live websites (100% of Wp Tiktok Feed install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 42 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Dec 31, 2025
- Updated - Jan 20, 2026
Credits
- Legion Hunter | Patchstack Bug Bounty program (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-63016 United States | 202 websites |
 Germany | 49 websites |
 Japan | 45 websites |
 GB | 40 websites |
 Spain | 37 websites |
 Cyprus | 30 websites |
 Italy | 25 websites |
 France | 24 websites |
 Brazil | 17 websites |
 Netherlands | 16 websites |
Website Distribution by TLD
Number of websites using CVE-2025-63016| .com | 353 websites |
| .org | 22 websites |
| .co.uk | 22 websites |
| .es | 17 websites |
| .it | 16 websites |
| .nl | 16 websites |
| .net | 16 websites |
| .jp | 13 websites |
| .com.br | 12 websites |
| .de | 10 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-63016
Top websites that are affected by CVE-2025-63016. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | *,*** | |
| ***.***.br | Brazil | **,*** | |
| *****.it | Italy | ***,*** | |
| *******.com | United States | ***,*** | |
| *************.org | United States | ***,*** | |
| ***********.com | United States | ***,*** | |
| *********.org | France | ***,*** | |
| *********.org | United States | ***,*** | |
| *********.pl |  Poland | ***,*** | |
| ********.ee |  Estonia | ***,*** |
FAQ
CVE-2025-63016 is Missing Authorization in Wp Tiktok Feed
A total of 690 websites have been identified as vulnerable to CVE-2025-63016, based on global website indexing conducted by WebTechSurvey.
The Wp Tiktok Feed is affected by the CVE-2025-63016 vulnerability.
Wp Tiktok Feed versions up to and including 4.6.4 are vulnerable to CVE-2025-63016.