WP-Safety

Feeds for TikTok (TikTok feed, video, and gallery plugin) Security & Risk Analysis

wordpress.org/plugins/feeds-for-tiktok

The best way to display TikTok videos on your WordPress website. Display clean, customizable, and responsive TikTok feeds from your TikTok account.

60K active installs v1.5.0 PHP 7.4+ WP 5.2+ Updated Feb 23, 2026
tiktoktiktok-accounttiktok-feedtiktok-videostiktok-widget
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Feeds for TikTok (TikTok feed, video, and gallery plugin) Safe to Use in 2026?

Generally Safe

Score 100/100

Feeds for TikTok (TikTok feed, video, and gallery plugin) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "feeds-for-tiktok" v1.5.0 plugin exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates excellent adherence to output escaping, with 100% of outputs properly escaped, and a high percentage of SQL queries utilizing prepared statements, indicating good coding practices. Furthermore, the absence of any recorded vulnerabilities in its history suggests a history of secure development and maintenance.

However, a significant concern lies in the presence of one AJAX handler that lacks authentication checks. This creates a potential entry point for attackers to interact with the plugin's functionality without proper authorization. While no critical or high-severity taint flows were identified, the two flows with unsanitized paths warrant attention, as they could potentially lead to unintended consequences if exploited in conjunction with other factors.

In conclusion, while the plugin benefits from robust output escaping and a clean vulnerability history, the unprotected AJAX handler represents a clear security weakness. Addressing this specific entry point should be the priority to further strengthen its overall security. The unsanitized paths, though not currently critical, should also be reviewed as a precautionary measure.

Key Concerns

  • AJAX handler without auth checks
  • Taint flows with unsanitized paths
Vulnerabilities
None known

Feeds for TikTok (TikTok feed, video, and gallery plugin) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Feeds for TikTok (TikTok feed, video, and gallery plugin) Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
29 prepared
Unescaped Output
0
197 escaped
Nonce Checks
22
Capability Checks
17
File Operations
5
External Requests
6
Bundled Libraries
0

SQL Query Safety

85% prepared34 total queries

Output Escaping

100% escaped197 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
import_feed_settings (inc\Common\Services\AjaxHandlerService.php:255)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Feeds for TikTok (TikTok feed, video, and gallery plugin) Attack Surface

Entry Points18
Unprotected1

AJAX Handlers 17

authwp_ajax_sbtt_builder_updateinc\Common\Services\AjaxHandlerService.php:31
authwp_ajax_sbtt_duplicate_feedinc\Common\Services\AjaxHandlerService.php:32
authwp_ajax_sbtt_delete_feedsinc\Common\Services\AjaxHandlerService.php:33
authwp_ajax_sbtt_feed_customizer_fly_previewinc\Common\Services\AjaxHandlerService.php:34
authwp_ajax_sbtt_delete_sourceinc\Common\Services\AjaxHandlerService.php:36
authwp_ajax_sbtt_import_feed_settingsinc\Common\Services\AjaxHandlerService.php:37
authwp_ajax_sbtt_clear_all_cachesinc\Common\Services\AjaxHandlerService.php:38
authwp_ajax_sbtt_reset_posts_imagesinc\Common\Services\AjaxHandlerService.php:39
authwp_ajax_sbtt_process_oauth_tokensinc\Common\Services\AjaxHandlerService.php:40
authwp_ajax_sbtt_review_notice_consent_updateinc\Common\Services\NewUserService.php:41
authwp_ajax_sbtt_dashboard_notification_dismissinc\Common\Services\NotificationService.php:31
authwp_ajax_sbtt_install_plugininc\Common\Services\PluginInstallerService.php:33
authwp_ajax_sbtt_activate_plugininc\Common\Services\PluginInstallerService.php:34
authwp_ajax_sbtt_deactivate_plugininc\Common\Services\PluginInstallerService.php:35
noprivwp_ajax_sbtt_run_one_click_upgradeinc\Common\Services\PluginUpgraderService.php:60
authwp_ajax_sbtt_maybe_upgrade_redirectinc\Common\Services\PluginUpgraderService.php:61
authwp_ajax_sbtt_update_global_settingsinc\Common\Services\SettingsManagerService.php:31

Shortcodes 1

[sbtt-tiktok] inc\Common\Services\ShortcodeService.php:19
WordPress Hooks 26
actioninitinc\Common\Admin\Blocks.php:17
actionadmin_menuinc\Common\Admin\MenuService.php:17
actionin_admin_headerinc\Common\Admin\MenuService.php:18
filtersb_analytics_filter_profile_detailsinc\Common\Integrations\FeedAnalytics.php:24
filtersb_analytics_filter_feed_listinc\Common\Integrations\FeedAnalytics.php:25
actioninitinc\Common\Services\ActionHooksService.php:15
actionadmin_enqueue_scriptsinc\Common\Services\ActionHooksService.php:16
actionadmin_enqueue_scriptsinc\Common\Services\ActionHooksService.php:17
actionsbtt_enqueue_scriptsinc\Common\Services\ActionHooksService.php:19
actionwp_enqueue_scriptsinc\Common\Services\ActionHooksService.php:20
actionwp_enqueue_scriptsinc\Common\Services\ActionHooksService.php:21
actionwpcode_loadedinc\Common\Services\ActionHooksService.php:23
actionactivated_plugininc\Common\Services\ActivationService.php:20
actionwp_loadedinc\Common\Services\DBManagerService.php:25
actionadmin_noticesinc\Common\Services\NewUserService.php:39
actionadmin_initinc\Common\Services\NewUserService.php:40
actionadmin_enqueue_scriptsinc\Common\Services\NotificationService.php:28
actionsbtt_admin_notices_filterinc\Common\Services\NotificationService.php:29
actionsbtt_notification_updateinc\Common\Services\NotificationService.php:30
actionsbtt_feed_update_routineinc\Common\Services\Upgrade\Routines\FeedUpdateRoutine.php:49
actioninitinc\Common\Services\Upgrade\Routines\FeedUpdateRoutine.php:50
actionsbtt_refresh_token_routineinc\Common\Services\Upgrade\Routines\RefreshTokenRoutine.php:26
actioninitinc\Common\Services\UsageTrackingService.php:27
filtercron_schedulesinc\Common\Services\UsageTrackingService.php:28
filtersb_usage_tracking_datainc\Common\Services\UsageTrackingService.php:29
actionsbtt_usage_tracking_croninc\Common\Services\UsageTrackingService.php:30

Scheduled Events 3

sbtt_feed_update_routine
sbtt_refresh_token_routine
sbtt_usage_tracking_cron
Maintenance & Trust

Feeds for TikTok (TikTok feed, video, and gallery plugin) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version7.4
Downloads313K

Community Trust

Rating86/100
Number of ratings6
Active installs60K
Alternatives

Feeds for TikTok (TikTok feed, video, and gallery plugin) Alternatives

QuadLayers TikTok Feed

QuadLayers TikTok Feed

wp-tiktok-feed

B
78

Display beautiful and responsive galleries on your website from your TikTok feed account.

8K 1 unpatched
Feed for TikTok

Feed for TikTok

feed-for-tiktok

A
85

Displays the feed of any user on TikTok plus account information. Available for Elementor and shortcode.

200 No CVEs
Easy TikTok Feed – TikTok Video, Feed & Gallery Plugin

Easy TikTok Feed – TikTok Video, Feed & Gallery Plugin

easy-tiktok-feed

A
100

Embed TikTok feeds in WordPress — responsive, SEO-ready, and monetization-friendly. No coding or tokens needed.

90 No CVEs
Custom Feed for TikTok – Social Post Feed Plugin for TikTok

Custom Feed for TikTok – Social Post Feed Plugin for TikTok

custom-feed-for-tiktok

A
100

Explore the power of Custom Feed for TikTok, the top-notch plugin for displaying your videos with user-friendly and up-to-date features

1K No CVEs
Social Media Feed for WordPress

Social Media Feed for WordPress

powr-social-feed

A
100

Keep your website content up to date and increase SEO by displaying all of your social media accounts, #hashtags in one place with customized design.

400 No CVEs
Developer Profile

Feeds for TikTok (TikTok feed, video, and gallery plugin) Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect Feeds for TikTok (TikTok feed, video, and gallery plugin)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/feeds-for-tiktok/assets/css/sbtt-oauth.css/wp-content/plugins/feeds-for-tiktok/assets/js/oauth-fragment-handler.js
Script Paths
/wp-content/plugins/feeds-for-tiktok/assets/js/oauth-fragment-handler.js
Version Parameters
/wp-content/plugins/feeds-for-tiktok/assets/css/sbtt-oauth.css?ver=/wp-content/plugins/feeds-for-tiktok/assets/js/oauth-fragment-handler.js?ver=

HTML / DOM Fingerprints

CSS Classes
sbtt-admin-wrapper
Data Attributes
data-nonce="sbtt-admin"data-ajaxurl="admin-ajax.php"
JS Globals
sbtt_oauthsbtt_feed_options
FAQ

Frequently Asked Questions about Feeds for TikTok (TikTok feed, video, and gallery plugin)