WP-Safety

QuadLayers TikTok Feed Security & Risk Analysis

wordpress.org/plugins/wp-tiktok-feed

Display beautiful and responsive galleries on your website from your TikTok feed account.

8K active installs v4.6.5 PHP 5.6+ WP 4.7+ Updated Jan 15, 2026
tiktoktiktok-feedtiktok-gallerytiktok-videotiktok-widget
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is QuadLayers TikTok Feed Safe to Use in 2026?

Mostly Safe

Score 78/100

QuadLayers TikTok Feed is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Dec 31, 2025Updated 2mo ago
Risk Assessment

The wp-tiktok-feed plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a lack of identified dangerous functions, no exploitable file operations, and a very low percentage of unescaped output. The absence of external HTTP requests and the presence of nonce and capability checks are also encouraging signs of good development practices.

However, significant concerns arise from the vulnerability history and the SQL query handling. The presence of one unpatched medium severity CVE, specifically related to Missing Authorization, is a critical red flag. This, combined with the fact that 100% of its SQL queries are not using prepared statements, strongly suggests a potential for SQL injection vulnerabilities. While the attack surface appears minimal in terms of entry points, the lack of proper SQL sanitization on existing queries and the past authorization issue indicate areas of weakness.

In conclusion, while the plugin demonstrates some strengths in output escaping and avoiding common dangerous functions, the unpatched vulnerability and the insecure handling of SQL queries present a substantial risk. The past authorization issue, in particular, highlights a recurring problem that needs immediate attention. Users should exercise caution until the unpatched CVE is addressed and the SQL query practices are improved.

Key Concerns

  • Unpatched CVE (medium severity)
  • 100% of SQL queries un-prepared
Vulnerabilities
1

QuadLayers TikTok Feed Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-63016medium · 5.3Missing Authorization

QuadLayers TikTok Feed <= 4.6.4 - Missing Authorization

Dec 31, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

QuadLayers TikTok Feed Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
3
76 escaped
Nonce Checks
2
Capability Checks
5
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

96% escaped79 total outputs
Attack Surface

QuadLayers TikTok Feed Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 24
filteroption_tiktok_feed_feedscompatibility\old.php:11
actioninitcompatibility\old.php:42
actionwp_default_scriptsjetpack_vendor\automattic\jetpack-assets\actions.php:11
actionplugins_loadedjetpack_vendor\automattic\jetpack-assets\actions.php:12
filterwp_resource_hintsjetpack_vendor\automattic\jetpack-assets\src\class-assets.php:182
actionwp_loadedjetpack_vendor\automattic\jetpack-assets\src\class-script-data.php:38
actionenqueue_block_editor_assetsjetpack_vendor\automattic\jetpack-assets\src\class-script-data.php:52
actionshutdownjetpack_vendor\automattic\jetpack-status\src\class-errors.php:38
actionwp_network_dashboard_setupjetpack_vendor\quadlayers\wp-dashboard-widget-news\src\Load.php:36
actionwp_dashboard_setupjetpack_vendor\quadlayers\wp-dashboard-widget-news\src\Load.php:37
actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-promote\src\Load.php:95
actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-promote\src\Load.php:104
actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-required\src\Load.php:40
filterinstall_plugins_tabsjetpack_vendor\quadlayers\wp-plugin-install-tab\src\Load.php:33
actioninstall_plugins_quadlayersjetpack_vendor\quadlayers\wp-plugin-install-tab\src\Load.php:34
actionplugins_loadedjetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:47
actionadmin_menujetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:50
actionadmin_initjetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:55
filternetwork_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:56
filterself_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Table.php:52
filternetwork_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Table.php:53
filterplugin_row_metajetpack_vendor\quadlayers\wp-plugin-table-links\src\Load.php:36
actioninitvendor_packages\wp-notice-plugin-promote.php:5
actioninitvendor_packages\wp-plugin-table-links.php:4
Maintenance & Trust

QuadLayers TikTok Feed Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 15, 2026
PHP min version5.6
Downloads566K

Community Trust

Rating78/100
Number of ratings61
Active installs8K
Alternatives

QuadLayers TikTok Feed Alternatives

Feed for TikTok

Feed for TikTok

feed-for-tiktok

A
85

Displays the feed of any user on TikTok plus account information. Available for Elementor and shortcode.

200 No CVEs
Feeds for TikTok (TikTok feed, video, and gallery plugin)

Feeds for TikTok (TikTok feed, video, and gallery plugin)

feeds-for-tiktok

A
100

The best way to display TikTok videos on your WordPress website. Display clean, customizable, and responsive TikTok feeds from your TikTok account.

60K No CVEs
Custom Feed for TikTok – Social Post Feed Plugin for TikTok

Custom Feed for TikTok – Social Post Feed Plugin for TikTok

custom-feed-for-tiktok

A
100

Explore the power of Custom Feed for TikTok, the top-notch plugin for displaying your videos with user-friendly and up-to-date features

1K No CVEs
Easy TikTok Feed – TikTok Video, Feed & Gallery Plugin

Easy TikTok Feed – TikTok Video, Feed & Gallery Plugin

easy-tiktok-feed

A
100

Embed TikTok feeds in WordPress — responsive, SEO-ready, and monetization-friendly. No coding or tokens needed.

90 No CVEs
Gallery Feed for TikTok – Show TikTok Videos in Grid, Masonry, or Slideshow

Gallery Feed for TikTok – Show TikTok Videos in Grid, Masonry, or Slideshow

ws-tiktok-feed

A
100

Embed TikTok videos and feeds in WordPress. Show likes, views, comments, shares & user info with Grid, Blog, Masonry, or Slideshow layouts.

30 No CVEs
Developer Profile

QuadLayers TikTok Feed Developer Profile

quadlayers

17 plugins · 654K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
501 days
View full developer profile
Detection Fingerprints

How We Detect QuadLayers TikTok Feed

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-tiktok-feed/assets/css/frontend.css/wp-content/plugins/wp-tiktok-feed/assets/css/frontend.min.css/wp-content/plugins/wp-tiktok-feed/assets/js/frontend.js/wp-content/plugins/wp-tiktok-feed/assets/js/frontend.min.js
Script Paths
https://apps.elfsight.com/p/platform.js
Version Parameters
wp-tiktok-feed/assets/css/frontend.css?ver=wp-tiktok-feed/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
qlttf-frontend-wrapper
HTML Comments
<!-- wp-tiktok-feed -->
Data Attributes
data-qlttf-iddata-qlttf-feed-id
JS Globals
qlttf_frontend_params
REST Endpoints
/wp-json/qlttf/v1/feed
Shortcode Output
[tiktok_feed
FAQ

Frequently Asked Questions about QuadLayers TikTok Feed