5 matches found
CVE-2026-35179
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Facebook/Instagram Graph API. The endpoint accepts user-controlled parameters including an access...
GHSA-X9W5-XCCW-5H9W AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php
Summary The SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Facebook/Instagram Graph API. The endpoint accepts user-controlled parameters including an access token, container ID, and Instagram account ID, and passes them direct...
CVE-2024-1214
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the savegroupslist function. This makes it possible for...
Facebook Instagram input validation error vulnerability
Instagram Photo Wall is a social app that runs on mobile and shares the pictures you snap with each other in a fast, wonderful and fun way.Facebook Instagram has an input validation error vulnerability that stems from the failure to properly present URI messages to users, which can be exploited b...
Facebook Instagram for Android Input Verification Error Vulnerability
Facebook Instagram for Android is an Android-based social networking application that provides online photo and video sharing. An input validation error vulnerability exists in versions prior to Facebook Instagram for Android 128.0.0.26.128. The vulnerability stems from a network system or produc...