CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

760 matches found

WordPress UserPro 4.9.32 - Cross-Site Scripting

WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API v2 it relies on allows it via the example/success.php errordescription parameter. id: CVE-2019-14470 info: name: WordPress UserPro 4.9.32 - Cross-Site Scripting author: daffainfo severity: mediu...

6.1CVSS6.1AI score0.23521EPSS

Exploits6References5

HackRead•added yesterday•2 views

Scammers Use TikTok and Instagram Reels to Spread Vidar Infostealer

ReversingLabs reveals how hackers exploit social media engagement metrics to deliver Vidar infostealer malware to thousands of unsuspecting users...

5.5AI score

Exploits0

Malwarebytes•added yesterday•3 views

Free Spotify Premium hacks on social media are spreading infostealers

Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware. We've already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they're being lured with slick...

5.7AI score

Exploits0

Malwarebytes•added 2 days ago•5 views

Scammers love Meta, according to Lloyds Bank

Scammers go phishing wherever the victims are. In the UK, that means Facebook, Instagram, and WhatsApp, according to Lloyds Bank. It just revealed that Meta platforms account for over two thirds of fraud reports made by its customers. Writing in The Sunday Times, Lloyds Bank's fraud prevention...

5.5AI score

Exploits0

HackRead•added 3 days ago•8 views

Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse

Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk...

5.5AI score

Exploits0

HackRead•added 3 days ago•8 views

Instagram Glitch Reportedly Exposed Contact Info of Zuckerberg and Other Users

Instagram glitch exposed Mark Zuckerberg’s email addresses and phone number, plus contact details of other top users, through a password reset flaw...

5.5AI score

Exploits0

RedhatCVE•added 6 days ago•5 views

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

4.3CVSS5.6AI score0.00011EPSS

Exploits0References1

RedhatCVE•added 6 days ago•4 views

CVE-2026-5159

The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.7AI score0.00055EPSS

Exploits0References1

RedhatCVE•added 6 days ago•6 views

CVE-2026-5162

6.4CVSS5.7AI score0.00014EPSS

Exploits0References1

RedhatCVE•added 6 days ago•5 views

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.5AI score0.00028EPSS

Exploits0References1

RedhatCVE•added 6 days ago•6 views

CVE-2026-4085

The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapperclass' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user...

6.4CVSS5.7AI score0.00014EPSS

Exploits0References1

NVD•added last week•4 views

CVE-2026-10874

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

6.5CVSS0.00031EPSS

Exploits0References5

Cvelist•added last week•25 views

CVE-2026-10874 projectworlds Online Art Gallery Shop Project adminHome.php sql injection

6.5CVSS0.00031EPSS

Exploits0References5

Schneier on Security•added last week•9 views

Hacking Meta’s AI Chatbot

Hackers are convincing Meta's AI support chatbot to let them take over other peoples' accounts: A video posted on X showed the step-by-step process to hack someone's Instagram account. The hacker allegedly used a VPN to spoof the targets' presumed location to avoid triggering Instagram's automate...

5.8AI score

Exploits0

Malwarebytes•added 2026/06/04 9:9 a.m.•9 views

Meta’s AI support bot happily handed Instagram accounts to hackers

Customer service chatbots have one job: get the user what they're asking for without bothering a human. Meta's new AI support assistant took that brief a little too seriously. Over the past few months, attackers have been opening support chats, telling the bot they were locked out of Instagram...

5.7AI score

Exploits0

HackRead•added 2026/06/02 2:58 p.m.•21 views

Hackers Abused Meta’s AI Support Bot to Hijack Major Instagram Accounts

Hackers abused Meta’s AI support bot to hijack major Instagram accounts, bypassing security checks as videos showed the flaw before Meta fixed the issue...

5.8AI score

Exploits0