CVE-2026-35179
CVE-2026-35179 affects WWBN AVideo prior to 29.0 via the SocialMediaPublisher plugin. The endpoint publishInstagram.json.php is exposed as an unauthenticated proxy to the Facebook/Instagram Graph API and accepts user-controlled parameters (accessToken, containerId, instagramAccountId). It passes ...