CVE-2019-14470

NONE EPSS 99.6%
Published Sep 4, 20196y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 4, 2019 6y ago
Last Modified Jun 17, 2026 2w ago

Description

cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.

Threat Intelligence

EPSS Exploit Probability
99.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 2

VendorProductVersionRange
instagram-php-api_projectinstagram-php-api*any
userpropluginuser_pro* ≤4.9.32

References 4

  • packetstormsecurity.com http://packetstormsecurity.com/files/154206/WordPress-UserPro-4.9.32-Cross-Site-Scripting.html
    ExploitThird Party AdvisoryVDB Entry
  • github.com https://github.com/cosenary/Instagram-PHP-API/commits/master
    Third Party Advisory
  • wpvulndb.com https://wpvulndb.com/vulnerabilities/9815
    Third Party Advisory
  • exploit-db.com https://www.exploit-db.com/exploits/47304
    ExploitThird Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.