Vulnerability Type
Privacy / Authentication
Vulnerability Scope
Main Site (
Friends and Friends of Friends Tag Exploit
Description and Impact
users can tag friends (tested) and friends of friends (will be test later) in a post that friends cant remove the tag (untag) themself
Reproduction Instructions / Proof of Concept
To exploit this follow :
1 - create a new post with link preview and any text example: facebook security page
2- Tag your friend(s) from the tag box beside feeling and place button .
3- click post .
now your friend will not be able to untag themself from your post .