I have suspended access to the pmt.mcpe.me/insta tool due to concerns of CSRF vulnerabilities. Due to the nature of the pmt project, I have avoided suspending access to other parts of the website. I will update when I have more information to share.
If you have used the insta tool in the past, you should revoke GitHub API access immediately. To revoke the authorization, you can go to https://github.com/settings/applications, and look through every application to find one called “insta” (and ones that you don’t know what they are if you have authorized other instances of pmt.mcpe.me), and click the Revoke button.
Due to the stagnant nature of the project, it is unlikely that a fix will be forthcoming.
I have taken action on behalf of the mcpe.me service. The insta service is operated by a third party that is independent of PMMP and mcpe.me. Attempt has been made to establish contact.
This issue was disclosed publicly by @SOFe on December 10th (https://forums.pmmp.io/threads/security-pmt-mcpe-me-insta-security-vulnerability.319/).