What's this all about?
https://www.instagram.com/tv/CcPDkcBlt81/?igshid=YmMyMTA2M2Y=
He's running a free tool (
https://www.arachni-scanner.com/ ) and saving the results to his phone or whatever device he is using.
The high bug that scanner found is unauthenticated (not logged in) cross site request forgery (csrf) on endpoints that don't perform sensitive actions. In other words, it ain't shit.
Slap is run on an open source code. If you really want to hack it, download the code, spin up a test environment on your own server, and go ham.
However, if you find a real security bug, you'd provide more of a service to humanity by sharing it with the Simple Machines Community who built and maintains this project for users all over the world for free:
https://www.simplemachines.org/community/index.php?board=137.0 If you're trying to go the criminal route of being a hacker, don't post about it on Instagram. Also, there are much juicier targets than Slap. Go get some bug bounty money homie.