| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5425 | Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data | trustindex | Widgets for Social Photo Feed | High | 7.2 | 2026-04-04 08:25:19 | Deep Dive |
| CVE-2025-68595 | WordPress Widgets for Social Photo Feed plugin <= 1.8 - Broken Access Control vulnerability | Trustindex | Widgets for Social Photo Feed | Medium | 5.3 | 2025-12-24 13:10:45 | Deep Dive |
| CVE-2025-13007 | WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import | adreastrian | WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets | Medium | 6.1 | 2025-12-02 06:40:24 | Deep Dive |
| CVE-2025-58241 | WordPress SnapWidget Social Photo Feed Widget Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability | snapwidget | SnapWidget Social Photo Feed Widget | Medium | 6.5 | 2025-09-22 18:23:35 | Deep Dive |
| CVE-2025-4583 | Smash Balloon Instagram Feed <= 6.9.0 (Free) & <= 6.8.0 (Pro) - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute | https://profiles.wordpress.org/smub/ | Smash Balloon Instagram Feed Pro | Medium | 5.4 | 2025-05-29 04:23:08 | Deep Dive |
| CVE-2025-31760 | WordPress SnapWidget Social Photo Feed Widget plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability | snapwidget | SnapWidget Social Photo Feed Widget | Medium | 6.5 | 2025-04-01 14:51:15 | Deep Dive |
| CVE-2025-27000 | WordPress Simple Photo Feed Plugin <= 1.4.0 - Broken Access Control vulnerability | George Pattichis | Simple Photo Feed | Medium | 5.4 | 2025-02-25 14:16:35 | Deep Dive |
| CVE-2023-47522 | WordPress Photo Feed Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS) | Photo Feed | Photo Feed | High | 7.1 | 2023-11-14 21:36:32 | Deep Dive |
| CVE-2023-25989 | Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks | Meks | Meks Video Importer | Medium | 4.3 | 2023-10-03 11:00:34 | Deep Dive |
| CVE-2020-36739 | Feed Them Social – Page, Post, Video, and Photo Galleries <= 2.8.6 - Cross-Site Request Forgery Bypass | slickremix | Feed Them Social – Social Media Feeds, Video, and Photo Galleries | Medium | 4.3 | 2023-07-01 03:30:13 | Deep Dive |
| CVE-2022-2437 | Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization | slickremix | Feed Them Social – Social Media Feeds, Video, and Photo Galleries | Critical | 9.8 | 2022-07-18 16:13:40 | Deep Dive |
| CVE-2021-24958 | Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS | Unknown | Meks Easy Photo Feed Widget | 中危 | - | 2022-03-14 14:41:03 | Deep Dive |
| CVE-2021-25047 | 10Web Social Photo Feed < 1.4.29 - Reflected Cross-Site Scripting (XSS) | Unknown | 10Web Social Photo Feed | 中危 | - | 2022-01-10 15:30:34 | Deep Dive |