cbcvebase.
CVE-2025-14726
published 2026-05-02

CVE-2025-14726: The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check…

PriorityP348medium6.5CVSS 3.1
AVNACLPRNUINSUCNILAL
EXPLOIT
EPSS
0.83%
52.9th percentile
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindex_feed_hook_instagram/troubleshooting' and '/trustindex_feed_hook_instagram/submit-data' REST API endpoints in all versions up to, and including, 1.8. This makes it possible for unauthenticated attackers to access and update plugin settings.

Affected

1 ranges
VendorProductVersion rangeFixed in
trustindexwidgets_for_social_photo_feed<= 1.8
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.