cbcvebase.

Trustindex Widgets For Social Photo Feed vulnerabilities

3 known vulnerabilities affecting trustindex/widgets_for_social_photo_feed.

Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-14726P3MEDIUMCVSS 6.5PoC≤ 1.82026-05-02
CVE-2025-14726 [MEDIUM] CWE-200 CVE-2025-14726: The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindex_feed_hook_instagram/troubleshooting' and '/trustindex_feed_hook_instagram/submit-data' REST API endpoints in all versions up to, and including, 1.8. This makes it possible f
nvd
CVE-2026-5425P3HIGHCVSS 7.2≤ 1.7.92026-04-04
CVE-2026-5425 [HIGH] CWE-79 CVE-2026-5425: The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenev
nvd
CVE-2025-68595P4MEDIUMCVSS 5.3≤ 1.82025-12-24
CVE-2025-68595 [MEDIUM] CWE-862 CVE-2025-68595: Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-wi Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.8.
nvd
Trustindex Widgets For Social Photo Feed vulnerabilities | cvebase