Vulnerabilities and security researches forfeed-instagram-lite feed-instagram-lite

Mar 27, 2025

CVE, Research URL: CVE-2025-26742
Home page URL: Security reports for Gallery for Social Photo
Application: Gallery for Social Photo
Date: Mar 25, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35.
Affected versions: max 1.0.0.37.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-2224
Home page URL: Security reports for Gallery for Social Photo
Application: Gallery for Social Photo
Date: Jul 18, 2022
Research Description: The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.0.0.27.
Status: vulnerable