Vulnerabilities and security researches forinstagram-feed instagram-feed

Jun 07, 2024

CVE, Research URL: 0f602c2fa3da61fde88d461b5bfa94514dba3dee
Home page URL: Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
Application: Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
Date: Feb 07, 2018
Research Description: Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 1.4.7 WordPress Instagram Feed plugin <=1.5.1 - Cross-Site Scripting (XSS) vulnerability Cross-Site Scripting (XSS) vulnerability found Dumpcore in WordPress Instagram Feed plugin (versions <=1.5.1).
Affected versions: Min -, max -.
Status: vulnerable

May 30, 2025

CVE, Research URL: CVE-2025-4583
Home page URL: Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
Application: Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
Date: May 29, 2025
Research Description: The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable