Vulnerabilities and security researches forinstagram-feed instagram-feed
Direction: ascendingSmash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # 0f602c2fa3da61fde88d461b5bfa94514dba3dee
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- Feb 07, 2018
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 1.6 WordPress Instagram Feed plugin <=1.5.1 - Cross-Site Scripting (XSS) vulnerability Cross-Site Scripting (XSS) vulnerability found Dumpcore in WordPress Instagram Feed plugin (versions <=1.5.1).
- Affected versions
-
max 1.6.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # CVE-2025-4583
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- May 29, 2025
- Research Description
- The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 (Free) and 6.8.0 (Pro) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 6.9.1.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # PSC-2026-64623
- PSC, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- Feb 27, 2026
- Research Description
- Social feed plugins are valuable for keeping a website fresh, but they also expand the attack surface because they integrate with external platforms, render dynamic content on the front end, and store configuration that can include display templates, access tokens, and connection metadata. Weaknesses in access control, request integrity, or output handling can translate into stored XSS in rendered feed elements, CSRF-driven settings changes, data leakage through misprotected endpoints, or unsafe exposure of integration state. Smash Balloon Social Photo Feed – Easy Social Feeds Plugin version 6.10.0 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64623, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for social media embedding and feed-rendering plugins.
- Affected versions
-
Min 6.11.3, max 6.11.3.
- Status
-
SAFE & CERTIFIED
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # cff60996de18d96c853c179f6dd70c33a7a6fa31
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- Mar 05, 2019
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 1.12 Smash Balloon Social Photo Feed <= 1.11.3 - Cross-Site Request Forgery to Back-Up Deletion The Smash Balloon Social Photo Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.3. This is due to missing or incorrect nonce validation on the sbi_clear_backups() function. This makes it possible for unauthenticated attackers to clear the plugins back-ups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 1.12.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # 6c4256eeb71c37c6520e635a4f6b8122301d34e8
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- Jan 18, 2018
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 1.6 Smash Balloon Social Photo Feed <= 1.5.1 - Reflected Cross-Site Scripting The Smash Balloon Social Photo Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘access_token’ parameter in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 1.6.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # d9a57a3a-251b-46cc-8f42-0c64657aaaa3
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- -
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 1.4.7 Instagram Feed <= 1.4.6.2 - Authenticated Cross-Site Scripting (XSS) & CSRF The Smash Balloon Social Photo Feed WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) & CSRF security vulnerability.
- Affected versions
-
max 1.4.7.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # e766e165-1a05-4065-9e71-27b528641dd2
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- -
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 2.9.2 Multiple Plugins from Smash Balloon - Reflected Cross-Site Scripting The plugins do not properly sanitise the URL generated to dismiss the New Users notifications, leading to a reflected Cross-Site Scripting issue
- Affected versions
-
max 2.9.2.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # 4cd4f9d7a71cd609f161d10286616a84533e6de4
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- Nov 21, 2016
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 1.4.7 WordPress Instagram Feed Plugin <= 1.4.6.2 - Cross Site Request Forgery Because of this vulnerability, attackers can perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf. Update the plugin.
- Affected versions
-
max 1.4.7.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # 63d036bf8354801dd02167b4cc6a671f96fb03ce
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- Jul 20, 2021
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 2.9.2 Smash Balloon Plugins (Various Versions) - Reflected Cross-Site Scripting Several Smash Balloon Plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via URLs in various versions due to insufficient input sanitization and output escaping with the use of add_query_arg. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 2.9.2.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # 186f32c07afa9283cdfb606de43cacac95ab248f
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- Nov 19, 2016
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 1.4.7 Smash Balloon Social Photo Feed <= 1.4.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting The Smash Balloon Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in the settings page in versions up to, and including, 1.4.6.2 due to insufficient input sanitization and output escaping and missing nonce validation. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 1.4.7.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # ef357b6f-b37c-43e0-94fe-60ae6d8f68bc
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- -
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 1.12 Instagram Feed <= 1.11.3 - Unspecified Issues The Smash Balloon Social Photo Feed WordPress plugin was affected by an Unspecified Issues security vulnerability.
- Affected versions
-
max 1.12.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # 36d33de7-655e-40d9-9745-ed2e10836360
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- -
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 1.6 Instagram Feed <= 1.5.1 - Cross-Site Scripting (XSS) The Smash Balloon Social Photo Feed WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.
- Affected versions
-
max 1.6.
- Status
-
vulnerable
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress # CVE-2026-12002
- CVE, Research URL
- Home page URL
-
Security reports for Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress
- Date
- -
- Research Description
- Smash Balloon Social Photo Feed – Easy Social Feeds Plugin [instagram-feed] < 6.11.2 CVE-2026-12002
- Affected versions
-
max 6.11.2.
- Status
-
vulnerable