Vulnerabilities and security researches forwd-instagram-feed

CVE, Research URL: CVE-2018-10301
Home page URL: Security reports for 10WebSocial
Application: 10WebSocial
Date: Apr 23, 2018
Research Description: Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post.
Affected versions: max 1.4.19.
Status: vulnerable

CVE, Research URL: CVE-2021-25047
Home page URL: Security reports for 10WebSocial
Application: 10WebSocial
Date: Jan 10, 2022
Research Description: The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users
Affected versions: max 1.4.29.
Status: vulnerable

CVE, Research URL: CVE-2018-10300
Home page URL: Security reports for 10WebSocial
Application: 10WebSocial
Date: Apr 23, 2018
Research Description: Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio.
Affected versions: max 1.3.1.
Status: vulnerable

Vulnerabilities and security researches forwd-instagram-feed wd-instagram-feed