CVE-2017-16758

Name of the Vulnerable Software and Affected Versions Ultimate Instagram Feed plugin versions prior to 1.3

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the access token parameter in the admin/partials/uif-access-token-display.php file.

Recommendations For Ultimate Instagram Feed plugin versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/partials/uif-access-token-display.php file to minimize the risk of exploitation. Avoid using the access token parameter in the affected file until the issue is resolved.