PT-2026-30317 · WordPress · Widgets For Social Photo Feed

Nabil Irawan

Published

2026-04-04

Updated

2026-04-11

CVE-2026-5425

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Widgets for Social Photo Feed plugin for WordPress versions up to and including 1.7.9

Description The Widgets for Social Photo Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the feed data parameter keys due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which will execute when a user accesses the injected page.

Recommendations Update the Widgets for Social Photo Feed plugin to a version newer than 1.7.9.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-5425

Affected Products

Widgets For Social Photo Feed

PT-2026-30317 · WordPress · Widgets For Social Photo Feed

CVE-2026-5425

Weakness Enumeration

Related Identifiers

Affected Products

References · 6