PT-2026-36564 · Trustindex · Widgets For Social Photo Feed
German
·
Published
2026-05-02
·
Updated
2026-05-02
·
CVE-2025-14726
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindex feed hook instagram/troubleshooting' and '/trustindex feed hook instagram/submit-data' REST API endpoints in all versions up to, and including, 1.8. This makes it possible for unauthenticated attackers to access and update plugin settings.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Widgets For Social Photo Feed