WP-Safety

Social Feed for WordPress by CompyGo Security & Risk Analysis

wordpress.org/plugins/compygo-social-feed

Display completely customizable Facebook Feed on your WordPress website. Also it supports Instagram photos and Youtube videos.

20 active installs v2.0.0 PHP 5.6+ WP 4.8+ Updated Unknown
facebookfacebook-feedfacebook-pagefacebook-photosfacebook-post
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Social Feed for WordPress by CompyGo Safe to Use in 2026?

Generally Safe

Score 100/100

Social Feed for WordPress by CompyGo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "compygo-social-feed" plugin v2.0.0 exhibits a concerning security posture due to a significantly exposed attack surface without adequate authentication. While the plugin demonstrates good practices in database interactions by using prepared statements for all SQL queries and properly escaping the vast majority of its output, these strengths are overshadowed by the sheer number of unprotected AJAX handlers.

Specifically, the analysis reveals 18 AJAX handlers, all of which lack authentication checks. This represents a critical vulnerability as it allows any unauthenticated user to trigger these handlers, potentially leading to unintended actions or information disclosure. While the plugin has no recorded vulnerability history and shows no critical taint flows, the lack of authorization on such a large portion of its entry points is a significant risk that cannot be ignored. The presence of nonce checks and capability checks on only a few functions further highlights this deficiency. The bundled Guzzle library, while not explicitly flagged as vulnerable in this report, is an area to monitor for potential outdated dependencies in future audits.

In conclusion, while the "compygo-social-feed" plugin has a clean vulnerability history and uses secure coding practices for SQL and output handling, the massive unprotected attack surface through AJAX is a critical weakness. This needs immediate remediation to prevent exploitation.

Key Concerns

  • Unprotected AJAX handlers
  • Large attack surface without auth
  • Limited capability checks
Vulnerabilities
None known

Social Feed for WordPress by CompyGo Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Social Feed for WordPress by CompyGo Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
29 prepared
Unescaped Output
2
92 escaped
Nonce Checks
2
Capability Checks
1
File Operations
2
External Requests
2
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared29 total queries

Output Escaping

98% escaped94 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
setStats (src\Model\Stats.php:10)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
18 unprotected

Social Feed for WordPress by CompyGo Attack Surface

Entry Points18
Unprotected18

AJAX Handlers 18

noprivwp_ajax_fetch_feed_postssrc\CompygoApi.php:48
authwp_ajax_fetch_feed_postssrc\CompygoApi.php:49
noprivwp_ajax_fetch_feed_sourcessrc\CompygoApi.php:50
authwp_ajax_fetch_feed_sourcessrc\CompygoApi.php:51
authwp_ajax_fetch_logssrc\CompygoApi.php:54
authwp_ajax_fetch_optionssrc\CompygoApi.php:57
authwp_ajax_update_optionssrc\CompygoApi.php:58
authwp_ajax_create_or_update_feedsrc\CompygoApi.php:61
authwp_ajax_fetch_feedsrc\CompygoApi.php:62
authwp_ajax_remove_feedsrc\CompygoApi.php:63
authwp_ajax_duplicate_feedsrc\CompygoApi.php:64
authwp_ajax_save_feed_logosrc\CompygoApi.php:65
authwp_ajax_remove_feed_logosrc\CompygoApi.php:66
authwp_ajax_fetch_sourcesrc\CompygoApi.php:69
authwp_ajax_create_or_update_sourcesrc\CompygoApi.php:70
authwp_ajax_remove_sourcesrc\CompygoApi.php:71
authwp_ajax_flush_cachesrc\CompygoApi.php:74
authwp_ajax_statssrc\CompygoApi.php:77
WordPress Hooks 14
filtercron_schedulescompygo-social-feed.php:41
actionplugins_loadedcompygo-social-feed.php:60
actionwp_loadedcompygo-social-feed.php:70
filtertemplate_includesrc\Compygo.php:28
actionwp_loadedsrc\Compygo.php:38
actionwp_enqueue_scriptssrc\Compygo.php:43
actioninitsrc\CompygoAdmin.php:20
actionenqueue_block_editor_assetssrc\CompygoAdmin.php:23
actioninitsrc\CompygoAdmin.php:47
actionadmin_menusrc\CompygoAdmin.php:63
filterplugin_action_links_compygo-social-feed/compygo-social-feed.phpsrc\CompygoAdmin.php:95
actioncurrent_screensrc\CompygoAdmin.php:116
actionadmin_enqueue_scriptssrc\CompygoAdmin.php:124
actionrest_api_initsrc\CompygoApi.php:34
Maintenance & Trust

Social Feed for WordPress by CompyGo Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedUnknown
PHP min version5.6
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

Social Feed for WordPress by CompyGo Alternatives

Smash Balloon Social Post Feed – Simple Social Feeds for WordPress

Smash Balloon Social Post Feed – Simple Social Feeds for WordPress

custom-facebook-feed

A
95

Formerly "Custom Facebook Feed". Display completely customizable Facebook feeds of a Facebook page. Supports Facebook oEmbeds.

200K 8 CVEs
Mitsol Social Post Feed

Mitsol Social Post Feed

facebook-wall-and-social-integration

A
100

Formerly known as Facebook wall and social integration allows you to display completely customizable Facebook feed of any public Facebook page or grou …

200 1 CVE
Mirror App – Social Page

Mirror App – Social Page

mirror-app-social-page

A
100

Display your social page updates — including your full Facebook Feed with posts, photos, and videos — beautifully on your WordPress site using a simpl …

0 No CVEs
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

easy-facebook-likebox

A
96

Display Instagram, Facebook & YouTube feeds with photos, videos, reels, events & galleries. Fast, responsive & easy to set up.

30K 10 CVEs
Mongoose Page Plugin

Mongoose Page Plugin

facebook-page-feed-graph-api

A
100

The most popular way to display the Facebook Page Plugin on your WordPress website. Easy implementation using a shortcode or widget.

10K 1 CVE
Developer Profile

Social Feed for WordPress by CompyGo Developer Profile

compygo

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Social Feed for WordPress by CompyGo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/compygo-social-feed/pub/frontend.css/wp-content/plugins/compygo-social-feed/pub/slick.css/wp-content/plugins/compygo-social-feed/pub/slick-theme.css/wp-content/plugins/compygo-social-feed/pub/frontend.main.js/wp-content/plugins/compygo-social-feed/pub/library/masonry.pkgd.min.js/wp-content/plugins/compygo-social-feed/pub/library/image-loader.min.js/wp-content/plugins/compygo-social-feed/pub/library/slick.min.js
Version Parameters
compygo-social-feed/pub/frontend.css?ver=2.0.0compygo-social-feed/pub/slick.css?ver=2.0.0compygo-social-feed/pub/slick-theme.css?ver=2.0.0compygo-social-feed/pub/frontend.main.js?ver=2.0.0compygo-social-feed/pub/library/masonry.pkgd.min.js?ver=1.1compygo-social-feed/pub/library/image-loader.min.js?ver=1.1compygo-social-feed/pub/library/slick.min.js?ver=1.1

HTML / DOM Fingerprints

CSS Classes
cgusf-feed-container
HTML Comments
<!-- Social Feed for WordPress by CompyGo -->
Data Attributes
data-cgusf-feed-id
JS Globals
cgusf_ajax_obj
Shortcode Output
[compygo-social-feed
FAQ

Frequently Asked Questions about Social Feed for WordPress by CompyGo