Does Easy Social Feed – Social Photos Gallery and Post Feed for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy Social Feed – Social Photos Gallery and Post Feed for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Social Feed – Social Photos Gallery and Post Feed for WordPress compatible with WordPress 6.9.4?

According to WordPress.org data, Easy Social Feed – Social Photos Gallery and Post Feed for WordPress 6.7.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Security & Risk Analysis

wordpress.org/plugins/easy-facebook-likebox

Display Instagram, Facebook & YouTube feeds with photos, videos, reels, events & galleries. Fast, responsive & easy to set up.

30K active installs v6.7.5 PHP + WP 3.3+ Updated Mar 10, 2026

facebook-feedfacebook-postsinstagram-feedinstagram-galleryinstagram-photos

A · Safe

CVEs total10

Unpatched0

Last CVESep 5, 2025

Plugin page Download

Safety Verdict

Is Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Safe to Use in 2026?

Generally Safe

Score 96/100

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

10 known CVEsLast CVE: Sep 5, 2025Updated 23d ago

Risk Assessment

The plugin 'easy-facebook-likebox' v6.7.5 presents a mixed security posture. While it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped outputs, significant concerns arise from its attack surface. The presence of 10 unprotected entry points, specifically AJAX handlers and REST API routes without proper authentication or permission checks, creates a substantial risk for unauthorized access and manipulation.

The static analysis also reveals 9 out of 11 analyzed taint flows with unsanitized paths, which is concerning despite no critical or high severity issues being flagged directly. This suggests potential for vulnerabilities that might not have been caught by the current analysis depth or that are present in the underlying logic. The vulnerability history, with 10 known medium severity CVEs, including Cross-Site Scripting, CSRF, and Missing Authorization, reinforces the potential for these types of attacks. The recurrence of these vulnerability types over time indicates a persistent weakness in how user input is handled and access is controlled.

In conclusion, while the plugin has some strengths like its use of prepared statements and output escaping, the unprotected entry points and a history of medium severity vulnerabilities, coupled with unsanitized taint flows, indicate a moderate to high risk. Addressing the unprotected entry points and rectifying the underlying causes of past vulnerabilities should be a priority.

Key Concerns

8 AJAX handlers without auth checks
2 REST API routes without permission callbacks
9 flows with unsanitized paths
10 known medium severity CVEs
Bundled Freemius v1.0

Vulnerabilities

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2023

2023

7 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

10 total CVEs

CVE-2025-6067medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Sep 5, 2025 Patched in 6.6.8 (1d)

CVE-2024-30526medium · 4.3Cross-Site Request Forgery (CSRF)

Easy Social Feed <= 6.5.6 - Cross-Site Request Forgery

Mar 29, 2024 Patched in 6.5.7 (70d)

CVE-2024-1219medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Feed <= 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 27, 2024 Patched in 6.5.6 (17d)

CVE-2024-30180medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Feed <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via fb_appid

Mar 25, 2024 Patched in 6.5.4 (5d)

CVE-2024-1213medium · 5.4Cross-Site Request Forgery (CSRF)

Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery

Mar 12, 2024 Patched in 6.5.5 (1d)

CVE-2024-1214medium · 4.3Cross-Site Request Forgery (CSRF)

Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery

Mar 12, 2024 Patched in 6.5.5 (1d)

CVE-2024-1278medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Mar 12, 2024 Patched in 6.5.5 (1d)

CVE-2023-6883medium · 4.3Missing Authorization

Easy Social Feed <= 6.5.2 - Missing Authorization to Settings Modification

Jan 2, 2024 Patched in 6.5.3 (210d)

CVE-2023-48740medium · 4.3Missing Authorization

Easy Social Feed <= 6.5.1 - Missing Authorization via hide_free_sidebar()

Nov 23, 2023 Patched in 6.5.2 (61d)

CVE-2022-4474medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Social Feed <= 6.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Dec 27, 2022 Patched in 6.4.0 (392d)

Code Analysis

Analyzed Mar 16, 2026

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

36 prepared

Unescaped Output

233

750 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

82% prepared44 total queries

Output Escaping

76% escaped983 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

11 flows9 with unsanitized paths

efbl_save_facebook_access_token (facebook\admin\class-easy-facebook-likebox-admin.php:221)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Attack Surface

Entry Points46

Unprotected10

AJAX Handlers 29

authwp_ajax_esf_change_module_statusadmin\class-esf-admin.php:24

authwp_ajax_esf_remove_access_tokenadmin\class-esf-admin.php:25

authwp_ajax_esf_save_general_settingsadmin\class-esf-admin.php:26

authwp_ajax_esf_save_gdpr_settingsadmin\class-esf-admin.php:27

authwp_ajax_esf_save_translation_settingsadmin\class-esf-admin.php:28

authwp_ajax_esf_hide_rating_noticeadmin\class-esf-admin.php:30

authwp_ajax_esf_hide_row_noticeadmin\class-esf-admin.php:31

authwp_ajax_efbl_create_skin_urlfacebook\admin\class-easy-facebook-likebox-admin.php:21

authwp_ajax_efbl_get_albums_listfacebook\admin\class-easy-facebook-likebox-admin.php:22

authwp_ajax_efbl_del_transfacebook\admin\class-easy-facebook-likebox-admin.php:23

authwp_ajax_efbl_clear_all_cachefacebook\admin\class-easy-facebook-likebox-admin.php:24

authwp_ajax_efbl_save_fb_access_tokenfacebook\admin\class-easy-facebook-likebox-admin.php:25

authwp_ajax_efbl_get_moderate_feedfacebook\admin\class-easy-facebook-likebox-admin.php:26

authwp_ajax_efbl_preload_feedfacebook\admin\class-easy-facebook-likebox-admin.php:27

authwp_ajax_efbl_generate_popup_htmlfacebook\frontend\easy-facebook-likebox.php:82

noprivwp_ajax_efbl_generate_popup_htmlfacebook\frontend\easy-facebook-likebox.php:83

authwp_ajax_easy-facebook-likebox-customizer-stylefacebook\frontend\easy-facebook-likebox.php:84

noprivwp_ajax_easy-facebook-likebox-customizer-stylefacebook\frontend\easy-facebook-likebox.php:85

authwp_ajax_mif_remove_access_tokeninstagram\admin\class-easy-facebook-likebox-instagram-admin.php:30

authwp_ajax_mif_save_access_tokeninstagram\admin\class-easy-facebook-likebox-instagram-admin.php:31

authwp_ajax_mif_save_business_access_tokeninstagram\admin\class-easy-facebook-likebox-instagram-admin.php:32

authwp_ajax_esf_insta_create_skin_urlinstagram\admin\class-easy-facebook-likebox-instagram-admin.php:33

authwp_ajax_mif_delete_transientinstagram\admin\class-easy-facebook-likebox-instagram-admin.php:34

authwp_ajax_mif_clear_all_cacheinstagram\admin\class-easy-facebook-likebox-instagram-admin.php:35

authwp_ajax_mif_get_moderate_feedinstagram\admin\class-easy-facebook-likebox-instagram-admin.php:36

authwp_ajax_mif_get_shoppable_feedinstagram\admin\class-easy-facebook-likebox-instagram-admin.php:37

authwp_ajax_mif_preload_feedinstagram\admin\class-easy-facebook-likebox-instagram-admin.php:38

authwp_ajax_esf-insta-customizer-styleinstagram\frontend\class-easy-facebook-likebox-instagram-frontend.php:19

noprivwp_ajax_esf-insta-customizer-styleinstagram\frontend\class-easy-facebook-likebox-instagram-frontend.php:20

REST API Routes 13

GET/wp-json/esf/v1/youtube/accountsyoutube\includes\api\class-esf-youtube-api-accounts.php:31

GET/wp-json/esf/v1/youtube/accounts/(?P<id>[\d]+)youtube\includes\api\class-esf-youtube-api-accounts.php:49

GET/wp-json/esf/v1/youtube/feedsyoutube\includes\api\class-esf-youtube-api-feeds.php:31

GET/wp-json/esf/v1/youtube/feedsyoutube\includes\api\class-esf-youtube-api-feeds.php:70

GET/wp-json/esf/v1/youtube/feeds/(?P<id>[\d]+)youtube\includes\api\class-esf-youtube-api-feeds.php:81

GET/wp-json/esf/v1/youtube/feeds/(?P<id>[\d]+)/duplicateyoutube\includes\api\class-esf-youtube-api-feeds.php:142

GET/wp-json/esf/v1/youtube/feeds/(?P<id>[\d]+)/clear-cacheyoutube\includes\api\class-esf-youtube-api-feeds.php:162

GET/wp-json/esf/v1/youtube/feeds/(?P<id>[\d]+)/load-moreyoutube\includes\api\class-esf-youtube-api-load-more.php:31

GET/wp-json/esf/v1/youtube/oauth/urlyoutube\includes\api\class-esf-youtube-api-oauth.php:59

GET/wp-json/esf/v1/youtube/feeds/(?P<id>[\d]+)/previewyoutube\includes\api\class-esf-youtube-api-preview.php:31

GET/wp-json/esf/v1/youtube/settingsyoutube\includes\api\class-esf-youtube-api-settings.php:46

GET/wp-json/esf/v1/youtube/settingsyoutube\includes\api\class-esf-youtube-api-settings.php:56

GET/wp-json/esf/v1/youtube/settings/clear-cacheyoutube\includes\api\class-esf-youtube-api-settings.php:75

Shortcodes 4

[efb_likebox] facebook\frontend\easy-facebook-likebox.php:79

[efb_pageplugin] facebook\frontend\easy-facebook-likebox.php:80

[efb_feed] facebook\frontend\easy-facebook-likebox.php:81

[my-instagram-feed] instagram\frontend\class-easy-facebook-likebox-instagram-frontend.php:18

WordPress Hooks 55

actionadmin_menuadmin\class-esf-admin.php:20

actionadmin_menuadmin\class-esf-admin.php:21

actionadmin_headadmin\class-esf-admin.php:22

actionadmin_enqueue_scriptsadmin\class-esf-admin.php:23

actionadmin_noticesadmin\class-esf-admin.php:29

actionadmin_headadmin\class-esf-admin.php:32

actionadmin_footeradmin\class-esf-admin.php:34

actionpre_get_postsadmin\class-esf-admin.php:37

actionafter_uninstalleasy-facebook-likebox.php:80

actionafter_uninstalleasy-facebook-likebox.php:116

actionwidgets_initeasy-facebook-likebox.php:143

actionwidgets_initeasy-facebook-likebox.php:160

actioniniteasy-facebook-likebox.php:185

actioniniteasy-facebook-likebox.php:186

actioniniteasy-facebook-likebox.php:187

actionplugins_loadedeasy-facebook-likebox.php:188

actionadmin_menufacebook\admin\class-easy-facebook-likebox-admin.php:19

actionadmin_enqueue_scriptsfacebook\admin\class-easy-facebook-likebox-admin.php:20

actioncustomize_registerfacebook\admin\includes\efbl-customizer.php:20

actioncustomize_preview_initfacebook\admin\includes\efbl-customizer.php:21

actioncustomize_controls_enqueue_scriptsfacebook\admin\includes\efbl-customizer.php:22

actioninitfacebook\admin\includes\efbl-skins.php:15

actioninitfacebook\admin\includes\efbl-skins.php:18

actionwpmu_new_blogfacebook\frontend\easy-facebook-likebox.php:75

actionwp_enqueue_scriptsfacebook\frontend\easy-facebook-likebox.php:77

actionwp_enqueue_scriptsfacebook\frontend\easy-facebook-likebox.php:78

actionenqueue_block_editor_assetsfacebook\includes\blocks\esf-fb-blocks.php:15

actionesf_fb_page_attrfacebook\multifeed\admin\class-esf-multifeed-facebook-admin.php:25

filterefbl_filter_queried_datafacebook\multifeed\frontend\class-esf-multifeed-facebook-frontend.php:25

filterefbl_filter_load_more_datafacebook\multifeed\frontend\class-esf-multifeed-facebook-frontend.php:30

actioncurrent_screenincludes\class-module-search.php:29

filterplugins_api_resultincludes\class-module-search.php:43

filterplugin_install_action_linksincludes\class-module-search.php:52

actionadmin_enqueue_scriptsincludes\class-module-search.php:61

filterself_admin_urlincludes\class-module-search.php:68

actionadmin_menuinstagram\admin\class-easy-facebook-likebox-instagram-admin.php:28

actionadmin_enqueue_scriptsinstagram\admin\class-easy-facebook-likebox-instagram-admin.php:29

actioncustomize_registerinstagram\admin\includes\class-esf-insta-customizer.php:12

actioncustomize_preview_initinstagram\admin\includes\class-esf-insta-customizer.php:13

actioncustomize_controls_enqueue_scriptsinstagram\admin\includes\class-esf-insta-customizer.php:14

actioninitinstagram\admin\includes\class-esf-insta-skins.php:15

actionwp_enqueue_scriptsinstagram\frontend\class-easy-facebook-likebox-instagram-frontend.php:17

actionadmin_enqueue_scriptsinstagram\includes\esf-instagram-feed-widget.php:514

actionesf_insta_page_attrinstagram\multifeed\admin\class-esf-multifeed-instagram-admin.php:25

filteresf_insta_filter_queried_datainstagram\multifeed\frontend\class-esf-multifeed-instagram-frontend.php:25

filteresf_insta_filter_load_more_datainstagram\multifeed\frontend\class-esf-multifeed-instagram-frontend.php:30

actionadmin_menuyoutube\admin\classes\class-esf-youtube-admin.php:60

actionadmin_enqueue_scriptsyoutube\admin\classes\class-esf-youtube-admin.php:62

actioninityoutube\class-esf-youtube-main.php:51

actioninityoutube\class-esf-youtube-main.php:53

actionrest_api_inityoutube\class-esf-youtube-main.php:55

filtercron_schedulesyoutube\class-esf-youtube-main.php:57

actionesf_youtube_refresh_feed_cacheyoutube\class-esf-youtube-main.php:59

actionadmin_inityoutube\class-esf-youtube-main.php:128

actionesf_youtube_register_layoutsyoutube\frontend\class-esf-youtube-frontend.php:57

Scheduled Events 1

esf_youtube_refresh_feed_cache

Maintenance & Trust

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version

Downloads3.4M

Community Trust

Rating92/100

Number of ratings499

Active installs30K

Alternatives

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Alternatives

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

WPZOOM Social Feed Widget & Block

instagram-widget-by-wpzoom

Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor

60K 1 CVE

Social Slider Feed

instagram-slider-widget

Display Instagram, Facebook and YouTube feeds in widgets, posts, pages, or anywhere else on your website.

20K 10 CVEs

Widgets for Social Photo Feed

social-photo-feed-widget

Instagram Feed Widgets. Display your Instagram feed on your website to increase engagement, sales and SEO.

10K 1 unpatched

Gutena PhotoFeed

photofeed-block-by-gutena

100

Gutena PhotoFeed is a free and simple plugin for WordPress that allows you to display your Instagram photos in a gallery. You can set the number of co …

800 No CVEs

Developer Profile

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Developer Profile

Sajid Javed

1 plugin · 30K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

76 days

View full developer profile

Detection Fingerprints

How We Detect Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/css/animate.min.css/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/css/bootstrap.css/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/css/font-awesome.min.css/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/css/jquery.bxslider.css/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/css/jquery.fancybox.css/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/css/owl.carousel.css/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/css/style.css/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/custom.js+9 more

Script Paths

/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/custom.js/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/easy-facebook-likebox-frontend.js/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/isotope.pkgd.min.js/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/jquery.bxslider.min.js/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/jquery.fancybox.pack.js/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/masonry.pkgd.min.js+1 more

Version Parameters

/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/css/style.css?ver=/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/custom.js?ver=/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/easy-facebook-likebox-frontend.js?ver=/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/isotope.pkgd.min.js?ver=/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/jquery.bxslider.min.js?ver=/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/jquery.fancybox.pack.js?ver=/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/masonry.pkgd.min.js?ver=/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/owl.carousel.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

esf-carouselesf-custom-feedesf-custom-feed-containesf-descriptionesf-gallery-wrapesf-image-wrapesf-instagram-feedesf-instagram-wrap+30 more

HTML Comments

+3 more

Data Attributes

data-mesg_show_alldata-post_iddata-post_typedata-show_event_pastdata-show_event_todaydata-show_event_upcoming

JS Globals

esf_frontend_options

Shortcode Output

[easy-facebook-feed[easy-facebook-page-plugin[easy-instagram-feed

FAQ

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Security & Risk Analysis

Is Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Safe to Use in 2026?

Generally Safe

Key Concerns

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Security Vulnerabilities

CVEs by Year

Severity Breakdown

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Attack Surface

AJAX Handlers 29

REST API Routes 13

Shortcodes 4

Scheduled Events 1

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Maintenance & Trust

Maintenance Signals

Community Trust

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Alternatives

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

WPZOOM Social Feed Widget & Block

Social Slider Feed

Widgets for Social Photo Feed

Gutena PhotoFeed

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Developer Profile

How We Detect Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Easy Social Feed – Social Photos Gallery and Post Feed for WordPress