Does EmbedSocial – Social Media Feeds, Reviews and Galleries have any unpatched vulnerabilities?

No. All known vulnerabilities in EmbedSocial – Social Media Feeds, Reviews and Galleries have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EmbedSocial – Social Media Feeds, Reviews and Galleries compatible with WordPress 6.8.5?

According to WordPress.org data, EmbedSocial – Social Media Feeds, Reviews and Galleries 1.2.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

EmbedSocial – Social Media Feeds, Reviews and Galleries Security & Risk Analysis

wordpress.org/plugins/embedalbum-pro

EmbedSocial allows you to collect and embed social media content on any website automatically.

4K active installs v1.2.2 PHP + WP 4.0+ Updated Jun 23, 2025

facebook-feedfacebook-reviewsinstagram-feedsocial-media-feedsocial-media-tools

A · Safe

CVEs total2

Unpatched0

Last CVEJun 18, 2024

Download

Safety Verdict

Is EmbedSocial – Social Media Feeds, Reviews and Galleries Safe to Use in 2026?

Generally Safe

Score 99/100

EmbedSocial – Social Media Feeds, Reviews and Galleries has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 18, 2024Updated 9mo ago

Risk Assessment

The embedalbum-pro plugin v1.2.2 presents a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, all SQL queries use prepared statements, and output is consistently properly escaped. There are no file operations or external HTTP requests, and no taint analysis indicates any unsanitized paths. This suggests a generally good level of code hygiene for these specific security aspects.

However, several concerns warrant attention. The presence of 16 shortcodes, while not directly flagged as unprotected in the static analysis, represents a significant attack surface. The complete absence of nonce checks and capability checks across all entry points is a major weakness. This means any user, regardless of their role or permissions, could potentially trigger actions through these shortcodes, opening the door for privilege escalation or unauthorized actions if vulnerabilities exist within the shortcode logic.

The plugin's vulnerability history is a significant red flag. With two known medium-severity CVEs, both related to Cross-site Scripting (XSS), and the most recent one being very recent (June 18, 2024), it indicates a pattern of introducing vulnerabilities that allow for input manipulation. The fact that there are currently no unpatched CVEs is positive, but the historical pattern suggests a recurring need for diligent security auditing and patching.

Key Concerns

16 shortcodes, potential attack surface
No nonce checks on entry points
No capability checks on entry points
2 known medium severity CVEs
Recent vulnerability (2024-06-18)

Vulnerabilities

EmbedSocial – Social Media Feeds, Reviews and Galleries Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-3984medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedSocial – Social Media Feeds, Reviews and Galleries <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 18, 2024 Patched in 1.2.1 (13d)

CVE-2023-0371medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EmbedSocial – Social Media Feeds, Reviews and Galleries = 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 30, 2023 Patched in 1.1.28 (358d)

Code Analysis

Analyzed Mar 16, 2026

EmbedSocial – Social Media Feeds, Reviews and Galleries Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped10 total outputs

Attack Surface

EmbedSocial – Social Media Feeds, Reviews and Galleries Attack Surface

Entry Points16

Unprotected0

Shortcodes 16

[embedsocial_schema] embedalbum_pro.php:252

[embedsocial_album] embedalbum_pro.php:253

[embedsocial_gallery] embedalbum_pro.php:254

[embedsocial_instagram] embedalbum_pro.php:255

[embedsocial_twitter] embedalbum_pro.php:256

[embedsocial_google_album] embedalbum_pro.php:257

[embedsocial_feed] embedalbum_pro.php:258

[embedsocial_reviews] embedalbum_pro.php:259

[embedsocial_google_reviews] embedalbum_pro.php:260

[embedsocial_custom_reviews] embedalbum_pro.php:261

[embedsocial_stories] embedalbum_pro.php:262

[embedsocial_stories_popup] embedalbum_pro.php:263

[embedsocial_story_gallery] embedalbum_pro.php:264

[embedsocial_hashtag] embedalbum_pro.php:265

[embedsocial_badge] embedalbum_pro.php:266

[embedsocial_badge_custom] embedalbum_pro.php:267

WordPress Hooks 13

actionwp_footerembedalbum_pro.php:119

actionwp_footerembedalbum_pro.php:125

actionwp_footerembedalbum_pro.php:131

actionwp_footerembedalbum_pro.php:137

actionwp_footerembedalbum_pro.php:143

actionwp_footerembedalbum_pro.php:149

actionwp_footerembedalbum_pro.php:155

actionwp_footerembedalbum_pro.php:181

actionwp_footerembedalbum_pro.php:187

actionwp_footerembedalbum_pro.php:193

actionwp_footerembedalbum_pro.php:199

actionwp_footerembedalbum_pro.php:205

actionwp_footerembedalbum_pro.php:211

Maintenance & Trust

EmbedSocial – Social Media Feeds, Reviews and Galleries Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 23, 2025

PHP min version

Downloads90K

Community Trust

Rating84/100

Number of ratings5

Active installs4K

Alternatives

EmbedSocial – Social Media Feeds, Reviews and Galleries Alternatives

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

easy-facebook-likebox

Display Instagram, Facebook & YouTube feeds with photos, videos, reels, events & galleries. Fast, responsive & easy to set up.

30K 10 CVEs

Social Slider Feed

instagram-slider-widget

Display Instagram, Facebook and YouTube feeds in widgets, posts, pages, or anywhere else on your website.

20K 10 CVEs

Walls.io: Social Media Feed

wallsio

100

Embed Walls.io social walls into WordPress posts with just one click!

1K No CVEs

Social Media Feed for WordPress

powr-social-feed

100

Keep your website content up to date and increase SEO by displaying all of your social media accounts, #hashtags in one place with customized design.

400 No CVEs

EmbedStories – Display social media stories

embedstories

EmbedStories allows you to easily embed Instagram Stories on your website

300 1 CVE

Developer Profile

EmbedSocial – Social Media Feeds, Reviews and Galleries Developer Profile

embedsocial

2 plugins · 4K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

243 days

View full developer profile

Detection Fingerprints

How We Detect EmbedSocial – Social Media Feeds, Reviews and Galleries

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/embedalbum-pro/embedalbum-pro.php

Script Paths

https://embedsocial.com/embedscript/biw.jshttps://embedsocial.com/embedscript/in.jshttps://embedsocial.com/embedscript/ti.jshttps://embedsocial.com/embedscript/eiw.jshttps://embedsocial.com/embedscript/gi.jshttps://embedsocial.com/embedscript/sf.js+7 more

HTML / DOM Fingerprints

CSS Classes

embedsocial-albumembedsocial-galleryembedsocial-instagramembedsocial-twitterembedsocial-google-placeembedsocial-socialfeedembedsocial-reviewsembedsocial-google-reviews+6 more

Data Attributes

data-refdata-tagsdata-lazyload

Shortcode Output

<div class='embedsocial-album' data-ref='<div class='embedsocial-gallery' data-ref='<div class='embedsocial-instagram' data-ref='<div class='embedsocial-twitter' data-ref='

FAQ