Does Mongoose Page Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Mongoose Page Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mongoose Page Plugin compatible with WordPress 6.8.5?

According to WordPress.org data, Mongoose Page Plugin 1.9.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Mongoose Page Plugin compatible with PHP 5.3+?

Mongoose Page Plugin requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mongoose Page Plugin updated?

Mongoose Page Plugin was last updated on Sep 7, 2025. Frequent updates are generally a positive security signal.

What is Mongoose Page Plugin's security score?

Mongoose Page Plugin has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mongoose Page Plugin Security & Risk Analysis

wordpress.org/plugins/facebook-page-feed-graph-api

The most popular way to display the Facebook Page Plugin on your WordPress website. Easy implementation using a shortcode or widget.

10K active installs v1.9.2 PHP 5.3+ WP 4.6+ Updated Sep 7, 2025

facebook-feedfacebook-like-boxfacebook-pagefacebook-page-pluginlike-box

A · Safe

CVEs total1

Unpatched0

Last CVEDec 27, 2022

Plugin page Download

Safety Verdict

Is Mongoose Page Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

Mongoose Page Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 27, 2022Updated 6mo ago

Risk Assessment

The facebook-page-feed-graph-api plugin v1.9.2 exhibits a mixed security posture. While it demonstrates good practices such as 100% prepared statement usage for SQL queries and a high percentage (93%) of properly escaped output, there are significant concerns regarding its attack surface and lack of robust authentication. Two out of the three identified entry points, specifically AJAX handlers, lack proper authentication checks. This creates a potential avenue for unauthorized actions if these handlers are exploitable.

The plugin's vulnerability history includes one known medium severity CVE related to Cross-site Scripting (XSS), which was last patched in late 2022. The absence of currently unpatched vulnerabilities is a positive sign, but the presence of past XSS issues, combined with the unprotected AJAX handlers, suggests that improper input neutralization could be a recurring weakness.

Overall, the plugin has strengths in its database interaction and output handling. However, the unprotected AJAX endpoints represent a notable risk that could be exploited by attackers. The past XSS vulnerability also warrants attention, reinforcing the need for continued vigilance and thorough security audits of this plugin.

Key Concerns

Unprotected AJAX handlers
Medium severity CVE in history
Lack of nonce checks on AJAX

Vulnerabilities

Mongoose Page Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2022-4675medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mongoose Page Plugin <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Dec 27, 2022 Patched in 1.9.0 (668d)

Code Analysis

Analyzed Mar 16, 2026

Mongoose Page Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

85 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped91 total outputs

Attack Surface

2 unprotected

Mongoose Page Plugin Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_facebook_page_plugin_latest_blog_posts_callbackinc\class-mongoose-page-plugin.php:256

authwp_ajax_facebook_page_plugin_remove_donate_noticeinc\class-mongoose-page-plugin.php:257

Shortcodes 1

[facebook-page-plugin] inc\class-mongoose-page-plugin.php:269

WordPress Hooks 7

actionactivated_pluginfacebook-page-feed-graph-api.php:41

actionadmin_enqueue_scriptsinc\class-mongoose-page-plugin.php:253

actionadmin_initinc\class-mongoose-page-plugin.php:254

actionadmin_menuinc\class-mongoose-page-plugin.php:255

actioninitinc\class-mongoose-page-plugin.php:258

actionwidgets_initinc\class-mongoose-page-plugin.php:259

filterwidget_textinc\class-mongoose-page-plugin.php:261

Maintenance & Trust

Mongoose Page Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 7, 2025

PHP min version5.3

Downloads409K

Community Trust

Rating92/100

Number of ratings64

Active installs10K

Alternatives

Mongoose Page Plugin Alternatives

Fan Page Widget by ThemeNcode

facebook-fan-page-widget

An widget that will display Facebook Fan page like box. Uses latest API of Facebook (v 16.0)

1K 1 CVE

Social Like Box and Page by WpDevArt

like-box

WordPress Facebook Like box plugin will help you to display like box on your website, just add our plugin widget to your sidebar and use it.

6K 2 CVEs

Creative Like Box

creative-facebook-like-box

This is a simple Facebook Like Box Plugin. By this plugin you can add a widget for your Facebook page.

10 No CVEs

SocialMediaFeedWidget

socialmediafeedwidget

SocialMediaFeedWidget is a super cool widget plugin. You can use the plugin to display your Facebook Page timeline in any sidebar on your website.

10 No CVEs

Smash Balloon Social Post Feed – Simple Social Feeds for WordPress

custom-facebook-feed

Formerly "Custom Facebook Feed". Display completely customizable Facebook feeds of a Facebook page. Supports Facebook oEmbeds.

200K 8 CVEs

Developer Profile

Mongoose Page Plugin Developer Profile

Cameron Jones

4 plugins · 10K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

668 days

View full developer profile

Detection Fingerprints

How We Detect Mongoose Page Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/facebook-page-feed-graph-api/css/admin.css/wp-content/plugins/facebook-page-feed-graph-api/css/public.css/wp-content/plugins/facebook-page-feed-graph-api/js/admin.js/wp-content/plugins/facebook-page-feed-graph-api/js/public.js/wp-content/plugins/facebook-page-feed-graph-api/js/shortcode-generator.js

Script Paths

/wp-content/plugins/facebook-page-feed-graph-api/js/admin.js/wp-content/plugins/facebook-page-feed-graph-api/js/public.js/wp-content/plugins/facebook-page-feed-graph-api/js/shortcode-generator.js

Version Parameters

facebook-page-feed-graph-api/css/admin.css?ver=facebook-page-feed-graph-api/css/public.css?ver=facebook-page-feed-graph-api/js/admin.js?ver=facebook-page-feed-graph-api/js/public.js?ver=facebook-page-feed-graph-api/js/shortcode-generator.js?ver=

HTML / DOM Fingerprints

CSS Classes

facebook-page-plugin-shortcode-generatorfacebook-page-plugin-shortcode-generator-output

Data Attributes

id="fbpp-href"id="fbpp-width"id="fbpp-height"id="fbpp-cover"id="fbpp-facepile"class="fbpp-tabs"+8 more

JS Globals

fbpp_admin_params

Shortcode Output

<form class="facebook-page-plugin-shortcode-generator"><input type="url" id="fbpp-href" /><input type="number" max="500" min="180" id="fbpp-width" /><input type="number" min="70" id="fbpp-height" />

FAQ