WP-Safety

Gallery for Social Photo Security & Risk Analysis

wordpress.org/plugins/feed-instagram-lite

Display Instagram photos and videos easily on your website just in minutes. Ready in WordPress Blocks or Classic Editor.

400 active installs v1.0.0.39 PHP + WP 5.0+ Updated Jan 21, 2026
galleryinstagraminstagram-feedinstagram-galleryinstagram-photo
97
A · Safe
CVEs total3
Unpatched0
Last CVEMar 25, 2025
Plugin page Download
Safety Verdict

Is Gallery for Social Photo Safe to Use in 2026?

Generally Safe

Score 97/100

Gallery for Social Photo has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 25, 2025Updated 2mo ago
Risk Assessment

The feed-instagram-lite plugin v1.0.0.39 exhibits a mixed security posture. On the positive side, it demonstrates good practices by ensuring 100% of its SQL queries use prepared statements and has a significant portion (80%) of its outputs properly escaped. Nonce and capability checks are present for a majority of its entry points, and importantly, there are no identified unsanitized paths or critical/high severity taint flows in the static analysis. The plugin also has zero unpatched vulnerabilities from its history.

However, several concerns warrant attention. The presence of the `create_function` dangerous function is a significant red flag, as it can be a vector for code injection vulnerabilities if not handled with extreme care. While the static analysis did not find direct issues, the historical vulnerability data reveals a pattern of Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and SQL Injection vulnerabilities. The existence of three past CVEs, even though none are currently unpatched, suggests a history of security weaknesses that could potentially resurface or have underlying architectural issues. The relatively high number of AJAX handlers (10) with zero explicitly unprotected handlers is good, but the potential for vulnerabilities within these handlers, especially given the past CVE types, should be continuously monitored. The presence of bundled libraries like TinyMCE and Select2 also implies a dependency on external code, which could introduce vulnerabilities if not kept up-to-date, although no specific version issues are indicated here.

In conclusion, while the plugin shows some commendable security practices in its current codebase, the historical vulnerability data and the use of the `create_function` are significant weaknesses. Continuous vigilance, rigorous security testing, and a proactive approach to patching future vulnerabilities will be crucial for maintaining a secure posture.

Key Concerns

  • Use of dangerous function: create_function
  • Past high severity vulnerabilities (XSS/CSRF/SQLi)
  • Bundled libraries (TinyMCE, Select2)
  • Significant number of AJAX handlers
Vulnerabilities
3

Gallery for Social Photo Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-26742medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallery for Social Photo <= 1.0.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 25, 2025 Patched in 1.0.0.37 (10d)
CVE-2022-2224medium · 5.4Cross-Site Request Forgery (CSRF)

Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication

May 24, 2022 Patched in 1.0.0.29 (609d)
WF-c906a988-ad45-49cc-9d77-6b501445ddc5-feed-instagram-litehigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Gallery for Social Photo <= 1.0.0.25 - Subscriber+ SQL Injection

May 24, 2022 Patched in 1.0.0.27 (609d)
Code Analysis
Analyzed Mar 16, 2026

Gallery for Social Photo Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
64
259 escaped
Nonce Checks
9
Capability Checks
7
File Operations
0
External Requests
4
Bundled Libraries
2

Dangerous Functions Found

create_function$callback = create_function( '$post, $meta_box', 'gifeed_create_meta_box( $post, $meta_box["args"] )inc\admin\gifeed-metaboxes.php:23

Bundled Libraries

TinyMCESelect2

Output Escaping

80% escaped323 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
gifeed_get_feeds (inc\functions\endpoints\gifeed-ig-endpoints.php:15)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Gallery for Social Photo Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 10

authwp_ajax_gifeed_duplicate_feedinc\admin\functions\gifeed-admin-functions.php:123
authwp_ajax_gifeed_ajax_update_user_infoinc\admin\functions\gifeed-admin-functions.php:316
authwp_ajax_gifeed_ajax_access_tokeninc\admin\functions\gifeed-admin-functions.php:367
authwp_ajax_gifeed_ajax_update_settingsinc\admin\functions\gifeed-admin-functions.php:446
authwp_ajax_gifeed_generate_previewinc\admin\functions\gifeed-preview.php:64
noprivwp_ajax_gifeed_generate_previewinc\admin\functions\gifeed-preview.php:65
noprivwp_ajax_gifeed_get_feedsinc\functions\endpoints\gifeed-ig-endpoints.php:12
authwp_ajax_gifeed_get_feedsinc\functions\endpoints\gifeed-ig-endpoints.php:13
noprivwp_ajax_gifeed_get_user_infoinc\functions\endpoints\gifeed-ig-endpoints.php:77
authwp_ajax_gifeed_get_user_infoinc\functions\endpoints\gifeed-ig-endpoints.php:78

Shortcodes 1

[ghozylab-instagram] inc\frontend\gifeed-shortcode.php:83
WordPress Hooks 40
actionplugins_loadedfeed-instagram-lite.php:72
filterwidget_textfeed-instagram-lite.php:73
filterthe_excerptfeed-instagram-lite.php:74
filterthe_excerptfeed-instagram-lite.php:75
filterplugin_action_linksfeed-instagram-lite.php:76
actioninitfeed-instagram-lite.php:77
actioninitfeed-instagram-lite.php:78
actioninitfeed-instagram-lite.php:79
actionadmin_initfeed-instagram-lite.php:80
actionadmin_initfeed-instagram-lite.php:81
actionadmin_menufeed-instagram-lite.php:194
actionadmin_menufeed-instagram-lite.php:195
actiongifeed_auto_updatefeed-instagram-lite.php:266
actionadmin_headfeed-instagram-lite.php:323
actioncurrent_screenfeed-instagram-lite.php:328
actioninitinc\admin\gifeed-block\init.php:25
filtermanage_edit-ginstagramfeed_columnsinc\admin\gifeed-custom-post.php:66
filterpost_row_actionsinc\admin\gifeed-custom-post.php:164
actionadmin_headinc\admin\gifeed-custom-post.php:270
filtermanage_posts_custom_columninc\admin\gifeed-custom-post.php:330
actiondo_meta_boxesinc\admin\gifeed-metaboxes.php:11
actionadd_meta_boxesinc\admin\gifeed-metaboxes.php:732
actionsave_postinc\admin\gifeed-metaboxes.php:1511
actionadmin_enqueue_scriptsinc\admin\gifeed-script-loader.php:27
actionadmin_enqueue_scriptsinc\admin\gifeed-script-loader.php:37
actionadmin_enqueue_scriptsinc\admin\gifeed-script-loader.php:80
actionadmin_enqueue_scriptsinc\admin\gifeed-script-loader.php:171
actionadmin_noticesinc\admin\gifeed-script-loader.php:181
actioncurrent_screeninc\admin\gifeed-script-loader.php:187
actionadmin_headinc\admin\gifeed-tinymce.php:10
actionmedia_buttonsinc\admin\gifeed-tinymce.php:36
actionadmin_footerinc\admin\gifeed-tinymce.php:50
actionwidgets_initinc\admin\gifeed-widget.php:100
actionadmin_menuinc\admin\pages\gifeed-disabled.php:5
filtermce_external_pluginsinc\admin\tinymce_plugin\register_mce_button.php:8
actioncurrent_screeninc\admin\tinymce_plugin\register_mce_button.php:9
filtermce_buttonsinc\admin\tinymce_plugin\register_mce_button.php:20
actionenqueue_block_editor_assetsinc\admin\tinymce_plugin\register_mce_button.php:21
actionvc_before_initinc\admin\vc\vc-shortcode.php:15
actionwp_enqueue_scriptsinc\frontend\gifeed-script-loader.php:21

Scheduled Events 1

gifeed_auto_update
Maintenance & Trust

Gallery for Social Photo Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 21, 2026
PHP min version
Downloads52K

Community Trust

Rating80/100
Number of ratings3
Active installs400
Alternatives

Gallery for Social Photo Alternatives

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

A
98

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs
WPZOOM Social Feed Widget & Block

WPZOOM Social Feed Widget & Block

instagram-widget-by-wpzoom

A
99

Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor

60K 1 CVE
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

easy-facebook-likebox

A
96

Display Instagram, Facebook & YouTube feeds with photos, videos, reels, events & galleries. Fast, responsive & easy to set up.

30K 10 CVEs
Widgets for Social Photo Feed

Widgets for Social Photo Feed

social-photo-feed-widget

B
73

Instagram Feed Widgets. Display your Instagram feed on your website to increase engagement, sales and SEO.

10K 1 unpatched
Gutena PhotoFeed

Gutena PhotoFeed

photofeed-block-by-gutena

A
100

Gutena PhotoFeed is a free and simple plugin for WordPress that allows you to display your Instagram photos in a gallery. You can set the number of co &hellip;

800 No CVEs
Developer Profile

Gallery for Social Photo Developer Profile

GhozyLab

10 plugins · 21K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
847 days
View full developer profile
Detection Fingerprints

How We Detect Gallery for Social Photo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/feed-instagram-lite/inc/frontend/css/slick.css/wp-content/plugins/feed-instagram-lite/inc/frontend/css/slick-theme.css/wp-content/plugins/feed-instagram-lite/inc/frontend/css/instagram-feed.css/wp-content/plugins/feed-instagram-lite/inc/frontend/css/owl.carousel.min.css/wp-content/plugins/feed-instagram-lite/inc/frontend/css/owl.theme.default.min.css/wp-content/plugins/feed-instagram-lite/inc/frontend/css/magnific-popup.css/wp-content/plugins/feed-instagram-lite/inc/frontend/css/tooltipster.css/wp-content/plugins/feed-instagram-lite/inc/frontend/js/jquery.min.js+11 more
Script Paths
/wp-content/plugins/feed-instagram-lite/inc/frontend/js/jquery.min.js/wp-content/plugins/feed-instagram-lite/inc/frontend/js/slick.min.js/wp-content/plugins/feed-instagram-lite/inc/frontend/js/owl.carousel.min.js/wp-content/plugins/feed-instagram-lite/inc/frontend/js/isotope.min.js/wp-content/plugins/feed-instagram-lite/inc/frontend/js/magnific-popup.min.js/wp-content/plugins/feed-instagram-lite/inc/frontend/js/tooltipster.bundle.min.js+6 more
Version Parameters
feed-instagram-lite/style.css?ver=feed-instagram-lite/instagram-feed.css?ver=feed-instagram-lite/instagram-feed.js?ver=

HTML / DOM Fingerprints

CSS Classes
gifeed-instagram-feedgifeed_instagram_slidergifeed_gridgifeed_masonrygifeed_isotopegifeed_instagram_lightboxgifeed-carousel-wrappergifeed-carousel+18 more
HTML Comments
<!-- GhozyLab Instagram Feed Settings Page --><!-- GhozyLab Instagram Feed Docs Page --><!-- GhozyLab Instagram Feed Free Plugins Page --><!-- GhozyLab Instagram Feed Premium Plugins Page -->+4 more
Data Attributes
data-feed-iddata-grid-columnsdata-rowsdata-gutterdata-disable-lightboxdata-enable-masonry+17 more
JS Globals
gifeed_ajax_objectgifeed_instagram_paramsgifeed_preview_paramsgifeed_tinymce_params
REST Endpoints
/wp-json/feed-instagram-lite/v1/get_feed
Shortcode Output
[instagram-feed[instagram-feed-carousel
FAQ

Frequently Asked Questions about Gallery for Social Photo