WP-Safety

Feed Them Social – Social Media Feeds, Video, and Photo Galleries Security & Risk Analysis

wordpress.org/plugins/feed-them-social

Custom social media feeds for Instagram, Facebook, TikTok, & YouTube. Works with Elementor, Beaver Builder, and Gutenberg blocks.

20K active installs v4.4.1 PHP 7.0+ WP 5.4+ Updated Jan 31, 2026
facebookinstagramsocialtiktokyoutube
94
A · Safe
CVEs total12
Unpatched0
Last CVEJan 31, 2024
Plugin page Download
Safety Verdict

Is Feed Them Social – Social Media Feeds, Video, and Photo Galleries Safe to Use in 2026?

Generally Safe

Score 94/100

Feed Them Social – Social Media Feeds, Video, and Photo Galleries has a strong security track record. Known vulnerabilities have been patched promptly.

12 known CVEsLast CVE: Jan 31, 2024Updated 2mo ago
Risk Assessment

The "feed-them-social" plugin, version 4.4.1, exhibits a mixed security posture. While the static analysis indicates a strong adherence to security best practices with no unprotected entry points, 90% prepared SQL queries, 87% properly escaped output, and a significant number of nonce and capability checks, there are areas of concern. The presence of 13 taint flows with unsanitized paths, even without critical or high severity, suggests potential for unexpected behavior or minor vulnerabilities if user input is not meticulously handled at every juncture. The plugin also performs 9 external HTTP requests, which, if not properly validated or sanitized, could introduce risks.

The plugin's vulnerability history, however, presents a more significant concern. With 12 known CVEs, including 3 critical and 1 high severity, and a recent vulnerability in January 2024, this indicates a pattern of security weaknesses. The common vulnerability types like CSRF, XSS, Deserialization, and Code Injection are particularly troubling, as they can lead to severe compromises. The fact that there are currently no unpatched CVEs is a positive sign, suggesting prompt remediation for recent issues, but the historical prevalence of severe vulnerabilities is a strong indicator of past systemic issues that may resurface or have underlying causes not immediately apparent in the static analysis of this specific version.

Key Concerns

  • 13 taint flows with unsanitized paths
  • 12 known CVEs, 3 critical, 1 high
  • Recent vulnerability in Jan 2024
  • Common vuln types: CSRF, XSS, Deserialization, Code Injection
  • 9 external HTTP requests
Vulnerabilities
12

Feed Them Social – Social Media Feeds, Video, and Photo Galleries Security Vulnerabilities

CVEs by Year

2 CVEs in 2015
2015
1 CVE in 2020
2020
6 CVEs in 2022
2022
2 CVEs in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
3
High
1
Medium
7
Low
1

12 total CVEs

CVE-2024-24710low · 3.5Cross-Site Request Forgery (CSRF)

Feed Them Social <= 4.2.0 - Cross-Site Request Forgery via review_nag_check

Jan 31, 2024 Patched in 4.2.1 (3d)
WF-057ab824-8071-4c3c-9a57-f9a0043a9ad5-feed-them-socialmedium · 4.3Cross-Site Request Forgery (CSRF)

Feed Them Social <= 4.0.7 - Cross-Site Request Forgery

Mar 29, 2023 Patched in 4.0.8 (300d)
CVE-2023-25056medium · 5.4Cross-Site Request Forgery (CSRF)

Feed Them Social <= 3.0.2 - Cross-Site Request Forgery

Feb 21, 2023 Patched in 4.0.0 (336d)
CVE-2022-2940medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Subscriber+ Stored Cross-Site Scripting

Nov 14, 2022 Patched in 3.0.1 (435d)
CVE-2022-2942high · 8.8Cross-Site Request Forgery (CSRF)

Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Cross-Site Request Forgery to Settings update

Nov 14, 2022 Patched in 3.0.1 (435d)
CVE-2022-2532medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Subscriber+ Stored Cross-Site Scripting

Jul 26, 2022 Patched in 3.0.1 (546d)
CVE-2022-2437critical · 9.8Deserialization of Untrusted Data

Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization

Jul 12, 2022 Patched in 2.9.8.6 (560d)
WF-8599cb81-4f51-40b5-a0aa-5d27f2ae085d-feed-them-socialcritical · 9.8Cross-Site Request Forgery (CSRF)

Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Cross-Site Request Forgery to Plugin Settings Update

Jul 12, 2022 Patched in 2.9.8.6 (560d)
CVE-2022-2383medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Reflected Cross-Site Scripting

Jul 12, 2022 Patched in 3.0.1 (560d)
CVE-2020-36739medium · 4.3Cross-Site Request Forgery (CSRF)

Feed Them Social – Page, Post, Video, and Photo Galleries <= 2.8.6 - Cross-Site Request Forgery Bypass

Sep 16, 2020 Patched in 2.8.7 (1224d)
CVE-2015-9351critical · 9.8Improper Control of Generation of Code ('Code Injection')

Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution

Feb 2, 2015 Patched in 1.7.0 (3277d)
CVE-2015-9350medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Feed Them Social <= 1.6.9 - Reflected Cross-Site Scripting

Feb 2, 2015 Patched in 1.7.0 (3277d)
Code Analysis
Analyzed Mar 16, 2026

Feed Them Social – Social Media Feeds, Video, and Photo Galleries Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
18 prepared
Unescaped Output
235
1518 escaped
Nonce Checks
24
Capability Checks
28
File Operations
1
External Requests
9
Bundled Libraries
0

SQL Query Safety

90% prepared20 total queries

Output Escaping

87% escaped1753 total outputs
Data Flows
13 unsanitized

Data Flow Analysis

25 flows13 with unsanitized paths
ftsRenderLocationsListHtml (admin\cpt\access_tokens\AccessTokenOptions.php:544)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Feed Them Social – Social Media Feeds, Video, and Photo Galleries Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 9

authwp_ajax_ftsAccessTokenTypeAjaxadmin\cpt\access_tokens\AccessTokenOptions.php:110
authwp_ajax_ftsExportFeedOptionsAjaxadmin\cpt\FeedOptionsImportExport.php:63
authwp_ajax_ftsImportFeedOptionsAjaxadmin\cpt\FeedOptionsImportExport.php:65
authwp_ajax_ftsClearCacheAjaxincludes\FeedCache.php:81
authwp_ajax_ftsEncryptTokenAjaxincludes\FeedFunctions.php:115
authwp_ajax_ftsDecryptTokenAjaxincludes\FeedFunctions.php:116
authwp_ajax_ftsRefreshFeedAjaxincludes\FeedFunctions.php:117
authwp_ajax_myFtsFbLoadMoreincludes\FeedFunctions.php:121
noprivwp_ajax_myFtsFbLoadMoreincludes\FeedFunctions.php:122

Shortcodes 2

[fts_fb_page_token] admin\cpt\access_tokens\AccessTokenOptions.php:113
[feed_them_social] includes\FeedShortcode.php:152
WordPress Hooks 74
actionadmin_noticesActivatePlugin.php:54
actionadmin_noticesActivatePlugin.php:72
actionadmin_noticesActivatePlugin.php:75
actionupgrader_process_completeActivatePlugin.php:78
filterplugin_row_metaActivatePlugin.php:84
actionadmin_initActivatePlugin.php:87
actionadmin_noticesActivatePlugin.php:428
actionactivated_pluginActivatePlugin.php:521
actionautomatic_updates_completeActivatePlugin.php:524
actioninitadmin\cpt\FeedsCPT.php:161
actionadmin_menuadmin\cpt\FeedsCPT.php:164
actionadmin_menuadmin\cpt\FeedsCPT.php:167
actioncurrent_screenadmin\cpt\FeedsCPT.php:170
filterpost_updated_messagesadmin\cpt\FeedsCPT.php:173
filtermanage_fts_posts_columnsadmin\cpt\FeedsCPT.php:176
actionmanage_fts_posts_custom_columnadmin\cpt\FeedsCPT.php:177
filtergettextadmin\cpt\FeedsCPT.php:180
actionadd_meta_boxesadmin\cpt\FeedsCPT.php:183
filterattribute_escapeadmin\cpt\FeedsCPT.php:186
actioncurrent_screenadmin\cpt\FeedsCPT.php:192
actionadmin_action_ftsDuplicatePostAsDraftadmin\cpt\FeedsCPT.php:194
filterpage_row_actionsadmin\cpt\FeedsCPT.php:195
filterfts_row_actionsadmin\cpt\FeedsCPT.php:196
actionpost_submitbox_startadmin\cpt\FeedsCPT.php:197
filterpage_row_actionsadmin\cpt\FeedsCPT.php:200
filterbody_classadmin\cpt\FeedsCPT.php:202
filteradmin_body_classadmin\cpt\FeedsCPT.php:304
filtercron_schedulesadmin\cron_jobs\CronJobs.php:90
actioninitadmin\cron_jobs\CronJobs.php:93
actionfts_clear_cache_eventadmin\cron_jobs\CronJobs.php:256
actionwp_enqueue_scriptsadmin\modules\beaver-builder\includes\module.php:28
actioninitadmin\modules\beaver-builder\includes\module.php:122
actionelementor/preview/enqueue_stylesadmin\modules\elementor\includes\customElementor.php:13
actionelementor/preview/enqueue_scriptsadmin\modules\elementor\includes\customElementor.php:27
actionelementor/editor/after_enqueue_scriptsadmin\modules\elementor\includes\customElementor.php:58
actionelementor/widgets/widgets_registeredadmin\modules\elementor\includes\module.php:32
filterfts_update_optionadmin\settings\SettingsFunctions.php:42
filterfts_get_settingsadmin\settings\SettingsFunctions.php:45
filterfts_settings_sanitize_textadmin\settings\SettingsFunctions.php:48
filterfts_after_setting_outputadmin\settings\SettingsFunctions.php:51
actionadmin_initadmin\settings\SettingsPage.php:78
actionadmin_menuadmin\settings\SettingsPage.php:81
actionadmin_initadmin\settings\SettingsPage.php:84
filterfts_after_setting_outputadmin\settings\SettingsPage.php:87
filterfts_after_setting_outputadmin\settings\SettingsPage.php:90
actionadmin_noticesadmin\settings\SettingsPage.php:156
actionadmin_menuadmin\SystemInfo.php:88
actionadmin_initincludes\ErrorHandler.php:51
actionadmin_noticesincludes\ErrorHandler.php:122
actioninitincludes\FeedCache.php:80
filterwidget_textincludes\FeedFunctions.php:113
actionwp_before_admin_bar_renderincludes\FeedFunctions.php:139
actionadmin_enqueue_scriptsincludes\FeedFunctions.php:144
actionadmin_enqueue_scriptsincludes\FeedFunctions.php:147
actionadmin_enqueue_scriptsincludes\FeedFunctions.php:151
actionwp_enqueue_scriptsincludes\feeds\tiktok\TiktokFeed.php:103
actionwp_enqueue_scriptsincludes\FeedShortcode.php:155
actioninitLoadPlugin.php:90
actioninitLoadPlugin.php:102
actionadmin_initmetabox\MetaboxFunctions.php:213
actionadmin_post_slickmetabox_formmetabox\MetaboxFunctions.php:216
actionsave_postmetabox\MetaboxFunctions.php:220
actionadmin_enqueue_scriptsmetabox\MetaboxFunctions.php:224
actionadmin_footermetabox\MetaboxFunctions.php:228
filterfts_update_single_optionoptions\OptionsFunctions.php:44
filterfts_get_options_arrayoptions\OptionsFunctions.php:47
actionadmin_noticesupdater\UpdaterCheckClass.php:63
actionadmin_noticesupdater\UpdaterCheckClass.php:65
filterpre_set_site_transient_update_pluginsupdater\UpdaterCheckClass.php:158
filterplugins_apiupdater\UpdaterCheckClass.php:159
actionadmin_initupdater\UpdaterCheckClass.php:162
filterpre_set_site_transient_update_pluginsupdater\UpdaterCheckClass.php:256
actionadmin_menuupdater\UpdaterLicensePage.php:149
actionadmin_initupdater\UpdaterLicensePage.php:150
Maintenance & Trust

Feed Them Social – Social Media Feeds, Video, and Photo Galleries Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 31, 2026
PHP min version7.0
Downloads4.3M

Community Trust

Rating94/100
Number of ratings636
Active installs20K
Alternatives

Feed Them Social – Social Media Feeds, Video, and Photo Galleries Alternatives

YoApy Social Poster

YoApy Social Poster

yoapy-social-poster

A
100

Schedule and publish posts to Facebook, Instagram, YouTube, and TikTok directly from your WordPress dashboard.

0 No CVEs
Social Slider Feed

Social Slider Feed

instagram-slider-widget

A
94

Display Instagram, Facebook and YouTube feeds in widgets, posts, pages, or anywhere else on your website.

20K 10 CVEs
Social Media Feed for WordPress

Social Media Feed for WordPress

powr-social-feed

A
100

Keep your website content up to date and increase SEO by displaying all of your social media accounts, #hashtags in one place with customized design.

400 No CVEs
Trollishly Social Media Profile Assistant

Trollishly Social Media Profile Assistant

trollishly-social-media-profile-assistant

A
100

Adds a customizable Follow bar under the post header with TikTok, Instagram, and YouTube profile links configured from the admin settings screen.

0 No CVEs
Social Login

Social Login

oa-social-login

A
89

With Social Login your users can login, register and comment with 40+ Social Networks. Maintenance Free. Uptime Guarantee. Fulltime devs

5K 1 CVE
Developer Profile

Feed Them Social – Social Media Feeds, Video, and Photo Galleries Developer Profile

slickremix

1 plugin · 20K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
959 days
View full developer profile
Detection Fingerprints

How We Detect Feed Them Social – Social Media Feeds, Video, and Photo Galleries

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/feed-them-social/admin/css/feed-them-social-admin.css/wp-content/plugins/feed-them-social/admin/js/feed-them-social-admin.js/wp-content/plugins/feed-them-social/feed-them-social.php/wp-content/plugins/feed-them-social/admin/cpt/options/SettingsOptionsJS.php
Script Paths
/wp-content/plugins/feed-them-social/admin/js/feed-them-social-admin.js
Version Parameters
feed-them-social/admin/css/feed-them-social-admin.css?ver=feed-them-social/admin/js/feed-them-social-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
fts-color-pickerfts-required-extension-wrapfeed-them-social-req-extensionfts-social-selectortabbedfts-show-how-to-messagelike-box-wrapdisplay-comments-wrap+7 more
Data Attributes
data-fts-cache-timedata-fts-feed-iddata-fts-ajax-urldata-fts-social-feed-id
JS Globals
fts_color_picker
Shortcode Output
[fts_instagram][fts_twitter][fts_facebook][fts_youtube]
FAQ

Frequently Asked Questions about Feed Them Social – Social Media Feeds, Video, and Photo Galleries