Does Social Feed Gallery have any unpatched vulnerabilities?

No. All known vulnerabilities in Social Feed Gallery have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Social Feed Gallery compatible with WordPress 6.9.4?

According to WordPress.org data, Social Feed Gallery 5.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Social Feed Gallery compatible with PHP 5.6+?

Social Feed Gallery requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Social Feed Gallery updated?

Social Feed Gallery was last updated on Feb 12, 2026. Frequent updates are generally a positive security signal.

What is Social Feed Gallery's security score?

Social Feed Gallery has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Social Feed Gallery Security & Risk Analysis

wordpress.org/plugins/insta-gallery

Formerly known as "Instagram Feed", this is the best plugin for displaying Instagram feeds on WordPress. It also supports Instagram reels.

90K active installs v5.0.3 PHP 5.6+ WP 4.7+ Updated Feb 12, 2026

instagraminstagram-elementorinstagram-feedinstagram-galleryinstagram-widget

A · Safe

CVEs total3

Unpatched0

Last CVEOct 24, 2025

Plugin page Download

Safety Verdict

Is Social Feed Gallery Safe to Use in 2026?

Generally Safe

Score 95/100

Social Feed Gallery has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 24, 2025Updated 1mo ago

Risk Assessment

The 'insta-gallery' v5.0.3 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no identified critical or high-severity issues in taint analysis, a low number of SQL queries, and a high percentage of properly escaped output, indicating good practices in these areas. The plugin also demonstrates awareness of security by implementing nonce and capability checks, and it has no known external HTTP requests that could be leveraged for further attacks.

However, significant concerns arise from the plugin's vulnerability history. With three known CVEs, including one high-severity vulnerability, and a pattern of missing authorization and CSRF vulnerabilities, there's a clear historical precedent for security weaknesses. The fact that all previous vulnerabilities are currently patched is a positive sign, but the recurring nature of certain vulnerability types is a strong indicator of potential future risks if development practices do not fundamentally address these underlying issues.

In conclusion, while the current version shows some good security development practices and has no immediate critical flaws evident in the static analysis, the past vulnerability record is a major red flag. The history of missing authorization and CSRF vulnerabilities suggests potential architectural weaknesses that could be re-introduced or remain latent. Continued vigilance and thorough code reviews focusing on authorization logic and input validation are crucial for this plugin.

Key Concerns

High severity unpatched CVEs in history
Medium severity unpatched CVEs in history
SQL queries not using prepared statements
Vulnerability history includes missing authorization
Vulnerability history includes CSRF

Vulnerabilities

Social Feed Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-10637medium · 5.3Missing Authorization

Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure

Oct 24, 2025 Patched in 4.9.3 (1d)

CVE-2024-39640medium · 5.3Missing Authorization

WP Social Feed Gallery <= 4.3.9 - Missing Authorization

Aug 1, 2024 Patched in 4.4.0 (8d)

CVE-2019-15779high · 8.8Cross-Site Request Forgery (CSRF)

Social Feed Gallery <= 2.4.7 - Cross-Site Request Forgery

Aug 12, 2019 Patched in 2.4.8 (1625d)

Code Analysis

Analyzed Mar 16, 2026

Social Feed Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

95 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

92% escaped103 total outputs

Attack Surface

Social Feed Gallery Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 29

filterinitcompatibility\old.php:9

filteroption_insta_gallery_accountscompatibility\old.php:39

filteroption_insta_gallery_feedscompatibility\old.php:75

actioninitcompatibility\old.php:114

filterrender_block_datacompatibility\old.php:156

filterregister_block_type_argscompatibility\old.php:194

actionwidgets_initcompatibility\old.php:217

actionwp_default_scriptsjetpack_vendor\automattic\jetpack-assets\actions.php:11

actionplugins_loadedjetpack_vendor\automattic\jetpack-assets\actions.php:12

filterwp_resource_hintsjetpack_vendor\automattic\jetpack-assets\src\class-assets.php:182

actionwp_loadedjetpack_vendor\automattic\jetpack-assets\src\class-script-data.php:38

actionenqueue_block_editor_assetsjetpack_vendor\automattic\jetpack-assets\src\class-script-data.php:52

actionshutdownjetpack_vendor\automattic\jetpack-status\src\class-errors.php:38

actionwp_network_dashboard_setupjetpack_vendor\quadlayers\wp-dashboard-widget-news\src\Load.php:36

actionwp_dashboard_setupjetpack_vendor\quadlayers\wp-dashboard-widget-news\src\Load.php:37

actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-promote\src\Load.php:95

actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-promote\src\Load.php:104

actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-required\src\Load.php:40

filterinstall_plugins_tabsjetpack_vendor\quadlayers\wp-plugin-install-tab\src\Load.php:33

actioninstall_plugins_quadlayersjetpack_vendor\quadlayers\wp-plugin-install-tab\src\Load.php:34

actionplugins_loadedjetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:47

actionadmin_menujetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:50

actionadmin_initjetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:55

filternetwork_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:56

filterself_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Table.php:52

filternetwork_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Table.php:53

filterplugin_row_metajetpack_vendor\quadlayers\wp-plugin-table-links\src\Load.php:36

actioninitvendor_packages\wp-notice-plugin-promote.php:4

actioninitvendor_packages\wp-plugin-table-links.php:4

Maintenance & Trust

Social Feed Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 12, 2026

PHP min version5.6

Downloads5.2M

Community Trust

Rating90/100

Number of ratings299

Active installs90K

Alternatives

Social Feed Gallery Alternatives

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

WPZOOM Social Feed Widget & Block

instagram-widget-by-wpzoom

Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor

60K 1 CVE

Meks Easy Photo Feed Widget

meks-easy-instagram-widget

Easily display Instagram photos as a widget that looks good in (almost) any WordPress theme.

20K 1 CVE

Widgets for Social Photo Feed

social-photo-feed-widget

Instagram Feed Widgets. Display your Instagram feed on your website to increase engagement, sales and SEO.

10K 1 unpatched

Inavii for Elementor Social Feed

inavii-social-feed-for-elementor

100

Create the ultimate Instagram experience. Add Instagram feed to your Elementor site in under 60 seconds and increase your Instagram followers.

9K No CVEs

Developer Profile

Social Feed Gallery Developer Profile

quadlayers

17 plugins · 654K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

501 days

View full developer profile

Detection Fingerprints

How We Detect Social Feed Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/insta-gallery/assets/css/frontend.min.css/wp-content/plugins/insta-gallery/assets/js/frontend.min.js

Script Paths

/wp-content/plugins/insta-gallery/assets/js/frontend.min.js

Version Parameters

insta-gallery/assets/css/frontend.min.css?ver=insta-gallery/assets/js/frontend.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

qligg-container

HTML Comments

Data Attributes

data-iddata-url

JS Globals

qligg_frontend_params

REST Endpoints

/wp-json/qligg/v1/instagram/feed

Shortcode Output

[instagram-feed]

FAQ