WP-Safety

Social Slider Feed Security & Risk Analysis

wordpress.org/plugins/instagram-slider-widget

Display Instagram, Facebook and YouTube feeds in widgets, posts, pages, or anywhere else on your website.

20K active installs v2.3.3 PHP 7.4+ WP + Updated Mar 5, 2026
facebook-feedinstagram-feedinstagram-gallerysocial-feedyoutube-feed
94
A · Safe
CVEs total10
Unpatched0
Last CVEMar 3, 2025
Plugin page Download
Safety Verdict

Is Social Slider Feed Safe to Use in 2026?

Generally Safe

Score 94/100

Social Slider Feed has a strong security track record. Known vulnerabilities have been patched promptly.

10 known CVEsLast CVE: Mar 3, 2025Updated 29d ago
Risk Assessment

The "instagram-slider-widget" plugin v2.3.3 presents a mixed security posture. While it exhibits some good practices like a high percentage of properly escaped outputs and the use of prepared statements for most SQL queries, several significant concerns exist. The presence of one unprotected AJAX handler is a critical vulnerability, allowing unauthorized execution of plugin functionality. Furthermore, the analysis of taint flows reveals three instances of unsanitized paths, which, although not classified as critical or high severity in this specific run, indicate a potential for privilege escalation or data compromise if user input is not handled carefully. The plugin's history of 10 known CVEs, with a majority being medium severity and two high, suggests a recurring pattern of security weaknesses. While currently no unpatched vulnerabilities are listed, this history necessitates vigilant updates and a cautious approach to deployment. The plugin's strengths lie in its generally good output escaping and SQL practices, but the identified unprotected entry point and historical vulnerability trends are significant drawbacks.

Key Concerns

  • Unprotected AJAX handler
  • Flows with unsanitized paths
  • History of 2 high severity CVEs
  • History of 8 medium severity CVEs
  • Dangerous function 'unserialize' found
Vulnerabilities
10

Social Slider Feed Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
6 CVEs in 2022
2022
1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
8

10 total CVEs

CVE-2025-0717medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Slider Feed <= 2.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 2.2.9 (50d)
CVE-2024-10149medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Slider Feed <= 2.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

Feb 25, 2025 Patched in 2.2.9 (92d)
CVE-2024-43215medium · 4.3Missing Authorization

Social Slider Feed <= 2.2.2 - Missing Authorization

Aug 9, 2024 Patched in 2.2.5 (48d)
WF-9f699d49-738f-49f0-ab1a-f43645a32c90-instagram-slider-widgetmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Slider Feed <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 9, 2022 Patched in 2.0.7 (532d)
WF-391d65a7-1675-4eae-b129-a1208cd95669-instagram-slider-widgetmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Slider Feed <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 2, 2022 Patched in 2.0.6 (539d)
WF-1b71eae9-9727-49c9-9926-85689286983f-instagram-slider-widgetmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Slider Feed <= 2.0.4 - Reflected Cross-Site Scripting

Aug 1, 2022 Patched in 2.0.5 (540d)
WF-1c63eaea-0a0f-412b-9f1a-3091de3a653a-instagram-slider-widgethigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Slider Feed <= 2.0.4 - Missing Authorization to Cross-Site Scripting

Aug 1, 2022 Patched in 2.0.5 (540d)
WF-44b2d11d-e876-433e-9e0d-5e9f2b3c0c80-instagram-slider-widgetmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Slider Feed <= 2.0.4 - Authenticated (Scubscriber+) Stored Cross-Site Scripting

Aug 1, 2022 Patched in 2.0.5 (540d)
WF-e2e2f446-5391-4189-8c9c-3be2459808d0-instagram-slider-widgethigh · 8.8Cross-Site Request Forgery (CSRF)

Social Slider Feed <= 2.0.4 - Missing Authorization

Aug 1, 2022 Patched in 2.0.5 (540d)
CVE-2021-24196medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Slider Widget <= 1.8.4 - Reflected Cross-Site Scripting

Mar 14, 2021 Patched in 1.8.5 (1045d)
Code Analysis
Analyzed Mar 16, 2026

Social Slider Feed Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
2 prepared
Unescaped Output
113
1046 escaped
Nonce Checks
12
Capability Checks
5
File Operations
0
External Requests
20
Bundled Libraries
1

Dangerous Functions Found

unserialize$option_value = unserialize($option->option_value);migrations\010800.php:46

Bundled Libraries

TinyMCE

SQL Query Safety

67% prepared3 total queries

Output Escaping

90% escaped1159 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths
content (components\facebook\includes\class-facebook-profiles.php:105)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Social Slider Feed Attack Surface

Entry Points8
Unprotected1

AJAX Handlers 5

authwp_ajax_wfb_add_account_by_tokencomponents\facebook\includes\class-facebook-profiles.php:28
authwp_ajax_wis-get-morecomponents\instagram\includes\class-instagram-pro.php:35
noprivwp_ajax_wis-get-morecomponents\instagram\includes\class-instagram-pro.php:36
authwp_ajax_wis_add_account_by_tokencomponents\instagram\includes\class-instagram-profiles.php:32
authwp_ajax_wyt_add_account_by_tokencomponents\youtube\includes\class-youtube-profiles.php:35

Shortcodes 3

[cm_facebook_feed] components\facebook\includes\functions.php:2
[jr_instagram] components\instagram\includes\functions.php:2
[cm_youtube_feed] components\youtube\includes\functions.php:2
WordPress Hooks 31
filterdynamic_sidebar_paramsadmin\pages\widgets.php:105
filterwis/facebook/mob_settingscomponents\facebook\includes\class-facebook-pro.php:26
actionwfacebook_feedcomponents\facebook\includes\class-facebook-widget.php:68
actionwp_enqueue_scriptscomponents\facebook\includes\class-facebook-widget.php:71
filterwis/sliderscomponents\instagram\includes\class-instagram-pro.php:26
filterwis/options/link_tocomponents\instagram\includes\class-instagram-pro.php:27
filterwis/mob_settingscomponents\instagram\includes\class-instagram-pro.php:28
filterwis/pro/display_imagescomponents\instagram\includes\class-instagram-pro.php:30
filterwis/account/profilescomponents\instagram\includes\class-instagram-pro.php:33
filterwis/images/countcomponents\instagram\includes\class-instagram-pro.php:34
actionjr_instagramcomponents\instagram\includes\class-instagram-widget.php:58
actionwp_enqueue_scriptscomponents\instagram\includes\class-instagram-widget.php:61
actionwp_enqueue_scriptscomponents\instagram\includes\class-instagram-widget.php:64
filterwis/youtube/options/link_tocomponents\youtube\includes\class-youtube-pro.php:26
filterwis/youtube/mob_settingscomponents\youtube\includes\class-youtube-pro.php:27
filterwyt/pro/displaycomponents\youtube\includes\class-youtube-pro.php:29
actionwp_enqueue_scriptscomponents\youtube\includes\class-youtube-widget.php:72
actionwyoutube_feedcomponents\youtube\includes\class-youtube-widget.php:75
filterthemeisle_sdk_productsincludes\class-plugin.php:83
actionplugins_loadedincludes\class-plugin.php:148
actioninitincludes\class-plugin.php:151
actionadmin_enqueue_scriptsincludes\class-plugin.php:155
actionadmin_noticesincludes\class-plugin.php:156
actionadmin_noticesincludes\class-plugin.php:157
actionplugins_loadedincludes\class-plugin.php:167
actionwidgets_initincludes\class-plugin.php:168
actionwidgets_initincludes\class-plugin.php:169
actionwidgets_initincludes\class-plugin.php:170
actionwp_enqueue_scriptsincludes\class-plugin.php:178
actionadmin_noticesinstagram-slider-widget.php:161
actionnetwork_admin_noticesinstagram-slider-widget.php:162

Scheduled Events 1

jr_insta_cron
Maintenance & Trust

Social Slider Feed Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version7.4
Downloads2.7M

Community Trust

Rating78/100
Number of ratings125
Active installs20K
Alternatives

Social Slider Feed Alternatives

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

easy-facebook-likebox

A
96

Display Instagram, Facebook & YouTube feeds with photos, videos, reels, events & galleries. Fast, responsive & easy to set up.

30K 10 CVEs
SocialFeeds

SocialFeeds

socialfeeds

A
100

YouTube feeds for WordPress with simple Setup and Settings options.

4K No CVEs
Social Media Feed for WordPress

Social Media Feed for WordPress

powr-social-feed

A
100

Keep your website content up to date and increase SEO by displaying all of your social media accounts, #hashtags in one place with customized design.

400 No CVEs
All in one Social Feeds

All in one Social Feeds

all-in-one-social-feeds

A
100

This plugin helps to display latest feeds from facebook, twitter,instagram, pinterest and youtube with tabs using a widget.

20 No CVEs
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

A
98

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs
Developer Profile

Social Slider Feed Developer Profile

Themeisle

37 plugins · 2.2M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
420 days
View full developer profile
Detection Fingerprints

How We Detect Social Slider Feed

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/instagram-slider-widget/css/style.css/wp-content/plugins/instagram-slider-widget/js/widget.js/wp-content/plugins/instagram-slider-widget/js/script.js/wp-content/plugins/instagram-slider-widget/components/youtube/admin/assets/css/wyoutube-admin.css
Version Parameters
instagram-slider-widget/css/style.css?ver=instagram-slider-widget/js/widget.js?ver=instagram-slider-widget/js/script.js?ver=instagram-slider-widget/components/youtube/admin/assets/css/wyoutube-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
wis-widget-social-feed
HTML Comments
<!-- Widget Social Feed -->
Data Attributes
data-feed-typedata-social-type
JS Globals
wis_vars
Shortcode Output
[instagram-slider-widget[social-slider-feed
FAQ

Frequently Asked Questions about Social Slider Feed