Does Meks Easy Photo Feed Widget have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Meks Easy Photo Feed Widget compatible with WordPress 6.3.8?

According to WordPress.org data, Meks Easy Photo Feed Widget 1.2.8 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

How often is Meks Easy Photo Feed Widget updated?

Meks Easy Photo Feed Widget was last updated on Sep 11, 2023. Frequent updates are generally a positive security signal.

What is Meks Easy Photo Feed Widget's security score?

Meks Easy Photo Feed Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Meks Easy Photo Feed Widget Security & Risk Analysis

wordpress.org/plugins/meks-easy-instagram-widget

Easily display Instagram photos as a widget that looks good in (almost) any WordPress theme.

20K active installs v1.2.8 PHP + WP 3.7+ Updated Sep 11, 2023

instagraminstagram-feedinstagram-galleryinstagram-imagesinstagram-widget

A · Safe

CVEs total1

Unpatched0

Last CVENov 10, 2021

Download

Safety Verdict

Is Meks Easy Photo Feed Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Meks Easy Photo Feed Widget has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Nov 10, 2021Updated 2yr ago

Risk Assessment

The 'meks-easy-instagram-widget' v1.2.8 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like the exclusive use of prepared statements for SQL queries and a lack of critical or high-severity issues in taint analysis, several concerns warrant attention. The plugin has a moderate attack surface, with 3 entry points identified, one of which is an AJAX handler lacking authentication checks. Additionally, the output escaping is only moderately effective, with 31% of outputs not properly escaped, which could lead to cross-site scripting vulnerabilities in certain scenarios.

The plugin's vulnerability history reveals a past medium-severity Cross-site Scripting (XSS) vulnerability, indicating a historical tendency for improper input neutralization. Although this vulnerability is currently patched, the pattern suggests a need for continued vigilance. The presence of unsanitized paths in taint flows, although not reaching critical or high severity, also points to potential areas where user-supplied data might not be adequately handled before being used in operations that could be sensitive.

In conclusion, while the plugin benefits from strong SQL handling and a lack of severe immediate taint issues, the unprotected AJAX endpoint, incomplete output escaping, and past XSS vulnerability present tangible risks. The presence of unsanitized paths in taint flows, even if not severe, further reinforces the need for cautious use and thorough auditing.

Key Concerns

AJAX handler without authentication check
Moderate percentage of unescaped output
Past medium severity XSS vulnerability
Taint flows with unsanitized paths

Vulnerabilities

1 published

Meks Easy Photo Feed Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2021-24958medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Meks Easy Photo Feed Widget < 1.2.4 - Authenticated Stored Cross-Site Scripting

Nov 10, 2021 Patched in 1.2.4 (804d)

Version History

Meks Easy Photo Feed Widget Release Timeline

v1.2.6

Code Analysis

Analyzed Mar 16, 2026

Meks Easy Photo Feed Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

77 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

69% escaped111 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

meks_save_token (inc\helpers.php:117)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Meks Easy Photo Feed Widget Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 2

authwp_ajax_meks_save_tokeninc\helpers.php:114

authwp_ajax_meks_save_business_selected_accountinc\helpers.php:135

Shortcodes 1

[meks_easy_photo_feed] inc\template-functions.php:3

WordPress Hooks 10

actionadmin_menuinc\class-instagram-options.php:84

actionadmin_initinc\class-instagram-options.php:85

filterplugin_action_linksinc\class-instagram-options.php:86

actionadmin_enqueue_scriptsinc\class-instagram-options.php:87

actionwp_enqueue_scriptsinc\class-instagram-widget.php:115

actionadmin_enqueue_scriptsinc\class-instagram-widget.php:118

actioninitmeks-easy-instagram-widget.php:32

actionwidgets_initmeks-easy-instagram-widget.php:44

actionplugins_loadedmeks-easy-instagram-widget.php:51

filterall_pluginsmeks-easy-instagram-widget.php:66

Maintenance & Trust

Meks Easy Photo Feed Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedSep 11, 2023

PHP min version

Downloads408K

Community Trust

Rating76/100

Number of ratings12

Active installs20K

Alternatives

Meks Easy Photo Feed Widget Alternatives

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

Social Feed Gallery

insta-gallery

Formerly known as "Instagram Feed", this is the best plugin for displaying Instagram feeds on WordPress. It also supports Instagram reels.

80K 3 CVEs

WPZOOM Social Feed Widget & Block

instagram-widget-by-wpzoom

100

Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor

60K 1 CVE

Widgets for Social Photo Feed

social-photo-feed-widget

Instagram Feed Widgets. Display your Instagram feed on your website to increase engagement, sales and SEO.

10K 1 unpatched

Inavii Social Feed

inavii-social-feed-for-elementor

100

Create beautiful Instagram feeds for your website in minutes with the Block Editor, shortcode, or Elementor widget.

9K No CVEs

Developer Profile

Meks Easy Photo Feed Widget Developer Profile

Meks

14 plugins · 117K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

236 days

View full developer profile

Detection Fingerprints

How We Detect Meks Easy Photo Feed Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/meks-easy-instagram-widget/css/admin-settings.css/wp-content/plugins/meks-easy-instagram-widget/js/settings.js/wp-content/plugins/meks-easy-instagram-widget/css/instagram-widget.css/wp-content/plugins/meks-easy-instagram-widget/js/instagram-widget.js

Version Parameters

meks-easy-instagram-widget/css/admin-settings.css?ver=meks-easy-instagram-widget/js/settings.js?ver=meks-easy-instagram-widget/css/instagram-widget.css?ver=meks-easy-instagram-widget/js/instagram-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes

meks-instagram-widget

Data Attributes

data-ajax-url

JS Globals

meks_js_settings

FAQ