Does Simple Photo Feed have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Photo Feed have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Photo Feed compatible with WordPress 6.8.5?

According to WordPress.org data, Simple Photo Feed 1.4.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Photo Feed compatible with PHP 7.2+?

Simple Photo Feed requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Photo Feed updated?

Simple Photo Feed was last updated on Jul 3, 2025. Frequent updates are generally a positive security signal.

What is Simple Photo Feed's security score?

Simple Photo Feed has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Photo Feed Security & Risk Analysis

wordpress.org/plugins/simple-photo-feed

Simple Photo Feed provides an easy way to connect to your Instagram account and display your photos in your WordPress site.

1K active installs v1.4.3 PHP 7.2+ WP 5.3.0+ Updated Jul 3, 2025

embedfeedinstagramphoto-gallerysocial

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 18, 2025

Plugin page Download

Safety Verdict

Is Simple Photo Feed Safe to Use in 2026?

Generally Safe

Score 99/100

Simple Photo Feed has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 18, 2025Updated 9mo ago

Risk Assessment

The simple-photo-feed plugin exhibits a mixed security posture. While it demonstrates good practices by effectively escaping most output (89%) and utilizing nonce checks (5) and capability checks (9) in some areas, significant concerns remain. The presence of two unprotected AJAX handlers represents a substantial attack surface, potentially allowing unauthenticated users to trigger plugin functionality. The complete lack of prepared statements for its single SQL query is also a red flag, increasing the risk of SQL injection vulnerabilities, especially when combined with potentially unsanitized input that isn't explicitly caught in the taint analysis. The plugin has a history of known vulnerabilities, with one medium-severity CVE recorded, specifically related to missing authorization. This historical pattern, coupled with the current unprotected AJAX endpoints, suggests a recurring weakness in authorization enforcement within the plugin.

Key Concerns

Unprotected AJAX handlers found
SQL queries without prepared statements
Medium severity CVE in vulnerability history

Vulnerabilities

Simple Photo Feed Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-27000medium · 5.4Missing Authorization

Simple Photo Feed <= 1.4.0 - Missing Authorization

Feb 18, 2025 Patched in 1.4.1 (36d)

Code Analysis

Analyzed Mar 16, 2026

Simple Photo Feed Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

63 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

89% escaped71 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<simple-photo-feed-admin-display> (admin\partials\simple-photo-feed-admin-display.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Simple Photo Feed Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_spf_disconnect_userincludes\class-simple-photo-feed.php:180

authwp_ajax_spf_clear_feed_cacheincludes\class-simple-photo-feed.php:181

Shortcodes 1

[simple-photo-feed] includes\class-simple-photo-feed.php:203

WordPress Hooks 12

actionadmin_noticesadmin\class-simple-photo-feed-admin.php:180

actionplugins_loadedincludes\class-simple-photo-feed.php:158

actionadmin_enqueue_scriptsincludes\class-simple-photo-feed.php:172

actionadmin_enqueue_scriptsincludes\class-simple-photo-feed.php:173

actionadmin_initincludes\class-simple-photo-feed.php:175

actionadmin_menuincludes\class-simple-photo-feed.php:176

filtercron_schedulesincludes\class-simple-photo-feed.php:177

filterplugin_action_linksincludes\class-simple-photo-feed.php:178

actionsimple_photo_refresh_tokenincludes\class-simple-photo-feed.php:185

actionupdate_option_spf_main_settingsincludes\class-simple-photo-feed.php:186

actionsimple_photo_update_feedincludes\class-simple-photo-feed.php:187

actionwp_enqueue_scriptsincludes\class-simple-photo-feed.php:201

Scheduled Events 2

simple_photo_refresh_token

simple_photo_update_feed

Maintenance & Trust

Simple Photo Feed Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 3, 2025

PHP min version7.2

Downloads13K

Community Trust

Rating100/100

Number of ratings7

Active installs1K

Alternatives

Simple Photo Feed Alternatives

Juicer.io: Effortlessly embed, curate, and aggregate social media feeds into your website

juicer

100

Aggregate social media posts and hashtags from Instagram, X (Twitter), Facebook, LinkedIn, YouTube, and more into a stunning feed on your website.

9K 1 CVE

Walls.io: Social Media Feed

wallsio

100

Embed Walls.io social walls into WordPress posts with just one click!

1K No CVEs

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

embedpress

EmbedPress lets you embed videos, pages, social feeds, embed PDF 3D flipbooks & other content on WordPress without coding & enhance storytelling.

100K 27 CVEs

Spotlight Social Feeds – Block, Shortcode, and Widget

spotlight-social-photo-feeds

Instagram feeds made easy. Responsive, customizable, accessible, and SEO-friendly out of the box. Includes Instagram blocks & oEmbed support.

60K 3 CVEs

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets

wp-social-reviews

Add Facebook feeds, Instagram feeds, TikTok feeds, Facebook reviews, WhatsApp Chat, Messenger chat, Testimonial, and others using a single dashboard.

30K 3 CVEs

Developer Profile

Simple Photo Feed Developer Profile

George Pattichis

9 plugins · 76K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

192 days

View full developer profile

Detection Fingerprints

How We Detect Simple Photo Feed

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-photo-feed/admin/css/simple-photo-feed-admin.css/wp-content/plugins/simple-photo-feed/public/css/simple-photo-feed-public.css/wp-content/plugins/simple-photo-feed/public/js/simple-photo-feed-public.js

Script Paths

/wp-content/plugins/simple-photo-feed/admin/js/simple-photo-feed-admin.js

Version Parameters

simple-photo-feed/admin/css/simple-photo-feed-admin.css?ver=simple-photo-feed/public/css/simple-photo-feed-public.css?ver=simple-photo-feed/public/js/simple-photo-feed-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

spf-feed-containerspf-feed-itemspf-feed-imagespf-feed-caption

HTML Comments

Data Attributes

data-spf-settingsdata-feed-containerdata-feed-item

JS Globals

spf

Shortcode Output

<div class="spf-feed-container"><div class="spf-feed-item"><img class="spf-feed-image" src="" alt="

FAQ