WP-Safety

Tagembed Social Feeds Widget Security & Risk Analysis

wordpress.org/plugins/tagembed-widget

Collect & Embed Instagram Feed, Embed Facebook Feed, Embed YouTube Videos, Embed Twitter Feed, Google Reviews & 15+ Social Media Feed on website.

10K active installs v7.2 PHP 5.6+ WP 3.0+ Updated Mar 26, 2026
facebook-feedgoogle-reviewsinstagram-feedsocial-feedssocial-media-feed
99
A · Safe
CVEs total2
Unpatched0
Last CVEMay 17, 2024
Plugin page Download
Safety Verdict

Is Tagembed Social Feeds Widget Safe to Use in 2026?

Generally Safe

Score 99/100

Tagembed Social Feeds Widget has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: May 17, 2024Updated 1mo ago
Risk Assessment

The tagembed-widget v7.1 plugin exhibits a generally strong security posture, with excellent practices in SQL query handling and output escaping, indicating a development team that prioritizes secure coding. The absence of dangerous functions and file operations further bolsters confidence. However, the analysis reveals three taint flows with unsanitized paths, all classified as high severity. While these flows are not immediately exploitable due to the plugin's entry points being protected by nonce and capability checks, they represent a potential weakness that could be exploited if those checks were bypassed or if new, unprotected entry points were introduced in future versions. The plugin's vulnerability history, while currently showing no unpatched CVEs, includes two past medium-severity vulnerabilities, specifically Missing Authorization and Cross-site Scripting. This historical pattern, combined with the identified taint flows, suggests a recurring need for vigilance regarding input sanitization and authorization checks. In conclusion, tagembed-widget v7.1 is a well-developed plugin with good security foundations. The identified high-severity taint flows are the primary concern and warrant attention to ensure thorough sanitization, even with existing protective measures.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Past medium severity vulnerabilities (XSS, Auth)
Vulnerabilities
2 published

Tagembed Social Feeds Widget Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-34804medium · 4.3Missing Authorization

Tagembed <= 5.8 - Missing Authorization

May 17, 2024 Patched in 5.9 (48d)
CVE-2024-32561medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 4.9 (9d)
Version History

Tagembed Social Feeds Widget Release Timeline

v7.2Current
v7.1
v7
v6.10
v6.9
v6.8
v6.7
v6.6
v6.5
v6.4
v6.3
v6.2
v6.1
v6.0
v5.9
v5.81 CVE
CVE-2024-34804
v5.71 CVE
CVE-2024-34804
v5.61 CVE
CVE-2024-34804
v5.51 CVE
CVE-2024-34804
v5.41 CVE
CVE-2024-34804
Code Analysis
Analyzed Mar 16, 2026

Tagembed Social Feeds Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
51 prepared
Unescaped Output
3
259 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared51 total queries

Output Escaping

99% escaped262 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
___tagembed__dataAjaxHandler (tagembed.php:145)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Tagembed Social Feeds Widget Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_datatagembed.php:144

Shortcodes 1

[tagembed] tagembed.php:1655
WordPress Hooks 7
actioninittagembed.php:64
filterscript_loader_tagtagembed.php:65
actionadmin_menutagembed.php:112
actionactivated_plugintagembed.php:1524
actionupgrader_process_completetagembed.php:1567
actionin_admin_headertagembed.php:1621
actionadmin_noticestagembed.php:1634
Maintenance & Trust

Tagembed Social Feeds Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 26, 2026
PHP min version5.6
Downloads220K

Community Trust

Rating76/100
Number of ratings57
Active installs10K
Alternatives

Tagembed Social Feeds Widget Alternatives

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets

wp-social-reviews

A
96

Add Facebook feeds, Instagram feeds, TikTok feeds, Facebook reviews, WhatsApp Chat, Messenger chat, Testimonial, and others using a single dashboard.

30K 3 CVEs
EmbedSocial – Social Media Feeds, Reviews and Galleries

EmbedSocial – Social Media Feeds, Reviews and Galleries

embedalbum-pro

A
99

EmbedSocial allows you to collect and embed social media content on any website automatically.

4K 2 CVEs
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

Easy Social Feed – Social Photos Gallery and Post Feed for WordPress

easy-facebook-likebox

A
96

Display Instagram, Facebook & YouTube feeds with photos, videos, reels, events & galleries. Fast, responsive & easy to set up.

30K 10 CVEs
Social Slider Feed

Social Slider Feed

instagram-slider-widget

A
88

Display Instagram, Facebook and YouTube feeds in widgets, posts, pages, or anywhere else on your website.

20K 11 CVEs
SocialFeeds

SocialFeeds

socialfeeds

A
100

YouTube feeds for WordPress with simple Setup and Settings options.

10K No CVEs
Developer Profile

Tagembed Social Feeds Widget Developer Profile

Tagembed

1 plugin · 10K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
29 days
View full developer profile
Detection Fingerprints

How We Detect Tagembed Social Feeds Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tagembed-widget/assets/css/common.css/wp-content/plugins/tagembed-widget/assets/css/toast.css/wp-content/plugins/tagembed-widget/assets/css/confirm_dialog.css/wp-content/plugins/tagembed-widget/assets/css/loader.css/wp-content/plugins/tagembed-widget/assets/css/styles.css/wp-content/plugins/tagembed-widget/assets/js/toast.js/wp-content/plugins/tagembed-widget/assets/js/confirm_dialog.js/wp-content/plugins/tagembed-widget/assets/js/loader.js+4 more
Script Paths
https://widget.tagembed.com/embed.min.js
Version Parameters
tagembed-widget/assets/css/common.css?ver=tagembed-widget/assets/css/toast.css?ver=tagembed-widget/assets/css/confirm_dialog.css?ver=tagembed-widget/assets/css/loader.css?ver=tagembed-widget/assets/css/styles.css?ver=tagembed-widget/assets/js/toast.js?ver=tagembed-widget/assets/js/confirm_dialog.js?ver=tagembed-widget/assets/js/loader.js?ver=tagembed-widget/assets/js/tagembed.deactive.js?ver=tagembed-widget/assets/js/dialog.form.js?ver=tagembed-widget/assets/css/editor/editor.css?ver=tagembed-widget/assets/js/editor/editor.js?ver=

HTML / DOM Fingerprints

CSS Classes
tagembed-widgettagembed-block
HTML Comments
<!-- --Start-- Create Constant --><!-- --End-- Create Constant --><!-- --Start--Include Files --><!-- --End--Include Files -->+10 more
Data Attributes
__tagembed__embbedJs__tagembed__commonCss__tagembed__toastCss__tagembed__confirmDialogCss__tagembed__tagembedloaderCss__tagembed__popupCss+7 more
JS Globals
__tagembed__pluginLoaderImageUrlObj__tagembed__ajax_call_security_nones_object
FAQ

Frequently Asked Questions about Tagembed Social Feeds Widget