Does Ultimate Social Feed Gallery have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultimate Social Feed Gallery compatible with WordPress 6.7.5?

According to WordPress.org data, Ultimate Social Feed Gallery 1.7.16 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Ultimate Social Feed Gallery updated?

Ultimate Social Feed Gallery was last updated on Nov 27, 2024. Frequent updates are generally a positive security signal.

What is Ultimate Social Feed Gallery's security score?

Ultimate Social Feed Gallery has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultimate Social Feed Gallery Security & Risk Analysis

wordpress.org/plugins/ultimate-feed-gallery

Display instagram feed as gallery of images in your WordPress Website

0 active installs v1.7.16 PHP + WP 4.0+ Updated Nov 27, 2024

instagraminstagram-feedinstagram-galleryinstagram-plugininstagram-widget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ultimate Social Feed Gallery Safe to Use in 2026?

Generally Safe

Score 92/100

Ultimate Social Feed Gallery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "ultimate-feed-gallery" v1.7.16 plugin exhibits a generally good security posture with several strengths. The absence of known CVEs and recorded vulnerabilities, coupled with a strong adherence to prepared statements for SQL queries and a high percentage of properly escaped output, are positive indicators. The plugin also correctly implements nonce and capability checks in a significant portion of its entry points, and the taint analysis shows no critical or high severity unsanitized flows.

However, there are notable areas of concern that warrant attention. The plugin exposes a total of 7 entry points, with 2 of these AJAX handlers lacking authentication checks. This creates a significant attack surface where an unauthenticated user could potentially trigger unintended actions. Furthermore, the plugin bundles Select2, which, if outdated, could introduce vulnerabilities, although no specific version information is provided to assess this risk.

In conclusion, while the plugin demonstrates good core security practices like prepared statements and output escaping, the presence of unprotected AJAX handlers is a clear risk. The lack of historical vulnerabilities is encouraging but does not negate the current risks identified in the static analysis. Addressing the unprotected AJAX handlers should be a priority to improve the overall security of the plugin.

Key Concerns

Unprotected AJAX handlers
Bundled libraries (Select2)

Vulnerabilities

None known

Ultimate Social Feed Gallery Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Ultimate Social Feed Gallery Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Ultimate Social Feed Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

307 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

91% escaped338 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<content> (admin\views\campaigns\wizard\content.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Ultimate Social Feed Gallery Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 6

authwp_ajax_ultimate_instagram_save_campaignadmin\classes\class-admin-ajax.php:25

authwp_ajax_ultimate_instagram_select_integrationadmin\classes\class-admin-ajax.php:26

authwp_ajax_ultimate_instagram_save_api_dataadmin\classes\class-admin-ajax.php:27

authwp_ajax_ultimate_instagram_skip_premiumadmin\classes\class-admin-ajax.php:28

authwp_ajax_ultimate_instagram_refresh_feedincludes\class-front-ajax.php:24

noprivwp_ajax_ultimate_instagram_refresh_feedincludes\class-front-ajax.php:25

Shortcodes 1

[ultimate-instagram] includes\class-core.php:100

WordPress Hooks 21

actionadmin_menuadmin\abstracts\class-admin-module.php:46

actionadmin_headadmin\abstracts\class-admin-module.php:47

actionadmin_menu_editor-menu_replacedadmin\abstracts\class-admin-module.php:50

filterultimate_instagram_dataadmin\abstracts\class-admin-module.php:52

filterultimate_instagram_l10nadmin\abstracts\class-admin-module.php:53

filtersubmenu_fileadmin\abstracts\class-admin-module.php:54

actionadmin_enqueue_scriptsadmin\abstracts\class-admin-page.php:241

actioninitadmin\abstracts\class-admin-page.php:242

actionadmin_menuadmin\classes\class-admin.php:34

actionadmin_menuadmin\classes\class-admin.php:83

actionadmin_menuadmin\classes\class-admin.php:108

actionadmin_menuadmin\classes\class-admin.php:132

actionwp_enqueue_scriptsincludes\class-core.php:97

actionadmin_initincludes\class-log.php:57

filtercron_schedulesincludes\class-schedule.php:45

actionultimate_cron_hookincludes\class-schedule.php:74

actionadmin_initultimate-feed-gallery.php:121

actioncurrent_screenultimate-feed-gallery.php:130

actionadmin_noticesultimate-feed-gallery.php:167

actionadmin_enqueue_scriptsultimate-feed-gallery.php:168

actionplugins_loadedultimate-feed-gallery.php:232

Scheduled Events 1

ultimate_cron_hook

Maintenance & Trust

Ultimate Social Feed Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 27, 2024

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Ultimate Social Feed Gallery Alternatives

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

Social Feed Gallery

insta-gallery

Formerly known as "Instagram Feed", this is the best plugin for displaying Instagram feeds on WordPress. It also supports Instagram reels.

80K 3 CVEs

WPZOOM Social Feed Widget & Block

instagram-widget-by-wpzoom

100

Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor

60K 1 CVE

Meks Easy Photo Feed Widget

meks-easy-instagram-widget

Easily display Instagram photos as a widget that looks good in (almost) any WordPress theme.

20K 1 CVE

Widgets for Social Photo Feed

social-photo-feed-widget

Instagram Feed Widgets. Display your Instagram feed on your website to increase engagement, sales and SEO.

10K 1 unpatched

Developer Profile

Ultimate Social Feed Gallery Developer Profile

wphobby

16 plugins · 220 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ultimate Social Feed Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultimate-feed-gallery/assets/css/notice.css

Script Paths

/wp-content/plugins/ultimate-feed-gallery/assets/js/notice.js

Version Parameters

ultimate-feed-gallery/assets/css/notice.css?ver=ultimate-feed-gallery/assets/js/notice.js?ver=

HTML / DOM Fingerprints

CSS Classes

ultimate-notice-containerultimate-notice-inner-wrapperultimate-notice-message-containerultimate-notice-headerultimate-notice-messageultimate-notice-actionsultimate-notice-buttonultimate-notice-skip

Data Attributes

data-ultimate-instagram-gallery-id

JS Globals

Ultimate_Instagram_Data

Shortcode Output

[ultimate-instagram-feed]

FAQ