Vetrogram Security & Risk Analysis
wordpress.org/plugins/vetrogramVetrogram is a plugin for presenting your latest instagram posts in Wordpress. No need for your login details, API key, etc. Only by Username!
Is Vetrogram Safe to Use in 2026?
Generally Safe
Score 85/100Vetrogram has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The Vetrogram plugin v1.0.0 exhibits a mixed security posture. On the positive side, there are no known vulnerabilities in its history, and the code signals indicate a lack of dangerous functions, no raw SQL queries, and no file operations. This suggests some foundational security awareness in its development.
However, significant concerns arise from the static analysis. The plugin has a notable 52% of output that is not properly escaped, posing a risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, there are zero capability checks and zero nonce checks implemented, which are crucial security mechanisms for preventing unauthorized actions and CSRF attacks, especially given the presence of a shortcode which represents an entry point. The taint analysis also revealed flows with unsanitized paths, although they are not currently categorized as critical or high severity. The single external HTTP request also warrants attention to ensure it's being handled securely.
Overall, while the absence of historical vulnerabilities and dangerous functions is positive, the lack of essential security checks and the high rate of unescaped output present tangible risks that need to be addressed. The plugin's strengths lie in its clean SQL usage and lack of critical code flaws, but its weaknesses in input sanitization and authentication/authorization mechanisms are significant.
Key Concerns
- Output escaping is not properly handled (48%)
- No capability checks implemented
- No nonce checks implemented
- Taint flows with unsanitized paths found
- External HTTP request without clear checks
Vetrogram Security Vulnerabilities
Vetrogram Code Analysis
Output Escaping
Data Flow Analysis
Vetrogram Attack Surface
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
Vetrogram Maintenance & Trust
Maintenance Signals
Community Trust
Vetrogram Alternatives
WP Social Feed Gallery
wp-social-feed-gallery
WP Social Feed Gallery is a simple WordPress plugin that allow you to display your Instagram feed pictures in your website.
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin
instagram-feed
Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.
WPZOOM Social Feed Widget & Block
instagram-widget-by-wpzoom
Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress
easy-facebook-likebox
Display Instagram, Facebook & YouTube feeds with photos, videos, reels, events & galleries. Fast, responsive & easy to set up.
Meow Lightbox
meow-lightbox
The elegant lightbox built for photographers. Fast, responsive, and displays your photos beautifully with EXIF data and maps. You'll love it! 💕
Vetrogram Developer Profile
1 plugin · 10 total installs
How We Detect Vetrogram
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/vetrogram/css/vetrogram.min.css/wp-content/plugins/vetrogram/js/vetrogram.min.js/wp-content/plugins/vetrogram/js/jquery.waitforimages.js/wp-content/plugins/vetrogram/js/isotope.pkgd.min.js/wp-content/plugins/vetrogram/js/vetrogram.min.js/wp-content/plugins/vetrogram/js/jquery.waitforimages.js/wp-content/plugins/vetrogram/js/isotope.pkgd.min.jsHTML / DOM Fingerprints
vtg-profile-holdervtg-desc-holdervtg-avatar-holdervtg-name-holdervtg-namevtg_pagination