Does 10WebSocial have any unpatched vulnerabilities?

No. All known vulnerabilities in 10WebSocial have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is 10WebSocial compatible with WordPress 5.0.25?

According to WordPress.org data, 10WebSocial 1.4.35 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

Is 10WebSocial compatible with PHP 5.2+?

10WebSocial requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is 10WebSocial updated?

10WebSocial was last updated on Feb 9, 2023. Frequent updates are generally a positive security signal.

What is 10WebSocial's security score?

10WebSocial has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

10WebSocial Security & Risk Analysis

wordpress.org/plugins/wd-instagram-feed

10Web

10K active installs v1.4.35 PHP 5.2+ WP 4.6+ Updated Feb 9, 2023

B · Generally Safe

CVEs total2

Unpatched0

Last CVEDec 7, 2021

Plugin page Download

Safety Verdict

Is 10WebSocial Safe to Use in 2026?

Mostly Safe

Score 84/100

10WebSocial is generally safe to use though it hasn't been updated recently. 2 past CVEs were resolved. Keep it updated.

2 known CVEsLast CVE: Dec 7, 2021Updated 3yr ago

Risk Assessment

The wd-instagram-feed plugin v1.4.35 exhibits a mixed security posture. While a significant majority of SQL queries are prepared (63%) and output escaping is generally well-implemented (97%), there are notable areas of concern. The presence of two AJAX handlers lacking authentication checks represents a direct attack vector. The two known medium severity vulnerabilities, both related to Cross-Site Scripting (XSS), and the fact that the last vulnerability was in late 2021, suggest a history of such issues, even if they are currently patched. The use of 'unserialize' is also a red flag, as it can be dangerous if not handled with extreme care and input validation. While the taint analysis did not reveal critical or high severity issues, the five flows with unsanitized paths warrant attention, as they indicate potential for unintended data manipulation or exposure. Overall, the plugin has some strong security practices in place, but the lack of authentication on certain entry points and the history of XSS vulnerabilities, coupled with the dangerous function usage, present tangible risks that require careful consideration.

Key Concerns

Unprotected AJAX handlers
Use of dangerous 'unserialize' function
Medium severity CVEs in history
Unsanitized paths in taint flows

Vulnerabilities

10WebSocial Security Vulnerabilities

CVEs by Year

1 CVE in 2018

2018

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2021-25047medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

10Web Social Photo Feed <= 1.4.28 - Reflected Cross-Site Scripting

Dec 7, 2021 Patched in 1.4.29 (777d)

CVE-2018-10300medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WD Instagram Feed <= 1.3.0 - Cross-site scripting

Apr 23, 2018 Patched in 1.3.1 (2101d)

Code Analysis

Analyzed Mar 16, 2026

10WebSocial Code Analysis

Dangerous Functions

Raw SQL Queries

60 prepared

Unescaped Output

109

3292 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$page_score = unserialize($post['meta_value']);booster\AdminBar.php:258

unserialize$body = unserialize($request['body']);wd\includes\overview.php:68

SQL Query Safety

63% prepared95 total queries

Output Escaping

97% escaped3401 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths

get_google_page_speed (booster\controller.php:530)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

10WebSocial Attack Surface

Entry Points25

Unprotected2

AJAX Handlers 23

authwp_ajax_twb_check_scorebooster\main.php:63

authwp_ajax_twb_notif_checkbooster\main.php:64

authwp_ajax_wdi_token_flagfrontend\shortcode.php:327

noprivwp_ajax_wdi_token_flagfrontend\shortcode.php:328

authwp_ajax_wdi_cachewd-instagram-feed.php:13

noprivwp_ajax_wdi_cachewd-instagram-feed.php:14

authwp_ajax_wdi_getUserMediawd-instagram-feed.php:15

noprivwp_ajax_wdi_getUserMediawd-instagram-feed.php:16

authwp_ajax_wdi_getTagRecentMediawd-instagram-feed.php:17

noprivwp_ajax_wdi_getTagRecentMediawd-instagram-feed.php:18

authwp_ajax_wdi_getRecentMediaCommentswd-instagram-feed.php:19

noprivwp_ajax_wdi_getRecentMediaCommentswd-instagram-feed.php:20

authwp_ajax_wdi_set_preload_cache_datawd-instagram-feed.php:21

noprivwp_ajax_wdi_set_preload_cache_datawd-instagram-feed.php:22

authwp_ajax_wdi_getHashtagIdwd-instagram-feed.php:23

noprivwp_ajax_wdi_getHashtagIdwd-instagram-feed.php:24

authwp_ajax_wdi_apply_changeswd-instagram-feed.php:25

noprivwp_ajax_wdi_apply_changeswd-instagram-feed.php:26

authwp_ajax_wdi_account_disconnectwd-instagram-feed.php:27

authwp_ajax_wdi_account_refreshwd-instagram-feed.php:28

authwp_ajax_WDIGalleryBoxwd-instagram-feed.php:190

noprivwp_ajax_WDIGalleryBoxwd-instagram-feed.php:191

authwp_ajax_WDIEditorShortcodewd-instagram-feed.php:611

Shortcodes 2

[wdi_feed] frontend\shortcode.php:12

[wdi_preview] frontend\shortcode.php:13

WordPress Hooks 49

actionelementor/editor/after_enqueue_scriptsbooster\Elementor.php:14

actionelementor/documents/register_controlsbooster\Elementor.php:15

actionenqueue_block_editor_assetsbooster\Gutenberg.php:10

actioninitbooster\init.php:2

filtertenweb_booster_sdkbooster\init.php:3

actioninitbooster\init.php:18

filtermanage_post_posts_columnsbooster\List.php:16

filtermanage_page_posts_columnsbooster\List.php:17

actionmanage_post_posts_custom_columnbooster\List.php:18

actionmanage_page_posts_custom_columnbooster\List.php:19

actioninitbooster\main.php:56

actionadmin_enqueue_scriptsbooster\main.php:57

actionwp_enqueue_scriptsbooster\main.php:58

actionadmin_menubooster\main.php:60

actionadmin_bar_menubooster\main.php:69

actionelementor/widgets/widgets_registeredelementor\elementor.php:15

actionelementor/editor/after_enqueue_scriptselementor\elementor.php:16

actionelementor/editor/after_enqueue_styleselementor\elementor.php:20

actionelementor/elements/categories_registeredelementor\elementor.php:23

actioninitfrontend\shortcode.php:6

actionadmin_footerwd\includes\deactivate.php:53

actionadmin_initwd\includes\deactivate.php:54

actionadmin_initwd\includes\notices.php:18

actionadmin_initwd\includes\notices.php:20

actionadmin_noticeswd\includes\notices.php:21

actionadmin_initwd\includes\subscribe.php:24

actionadmin_menuwd\wd.php:27

filtertw_get_plugin_blockswd-instagram-feed.php:31

filtertw_get_block_editor_assetswd-instagram-feed.php:32

actionadmin_initwd-instagram-feed.php:263

actioninitwd-instagram-feed.php:310

filterwdi_sanitize_optionswd-instagram-feed.php:332

actionadmin_menuwd-instagram-feed.php:408

actionadmin_head-toplevel_page_wdi_feedswd-instagram-feed.php:440

actionadmin_enqueue_scriptswd-instagram-feed.php:479

actionadmin_enqueue_scriptswd-instagram-feed.php:541

actionenqueue_block_editor_assetswd-instagram-feed.php:552

actionwidgets_initwd-instagram-feed.php:580

actionmedia_buttonswd-instagram-feed.php:588

actionadmin_headwd-instagram-feed.php:642

actioninitwd-instagram-feed.php:676

actioninitwd-instagram-feed.php:677

actioninitwd-instagram-feed.php:704

actioninitwd-instagram-feed.php:713

filterplugin_row_metawd-instagram-feed.php:847

actionadmin_noticeswd-instagram-feed.php:851

actionadmin_noticeswd-instagram-feed.php:871

actionplugins_loadedwd-instagram-feed.php:882

actioninitwd-instagram-feed.php:932

Scheduled Events 1

wdi_schedule_event_hook

Maintenance & Trust

10WebSocial Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedFeb 9, 2023

PHP min version5.2

Downloads3.0M

Community Trust

Rating90/100

Number of ratings352

Active installs10K

Alternatives

10WebSocial Alternatives

No alternatives data available yet.

Developer Profile

10WebSocial Developer Profile

10Web

9 plugins · 365K total installs

trust score

Avg Security Score

82/100

Avg Patch Time

724 days

View full developer profile

Detection Fingerprints

How We Detect 10WebSocial

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wd-instagram-feed/css/wd-instagram-feed.css/wp-content/plugins/wd-instagram-feed/js/wd-instagram-feed.js/wp-content/plugins/wd-instagram-feed/css/wd-instagram-feed-admin.css/wp-content/plugins/wd-instagram-feed/js/wd-instagram-feed-admin.js/wp-content/plugins/wd-instagram-feed/js/block.js/wp-content/plugins/wd-instagram-feed/css/block.css/wp-content/plugins/wd-instagram-feed/css/wdi_frontend.css/wp-content/plugins/wd-instagram-feed/js/wdi_frontend.js

Version Parameters

wd-instagram-feed/css/wd-instagram-feed.css?ver=wd-instagram-feed/js/wd-instagram-feed.js?ver=wd-instagram-feed/css/wd-instagram-feed-admin.css?ver=wd-instagram-feed/js/wd-instagram-feed-admin.js?ver=wd-instagram-feed/js/block.js?ver=wd-instagram-feed/css/block.css?ver=wd-instagram-feed/css/wdi_frontend.css?ver=wd-instagram-feed/js/wdi_frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

wdi_instagram_feed_container

Data Attributes

data-feed-id

JS Globals

wdi_frontend_ajax_object

REST Endpoints

/wp-json/wdi/v1/feed/wp-json/wdi/v1/settings

FAQ