[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frEKJtAgL5g0YCwfRZjsPI8a65-FBR3733mm2gA8IidE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":7,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":22,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":54,"crawl_stats":32,"alternatives":62,"analysis":63,"fingerprints":727},"wd-instagram-feed","10WebSocial","1.4.35","10Web","https:\u002F\u002Fprofiles.wordpress.org\u002F10web\u002F","\u003Cp>10Web\u003C\u002Fp>\n",10000,3013255,90,352,"2023-02-09T17:06:00.000Z","5.0.25","4.6","5.2",[],"https:\u002F\u002F10web.io\u002Fplugins\u002Fwordpress-instagram-feed\u002F?utm_source=instagram_feed&utm_medium=free_plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwd-instagram-feed.1.4.35.zip",84,2,0,"2021-12-07 00:00:00","2026-03-15T15:16:48.613Z",[27,43],{"id":28,"url_slug":29,"title":30,"description":31,"plugin_slug":4,"theme_slug":32,"affected_versions":33,"patched_in_version":34,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":24,"updated_date":39,"references":40,"days_to_patch":42},"CVE-2021-25047","10web-social-photo-feed-reflected-cross-site-scripting","10Web Social Photo Feed \u003C= 1.4.28 - Reflected Cross-Site Scripting","The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users",null,"\u003C=1.4.28","1.4.29","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[41],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc5aa0006-435d-4874-8d71-659d5d72e702?source=api-prod",777,{"id":44,"url_slug":45,"title":46,"description":47,"plugin_slug":4,"theme_slug":32,"affected_versions":48,"patched_in_version":49,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":50,"updated_date":39,"references":51,"days_to_patch":53},"CVE-2018-10300","wd-instagram-feed-cross-site-scripting","WD Instagram Feed \u003C= 1.3.0 - Cross-site scripting","Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio.","\u003C1.3.1","1.3.1","2018-04-23 00:00:00",[52],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb8daa685-d366-4b08-9f30-b14700fdee03?source=api-prod",2101,{"slug":55,"display_name":7,"profile_url":8,"plugin_count":56,"total_installs":57,"avg_security_score":58,"avg_patch_time_days":59,"trust_score":60,"computed_at":61},"10web",9,365160,82,724,66,"2026-04-04T00:40:04.102Z",[],{"attackSurface":64,"codeSignals":316,"taintFlows":620,"riskAssessment":715,"analyzedAt":726},{"hooks":65,"ajaxHandlers":246,"restRoutes":304,"shortcodes":305,"cronEvents":311,"entryPointCount":285,"unprotectedCount":22},[66,72,76,81,86,90,92,97,100,103,106,110,114,117,121,125,129,131,136,140,144,149,153,156,158,162,166,170,175,179,182,185,189,192,196,199,202,205,209,213,217,220,223,226,229,233,236,239,243],{"type":67,"name":68,"callback":69,"file":70,"line":71},"action","elementor\u002Feditor\u002Fafter_enqueue_scripts","scripts_styles","booster\\Elementor.php",14,{"type":67,"name":73,"callback":74,"file":70,"line":75},"elementor\u002Fdocuments\u002Fregister_controls","register_document_controls",15,{"type":67,"name":77,"callback":78,"file":79,"line":80},"enqueue_block_editor_assets","register_scripts","booster\\Gutenberg.php",10,{"type":67,"name":82,"callback":83,"priority":84,"file":85,"line":22},"init","closure",8,"booster\\init.php",{"type":87,"name":88,"callback":83,"file":85,"line":89},"filter","tenweb_booster_sdk",3,{"type":67,"name":82,"callback":83,"priority":80,"file":85,"line":91},18,{"type":87,"name":93,"callback":94,"file":95,"line":96},"manage_post_posts_columns","add_column","booster\\List.php",16,{"type":87,"name":98,"callback":94,"file":95,"line":99},"manage_page_posts_columns",17,{"type":67,"name":101,"callback":102,"priority":80,"file":95,"line":91},"manage_post_posts_custom_column","manage_column",{"type":67,"name":104,"callback":102,"priority":80,"file":95,"line":105},"manage_page_posts_custom_column",19,{"type":67,"name":82,"callback":107,"file":108,"line":109},"register_meta","booster\\main.php",56,{"type":67,"name":111,"callback":112,"file":108,"line":113},"admin_enqueue_scripts","register_admin_scripts",57,{"type":67,"name":115,"callback":78,"file":108,"line":116},"wp_enqueue_scripts",58,{"type":67,"name":118,"callback":119,"file":108,"line":120},"admin_menu","add_submenu",60,{"type":67,"name":122,"callback":122,"priority":123,"file":108,"line":124},"admin_bar_menu",100,69,{"type":67,"name":126,"callback":127,"file":128,"line":75},"elementor\u002Fwidgets\u002Fwidgets_registered","register_elementor_widgets","elementor\\elementor.php",{"type":67,"name":68,"callback":130,"file":128,"line":96},"enqueue_elementor_widget_scripts",{"type":67,"name":132,"callback":133,"priority":134,"file":128,"line":135},"elementor\u002Feditor\u002Fafter_enqueue_styles","enqueue_editor_styles",1,20,{"type":67,"name":137,"callback":138,"priority":134,"file":128,"line":139},"elementor\u002Felements\u002Fcategories_registered","register_widget_category",23,{"type":67,"name":82,"callback":141,"file":142,"line":143},"wdi_frontend_init","frontend\\shortcode.php",6,{"type":67,"name":145,"callback":146,"file":147,"line":148},"admin_footer","add_deactivation_feedback_dialog_box","wd\\includes\\deactivate.php",53,{"type":67,"name":150,"callback":151,"file":147,"line":152},"admin_init","submit_and_deactivate",54,{"type":67,"name":150,"callback":154,"file":155,"line":91},"admin_notice_ignore","wd\\includes\\notices.php",{"type":67,"name":150,"callback":157,"file":155,"line":135},"admin_notice_temp_ignore",{"type":67,"name":159,"callback":160,"file":155,"line":161},"admin_notices","wd_admin_notices",21,{"type":67,"name":150,"callback":163,"file":164,"line":165},"after_subscribe","wd\\includes\\subscribe.php",24,{"type":67,"name":118,"callback":167,"priority":80,"file":168,"line":169},"wd_overview_menu_page","wd\\wd.php",27,{"type":87,"name":171,"callback":172,"file":173,"line":174},"tw_get_plugin_blocks","wdi_register_plugin_block","wd-instagram-feed.php",31,{"type":87,"name":176,"callback":177,"file":173,"line":178},"tw_get_block_editor_assets","wdi_register_block_editor_assets",32,{"type":67,"name":150,"callback":180,"file":173,"line":181},"wdi_admin_init",263,{"type":67,"name":82,"callback":183,"file":173,"line":184},"wdi_run_cache_cron",310,{"type":87,"name":186,"callback":187,"file":173,"line":188},"wdi_sanitize_options","wdi_create_sample_feed",332,{"type":67,"name":118,"callback":190,"priority":56,"file":173,"line":191},"WDI_instagram_menu",408,{"type":67,"name":193,"callback":194,"file":173,"line":195},"admin_head-toplevel_page_wdi_feeds","wdi_check_necessary_params",440,{"type":67,"name":111,"callback":197,"file":173,"line":198},"wdi_load_scripts",479,{"type":67,"name":111,"callback":200,"file":173,"line":201},"wdi_load_styles",541,{"type":67,"name":77,"callback":203,"file":173,"line":204},"wdi_enqueue_block_editor_assets",552,{"type":67,"name":206,"callback":207,"file":173,"line":208},"widgets_init","wdi_register_widget",580,{"type":67,"name":210,"callback":211,"file":173,"line":212},"media_buttons","wdi_add_editor_button",588,{"type":67,"name":214,"callback":215,"file":173,"line":216},"admin_head","wdi_admin_ajax",642,{"type":67,"name":82,"callback":218,"file":173,"line":219},"wdi_load_textdomain",676,{"type":67,"name":82,"callback":221,"file":173,"line":222},"wdi_register_instagram_preview_cpt",677,{"type":67,"name":82,"callback":224,"file":173,"line":225},"wdi_check_silent_update",704,{"type":67,"name":82,"callback":227,"priority":56,"file":173,"line":228},"wdi_wd_lib_init",713,{"type":87,"name":230,"callback":231,"priority":80,"file":173,"line":232},"plugin_row_meta","wdi_add_plugin_meta_links",847,{"type":67,"name":159,"callback":234,"file":173,"line":235},"wdi_token_error_flag_notice",851,{"type":67,"name":159,"callback":237,"file":173,"line":238},"wdi_filter_var_notice",871,{"type":67,"name":240,"callback":241,"file":173,"line":242},"plugins_loaded","wdi_elementor",882,{"type":67,"name":82,"callback":83,"priority":244,"file":173,"line":245},11,932,[247,253,257,260,262,265,266,268,269,271,272,274,275,277,279,281,282,286,288,291,294,298,300],{"action":248,"nopriv":249,"callback":250,"hasNonce":251,"hasCapCheck":249,"file":108,"line":252},"twb_check_score",false,"check_score",true,63,{"action":254,"nopriv":249,"callback":255,"hasNonce":251,"hasCapCheck":249,"file":108,"line":256},"twb_notif_check","notif_check",64,{"action":258,"nopriv":249,"callback":258,"hasNonce":251,"hasCapCheck":249,"file":142,"line":259},"wdi_token_flag",327,{"action":258,"nopriv":251,"callback":258,"hasNonce":251,"hasCapCheck":249,"file":142,"line":261},328,{"action":263,"nopriv":249,"callback":263,"hasNonce":251,"hasCapCheck":249,"file":173,"line":264},"wdi_cache",13,{"action":263,"nopriv":251,"callback":263,"hasNonce":251,"hasCapCheck":249,"file":173,"line":71},{"action":267,"nopriv":249,"callback":267,"hasNonce":251,"hasCapCheck":249,"file":173,"line":75},"wdi_getUserMedia",{"action":267,"nopriv":251,"callback":267,"hasNonce":251,"hasCapCheck":249,"file":173,"line":96},{"action":270,"nopriv":249,"callback":270,"hasNonce":251,"hasCapCheck":249,"file":173,"line":99},"wdi_getTagRecentMedia",{"action":270,"nopriv":251,"callback":270,"hasNonce":251,"hasCapCheck":249,"file":173,"line":91},{"action":273,"nopriv":249,"callback":273,"hasNonce":251,"hasCapCheck":249,"file":173,"line":105},"wdi_getRecentMediaComments",{"action":273,"nopriv":251,"callback":273,"hasNonce":251,"hasCapCheck":249,"file":173,"line":135},{"action":276,"nopriv":249,"callback":276,"hasNonce":251,"hasCapCheck":249,"file":173,"line":161},"wdi_set_preload_cache_data",{"action":276,"nopriv":251,"callback":276,"hasNonce":251,"hasCapCheck":249,"file":173,"line":278},22,{"action":280,"nopriv":249,"callback":280,"hasNonce":251,"hasCapCheck":249,"file":173,"line":139},"wdi_getHashtagId",{"action":280,"nopriv":251,"callback":280,"hasNonce":251,"hasCapCheck":249,"file":173,"line":165},{"action":283,"nopriv":249,"callback":284,"hasNonce":251,"hasCapCheck":249,"file":173,"line":285},"wdi_apply_changes","WDI_instagram_feeds_page",25,{"action":283,"nopriv":251,"callback":284,"hasNonce":251,"hasCapCheck":249,"file":173,"line":287},26,{"action":289,"nopriv":249,"callback":290,"hasNonce":251,"hasCapCheck":251,"file":173,"line":169},"wdi_account_disconnect","wdi_backend_ajax",{"action":292,"nopriv":249,"callback":290,"hasNonce":251,"hasCapCheck":251,"file":173,"line":293},"wdi_account_refresh",28,{"action":295,"nopriv":249,"callback":296,"hasNonce":249,"hasCapCheck":249,"file":173,"line":297},"WDIGalleryBox","wdi_ajax_frontend",190,{"action":295,"nopriv":251,"callback":296,"hasNonce":249,"hasCapCheck":249,"file":173,"line":299},191,{"action":301,"nopriv":249,"callback":302,"hasNonce":249,"hasCapCheck":251,"file":173,"line":303},"WDIEditorShortcode","wdi_editor_button",611,[],[306,309],{"tag":307,"callback":307,"file":142,"line":308},"wdi_feed",12,{"tag":310,"callback":307,"file":142,"line":264},"wdi_preview",[312],{"hook":313,"callback":313,"file":314,"line":315},"wdi_schedule_event_hook","admin-functions.php",44,{"dangerousFunctions":317,"sqlUsage":327,"outputEscaping":399,"fileOperations":617,"externalRequests":96,"nonceChecks":278,"capabilityChecks":618,"bundledLibraries":619},[318,323],{"fn":319,"file":320,"line":321,"context":322},"unserialize","booster\\AdminBar.php",258,"$page_score = unserialize($post['meta_value']);",{"fn":319,"file":324,"line":325,"context":326},"wd\\includes\\overview.php",68,"$body = unserialize($request['body']);",{"prepared":120,"raw":328,"locations":329},35,[330,334,337,339,341,344,346,348,352,354,356,358,360,364,367,369,370,371,372,373,374,375,377,378,380,382,383,384,386,387,389,391,393,395,397],{"file":331,"line":332,"context":333},"admin\\controllers\\feeds.php",304,"$wpdb->get_col() with variable interpolation",{"file":331,"line":335,"context":336},338,"$wpdb->get_var() with variable interpolation",{"file":331,"line":338,"context":333},365,{"file":331,"line":340,"context":333},411,{"file":331,"line":342,"context":343},453,"$wpdb->query() with variable interpolation",{"file":331,"line":345,"context":333},458,{"file":347,"line":148,"context":343},"admin\\controllers\\uninstall.php",{"file":349,"line":350,"context":351},"admin\\models\\themes.php",535,"$wpdb->get_results() with variable interpolation",{"file":314,"line":353,"context":336},149,{"file":314,"line":355,"context":336},398,{"file":314,"line":357,"context":336},767,{"file":320,"line":359,"context":351},253,{"file":361,"line":362,"context":363},"booster\\controller.php",422,"$wpdb->get_row() with variable interpolation",{"file":365,"line":366,"context":343},"framework\\WDICache.php",108,{"file":368,"line":75,"context":343},"update\\wdi_update.php",{"file":368,"line":99,"context":343},{"file":368,"line":105,"context":343},{"file":368,"line":161,"context":343},{"file":368,"line":165,"context":343},{"file":368,"line":287,"context":343},{"file":368,"line":293,"context":343},{"file":368,"line":376,"context":343},30,{"file":368,"line":328,"context":343},{"file":368,"line":379,"context":343},37,{"file":368,"line":381,"context":343},50,{"file":368,"line":152,"context":343},{"file":368,"line":116,"context":343},{"file":368,"line":385,"context":343},62,{"file":368,"line":60,"context":343},{"file":368,"line":388,"context":343},70,{"file":368,"line":390,"context":343},74,{"file":368,"line":392,"context":343},79,{"file":173,"line":394,"context":351},163,{"file":173,"line":396,"context":333},229,{"file":173,"line":398,"context":333},250,{"escaped":400,"rawEcho":401,"locations":402},3292,109,[403,406,409,411,414,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,454,456,458,459,461,463,465,467,469,470,472,474,476,478,480,482,485,486,488,490,492,494,496,497,499,501,503,505,507,509,511,514,517,519,521,522,524,526,528,531,532,534,535,537,539,540,542,544,546,549,551,553,555,557,559,561,563,565,567,569,571,573,575,578,581,583,584,586,587,589,591,593,594,595,597,599,601,603,604,605,607,609,611,613,615],{"file":331,"line":404,"context":405},248,"raw output",{"file":407,"line":408,"context":405},"admin\\controllers\\settings.php",146,{"file":407,"line":410,"context":405},172,{"file":412,"line":413,"context":405},"admin\\views\\WDIViewEditorShortcode.php",93,{"file":415,"line":416,"context":405},"admin\\views\\WDIViewWidget.php",51,{"file":415,"line":418,"context":405},130,{"file":320,"line":420,"context":405},36,{"file":320,"line":422,"context":405},114,{"file":320,"line":424,"context":405},148,{"file":320,"line":426,"context":405},156,{"file":320,"line":428,"context":405},175,{"file":320,"line":430,"context":405},176,{"file":320,"line":432,"context":405},219,{"file":320,"line":434,"context":405},244,{"file":320,"line":436,"context":405},312,{"file":320,"line":438,"context":405},326,{"file":361,"line":440,"context":405},290,{"file":361,"line":442,"context":405},488,{"file":361,"line":444,"context":405},503,{"file":361,"line":446,"context":405},507,{"file":361,"line":448,"context":405},519,{"file":361,"line":450,"context":405},522,{"file":361,"line":452,"context":405},546,{"file":361,"line":204,"context":405},{"file":361,"line":455,"context":405},566,{"file":361,"line":457,"context":405},569,{"file":361,"line":208,"context":405},{"file":361,"line":460,"context":405},583,{"file":361,"line":462,"context":405},612,{"file":70,"line":464,"context":405},207,{"file":70,"line":466,"context":405},212,{"file":70,"line":468,"context":405},234,{"file":95,"line":256,"context":405},{"file":95,"line":471,"context":405},71,{"file":108,"line":473,"context":405},122,{"file":475,"line":297,"context":405},"booster\\TWBLibrary.php",{"file":475,"line":477,"context":405},208,{"file":475,"line":479,"context":405},226,{"file":475,"line":481,"context":405},245,{"file":483,"line":484,"context":405},"booster\\view.php",75,{"file":483,"line":401,"context":405},{"file":483,"line":487,"context":405},135,{"file":483,"line":489,"context":405},161,{"file":483,"line":491,"context":405},228,{"file":483,"line":493,"context":405},268,{"file":483,"line":495,"context":405},300,{"file":483,"line":332,"context":405},{"file":483,"line":498,"context":405},333,{"file":483,"line":500,"context":405},346,{"file":483,"line":502,"context":405},426,{"file":483,"line":504,"context":405},437,{"file":483,"line":506,"context":405},449,{"file":483,"line":508,"context":405},454,{"file":483,"line":510,"context":405},459,{"file":512,"line":513,"context":405},"elementor\\widget.php",97,{"file":515,"line":516,"context":405},"framework\\WDILibrary.php",429,{"file":515,"line":518,"context":405},433,{"file":515,"line":520,"context":405},450,{"file":515,"line":508,"context":405},{"file":515,"line":523,"context":405},822,{"file":515,"line":525,"context":405},836,{"file":515,"line":527,"context":405},1403,{"file":529,"line":530,"context":405},"framework\\WDI_admin_view.php",414,{"file":529,"line":508,"context":405},{"file":533,"line":422,"context":405},"framework\\WDI_form_builder.php",{"file":533,"line":408,"context":405},{"file":533,"line":536,"context":405},215,{"file":533,"line":538,"context":405},249,{"file":533,"line":398,"context":405},{"file":533,"line":541,"context":405},402,{"file":533,"line":543,"context":405},436,{"file":533,"line":545,"context":405},530,{"file":547,"line":548,"context":405},"framework\\WDI_generate_styles.php",686,{"file":547,"line":550,"context":405},694,{"file":547,"line":552,"context":405},709,{"file":547,"line":554,"context":405},720,{"file":547,"line":556,"context":405},747,{"file":547,"line":558,"context":405},756,{"file":547,"line":560,"context":405},799,{"file":547,"line":562,"context":405},1012,{"file":547,"line":564,"context":405},1138,{"file":547,"line":566,"context":405},1150,{"file":547,"line":568,"context":405},1158,{"file":547,"line":570,"context":405},1284,{"file":142,"line":572,"context":405},335,{"file":574,"line":328,"context":405},"frontend\\views\\imagebrowser.php",{"file":576,"line":577,"context":405},"frontend\\views\\thumbnails.php",34,{"file":579,"line":580,"context":405},"frontend\\views\\WDIViewGalleryBox.php",423,{"file":579,"line":582,"context":405},430,{"file":579,"line":504,"context":405},{"file":579,"line":585,"context":405},444,{"file":579,"line":585,"context":405},{"file":579,"line":588,"context":405},455,{"file":579,"line":590,"context":405},456,{"file":579,"line":592,"context":405},457,{"file":579,"line":345,"context":405},{"file":579,"line":345,"context":405},{"file":579,"line":596,"context":405},466,{"file":579,"line":598,"context":405},556,{"file":579,"line":600,"context":405},861,{"file":147,"line":602,"context":405},159,{"file":173,"line":484,"context":405},{"file":173,"line":413,"context":405},{"file":173,"line":606,"context":405},107,{"file":173,"line":608,"context":405},123,{"file":173,"line":610,"context":405},137,{"file":173,"line":612,"context":405},186,{"file":173,"line":614,"context":405},599,{"file":173,"line":616,"context":405},607,4,5,[],[621,643,668,679,687,696,707],{"entryPoint":622,"graph":623,"unsanitizedCount":22,"severity":35},"get_google_page_speed (booster\\controller.php:530)",{"nodes":624,"edges":640},[625,630,634],{"id":626,"type":627,"label":628,"file":361,"line":629},"n0","source","$_POST (x2)",562,{"id":631,"type":632,"label":633,"file":361,"line":629},"n1","transform","→ twb_google_speed_cron()",{"id":635,"type":636,"label":637,"file":361,"line":638,"wp_function":639},"n2","sink","wp_remote_get() [SSRF]",634,"wp_remote_get",[641,642],{"from":626,"to":631,"sanitized":249},{"from":631,"to":635,"sanitized":249},{"entryPoint":644,"graph":645,"unsanitizedCount":617,"severity":35},"\u003Ccontroller> (booster\\controller.php:0)",{"nodes":646,"edges":663},[647,649,653,655,657,659,661],{"id":626,"type":627,"label":648,"file":361,"line":477},"$_POST",{"id":631,"type":636,"label":650,"file":361,"line":651,"wp_function":652},"update_option() [Settings Manipulation]",209,"update_option",{"id":635,"type":627,"label":648,"file":361,"line":654},533,{"id":656,"type":636,"label":637,"file":361,"line":638,"wp_function":639},"n3",{"id":658,"type":627,"label":628,"file":361,"line":629},"n4",{"id":660,"type":632,"label":633,"file":361,"line":629},"n5",{"id":662,"type":636,"label":637,"file":361,"line":638,"wp_function":639},"n6",[664,665,666,667],{"from":626,"to":631,"sanitized":249},{"from":635,"to":656,"sanitized":249},{"from":658,"to":660,"sanitized":249},{"from":660,"to":662,"sanitized":249},{"entryPoint":669,"graph":670,"unsanitizedCount":134,"severity":35},"get_hash (wd\\includes\\api.php:58)",{"nodes":671,"edges":677},[672,676],{"id":626,"type":627,"label":673,"file":674,"line":675},"$_SERVER['REMOTE_ADDR']","wd\\includes\\api.php",61,{"id":631,"type":636,"label":637,"file":674,"line":675,"wp_function":639},[678],{"from":626,"to":631,"sanitized":249},{"entryPoint":680,"graph":681,"unsanitizedCount":134,"severity":35},"\u003Capi> (wd\\includes\\api.php:0)",{"nodes":682,"edges":685},[683,684],{"id":626,"type":627,"label":673,"file":674,"line":675},{"id":631,"type":636,"label":637,"file":674,"line":675,"wp_function":639},[686],{"from":626,"to":631,"sanitized":249},{"entryPoint":688,"graph":689,"unsanitizedCount":134,"severity":695},"set_show_cta (booster\\controller.php:207)",{"nodes":690,"edges":693},[691,692],{"id":626,"type":627,"label":648,"file":361,"line":477},{"id":631,"type":636,"label":650,"file":361,"line":651,"wp_function":652},[694],{"from":626,"to":631,"sanitized":249},"low",{"entryPoint":697,"graph":698,"unsanitizedCount":23,"severity":695},"check_score (booster\\main.php:106)",{"nodes":699,"edges":705},[700,702],{"id":626,"type":627,"label":648,"file":108,"line":701},120,{"id":631,"type":636,"label":703,"file":108,"line":473,"wp_function":704},"echo() [XSS]","echo",[706],{"from":626,"to":631,"sanitized":251},{"entryPoint":708,"graph":709,"unsanitizedCount":23,"severity":695},"\u003Cmain> (booster\\main.php:0)",{"nodes":710,"edges":713},[711,712],{"id":626,"type":627,"label":648,"file":108,"line":701},{"id":631,"type":636,"label":703,"file":108,"line":473,"wp_function":704},[714],{"from":626,"to":631,"sanitized":251},{"summary":716,"deductions":717},"The wd-instagram-feed plugin v1.4.35 exhibits a mixed security posture. While a significant majority of SQL queries are prepared (63%) and output escaping is generally well-implemented (97%), there are notable areas of concern. The presence of two AJAX handlers lacking authentication checks represents a direct attack vector. The two known medium severity vulnerabilities, both related to Cross-Site Scripting (XSS), and the fact that the last vulnerability was in late 2021, suggest a history of such issues, even if they are currently patched.  The use of 'unserialize' is also a red flag, as it can be dangerous if not handled with extreme care and input validation.  While the taint analysis did not reveal critical or high severity issues, the five flows with unsanitized paths warrant attention, as they indicate potential for unintended data manipulation or exposure.  Overall, the plugin has some strong security practices in place, but the lack of authentication on certain entry points and the history of XSS vulnerabilities, coupled with the dangerous function usage, present tangible risks that require careful consideration.",[718,720,722,724],{"reason":719,"points":80},"Unprotected AJAX handlers",{"reason":721,"points":84},"Use of dangerous 'unserialize' function",{"reason":723,"points":80},"Medium severity CVEs in history",{"reason":725,"points":618},"Unsanitized paths in taint flows","2026-03-16T17:37:19.991Z",{"wat":728,"direct":749},{"assetPaths":729,"generatorPatterns":738,"scriptPaths":739,"versionParams":740},[730,731,732,733,734,735,736,737],"\u002Fwp-content\u002Fplugins\u002Fwd-instagram-feed\u002Fcss\u002Fwd-instagram-feed.css","\u002Fwp-content\u002Fplugins\u002Fwd-instagram-feed\u002Fjs\u002Fwd-instagram-feed.js","\u002Fwp-content\u002Fplugins\u002Fwd-instagram-feed\u002Fcss\u002Fwd-instagram-feed-admin.css","\u002Fwp-content\u002Fplugins\u002Fwd-instagram-feed\u002Fjs\u002Fwd-instagram-feed-admin.js","\u002Fwp-content\u002Fplugins\u002Fwd-instagram-feed\u002Fjs\u002Fblock.js","\u002Fwp-content\u002Fplugins\u002Fwd-instagram-feed\u002Fcss\u002Fblock.css","\u002Fwp-content\u002Fplugins\u002Fwd-instagram-feed\u002Fcss\u002Fwdi_frontend.css","\u002Fwp-content\u002Fplugins\u002Fwd-instagram-feed\u002Fjs\u002Fwdi_frontend.js",[],[],[741,742,743,744,745,746,747,748],"wd-instagram-feed\u002Fcss\u002Fwd-instagram-feed.css?ver=","wd-instagram-feed\u002Fjs\u002Fwd-instagram-feed.js?ver=","wd-instagram-feed\u002Fcss\u002Fwd-instagram-feed-admin.css?ver=","wd-instagram-feed\u002Fjs\u002Fwd-instagram-feed-admin.js?ver=","wd-instagram-feed\u002Fjs\u002Fblock.js?ver=","wd-instagram-feed\u002Fcss\u002Fblock.css?ver=","wd-instagram-feed\u002Fcss\u002Fwdi_frontend.css?ver=","wd-instagram-feed\u002Fjs\u002Fwdi_frontend.js?ver=",{"cssClasses":750,"htmlComments":752,"htmlAttributes":753,"restEndpoints":755,"jsGlobals":758,"shortcodeOutput":760},[751],"wdi_instagram_feed_container",[],[754],"data-feed-id",[756,757],"\u002Fwp-json\u002Fwdi\u002Fv1\u002Ffeed","\u002Fwp-json\u002Fwdi\u002Fv1\u002Fsettings",[759],"wdi_frontend_ajax_object",[]]