Does WP Instant Feeds have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Instant Feeds compatible with WordPress 5.5.18?

According to WordPress.org data, WP Instant Feeds 1.3.4 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is WP Instant Feeds updated?

WP Instant Feeds was last updated on Sep 2, 2020. Frequent updates are generally a positive security signal.

What is WP Instant Feeds's security score?

WP Instant Feeds has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Instant Feeds Security & Risk Analysis

wordpress.org/plugins/wp-my-instagram

Simple, easy to add feeds from Instagram to your site. Period.

6K active installs v1.3.4 PHP + WP 3.9+ Updated Sep 2, 2020

instagramwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Instant Feeds Safe to Use in 2026?

Generally Safe

Score 85/100

WP Instant Feeds has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The plugin 'wp-my-instagram' v1.3.4 exhibits a generally good security posture, with a low attack surface and a significant portion of its code adhering to secure coding practices. The absence of known CVEs and the consistent use of prepared statements for SQL queries are strong indicators of proactive security development. However, the presence of a single dangerous function ('unserialize') and a high-severity taint flow with unsanitized paths represent potential areas of concern that could be exploited if not properly handled. The low percentage of properly escaped outputs, while not critical given the small number of flows, suggests room for improvement in ensuring all user-generated data is safely rendered.

Key Concerns

High severity taint flow with unsanitized path
Dangerous function 'unserialize' detected
Output escaping not fully implemented (92% proper)

Vulnerabilities

None known

WP Instant Feeds Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Instant Feeds Release Timeline

v1.3.4Current

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.0

v1.1.9

v1.1.8

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.3

v1.0.2

v1.0.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

WP Instant Feeds Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

89 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$feed = unserialize( base64_decode( $feed ) );inc\public\main.php:419

Output Escaping

92% escaped97 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

scrape_instagram (inc\public\main.php:357)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Instant Feeds Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 4

authwp_ajax_wpmi-init-cachewp-my-instagram.php:96

noprivwp_ajax_wpmi-init-cachewp-my-instagram.php:97

authwp_ajax_wpmi-request-cachewp-my-instagram.php:99

noprivwp_ajax_wpmi-request-cachewp-my-instagram.php:100

Shortcodes 1

[wp_my_instagram] inc\public\shortcode.php:18

WordPress Hooks 4

actionwidgets_initinc\public\widget.php:193

actionplugins_loadedwp-my-instagram.php:50

actionafter_setup_themewp-my-instagram.php:51

actionwp_enqueue_scriptswp-my-instagram.php:94

Maintenance & Trust

WP Instant Feeds Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedSep 2, 2020

PHP min version

Downloads116K

Community Trust

Rating70/100

Number of ratings19

Active installs6K

Alternatives

WP Instant Feeds Alternatives

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

Social Feed Gallery

insta-gallery

Formerly known as "Instagram Feed", this is the best plugin for displaying Instagram feeds on WordPress. It also supports Instagram reels.

80K 3 CVEs

WPZOOM Social Feed Widget & Block

instagram-widget-by-wpzoom

100

Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor

60K 1 CVE

Spotlight Social Feeds – Block, Shortcode, and Widget

spotlight-social-photo-feeds

Instagram feeds made easy. Responsive, customizable, accessible, and SEO-friendly out of the box. Includes Instagram blocks & oEmbed support.

60K 3 CVEs

Meks Easy Photo Feed Widget

meks-easy-instagram-widget

Easily display Instagram photos as a widget that looks good in (almost) any WordPress theme.

20K 1 CVE

Developer Profile

WP Instant Feeds Developer Profile

mnmlthms

3 plugins · 7K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Instant Feeds

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-my-instagram/css/style.css/wp-content/plugins/wp-my-instagram/js/script.min.js/wp-content/plugins/wp-my-instagram/js/script.js

Script Paths

/wp-content/plugins/wp-my-instagram/js/script.min.js/wp-content/plugins/wp-my-instagram/js/script.js

Version Parameters

wp-my-instagram/css/style.css?ver=wp-my-instagram/js/script.min.js?ver=wp-my-instagram/js/script.js?ver=

HTML / DOM Fingerprints

JS Globals

wpMyInstagramVars

FAQ