Home

Description

The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to exfiltrate Instagram profile and media data from any account the site owner connected to their site.

PUBLISHED Reserved 2025-09-17 | Published 2025-10-25 | Updated 2025-10-27 | Assigner Wordfence




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

* (semver)
affected

Timeline

2025-10-24:Disclosed

Credits

3r1c finder

References

www.wordfence.com/...-9028-456e-9843-d45754c01c53?source=cve

wordpress.org/plugins/insta-gallery/

plugins.trac.wordpress.org/...rontend/class-user-profile.php

plugins.trac.wordpress.org/...rontend/class-user-profile.php

cve.org (CVE-2025-10637)

nvd.nist.gov (CVE-2025-10637)

Download JSON