Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data

Description

A vulnerability, which was classified as problematic, was found in trustindex Widgets for Social Photo Feed Plugin up to 1.7.9 on WordPress. This affects an unknown function. The manipulation of the argument feed_data results in cross site scripting. This vulnerability was named CVE-2026-5425. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

Affected Products

Vendor	Product	Versions
trustindex	widgets for social photo feed	0

References

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-5425 | trustindex Widgets for Social Photo Feed Plugin up to 1.7.9 on WordPress feed_data cross site scripting

→ No new info (linked only)

CVSS 3.17.2 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-79

PublishedApr 4, 2026

Last enriched4h agov2

Trending Score28

Source articles2

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data

Description

Affected Products

References

Related News (1 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline

Version History