Social Feed Gallery

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to exfiltrate Instagram profile and media data from any account the site owner connected to their site.

Basic Information

ID CVE-2025-10637

Source Wordfence

Published Oct 25, 2025 at 06:49

Affected Product

Vendor quadlayers

Product Social Feed Gallery

Version *

Affected Versions quadlayers Social Feed Gallery *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to exfiltrate Instagram profile and media data from any account the site owner connected to their site.",
    "published": "2025-10-25T06:49:24.127Z",
    "modified": "2025-10-25T06:49:24.127Z",
    "type": "cve",
    "title": "Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae0dd6b0-9028-456e-9843-d45754c01c53?source=cve\nhttps://wordpress.org/plugins/insta-gallery/\nhttps://plugins.trac.wordpress.org/browser/insta-gallery/tags/4.9.2/lib/api/rest/endpoints/frontend/class-user-profile.php#L19\nhttps://plugins.trac.wordpress.org/changeset/3381423/insta-gallery/trunk/lib/api/rest/endpoints/frontend/class-user-profile.php",
    "id": "CVE-2025-10637",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "quadlayers Social Feed Gallery *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Social Feed Gallery",
    "version": "*",
    "vendor": "quadlayers",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure_CVE-2025-10637