CVE-2025-10637
Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to exfiltrate Instagram profile and media data from any account the site owner connected to their site.
| CWE | CWE-862 |
| Vendor | quadlayers |
| Product | social feed gallery |
| Published | Oct 25, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for quadlayers social feed gallery
Be the first to know when new medium vulnerabilities affecting quadlayers social feed gallery are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
quadlayers / Social Feed Gallery
0 โค 4.9.2
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/ae0dd6b0-9028-456e-9843-d45754c01c53?source=cve wordpress.org: https://wordpress.org/plugins/insta-gallery/ plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/insta-gallery/tags/4.9.2/lib/api/rest/endpoints/frontend/class-user-profile.php#L19 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3381423/insta-gallery/trunk/lib/api/rest/endpoints/frontend/class-user-profile.php
Credits
3r1c