CVE-2025-31760

UNKNOWN 0.0

WordPress SnapWidget Social Photo Feed Widget plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in snapwidget SnapWidget Social Photo Feed Widget snapwidget-wp-instagram-widget allows DOM-Based XSS.This issue affects SnapWidget Social Photo Feed Widget: from n/a through <= 1.1.0.

CWE	CWE-79
Vendor	snapwidget
Product	snapwidget social photo feed widget
Published	Apr 1, 2025
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for snapwidget snapwidget social photo feed widget

Be the first to know when new unknown vulnerabilities affecting snapwidget snapwidget social photo feed widget are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

snapwidget / SnapWidget Social Photo Feed Widget

0 ≤ 1.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

patchstack.com: https://patchstack.com/database/Wordpress/Plugin/snapwidget-wp-instagram-widget/vulnerability/wordpress-snapwidget-social-photo-feed-widget-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Credits

theviper17 | Patchstack Bug Bounty Program