WordPress Plugin Vulnerabilities

Widgets for Social Photo Feed <= 1.7.7 - Missing Authorization

Description

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.7.7. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
social-photo-feed-widget
No known fix

References

CVE
CVE-2025-68595
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/fa22210e-cf91-4486-b4e0-9e871f713e5c

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
NumeX
Verified
No
WPVDB ID
8eeb0f92-23db-4c2b-ac8b-8238ba420b3c

Timeline

Publicly Published
2025-12-23 (about 4 months ago)
Added
2026-01-05 (about 4 months ago)
Last Updated
2026-05-04 (about 9 days ago)

Other

Published
Title
Published
2025-06-05
Title
oik < 4.15.2 - Missing Authorization
Published
2026-01-12
Title
Ecwid Shopping Cart < 7.0.7 - Missing Authorization
Published
2024-10-28
Title
Masteriyo LMS < 1.13.4 - Subscriber+ Privilege Escalation
Published
2025-01-31
Title
Nirweb support <= 3.0.3 - Missing Authorization
Published
2023-11-16
Title
Conditional Fields for Contact Form 7 < 2.4.2 - Missing Authorization