Medium 5.4
2025-05-29< 6.9.1
WordPress Instagram Feed Plugin <= 6.9.0 is vulnerable to Cross Site Scripting (XSS)
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin
Minimum safe version
6.9.1
Update to 6.9.1 or later to address 11 fixable vulnerabilities
Latest available6.10.1 ✓
N/A
2021-07-20< 2.9.2
Smash Balloon Plugins (Various Versions) - Reflected Cross-Site Scripting
N/A
< 1.4.7
Instagram Feed <= 1.4.6.2 - Authenticated Cross-Site Scripting (XSS) & CSRF
N/A
< 1.6
Instagram Feed <= 1.5.1 - Cross-Site Scripting (XSS)
N/A
< 1.12
Instagram Feed <= 1.11.3 - Unspecified Issues
N/A
2016-11-19< 1.4.7
Smash Balloon Social Photo Feed <= 1.4.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
N/A
2018-01-18< 1.6
Smash Balloon Social Photo Feed <= 1.5.1 - Reflected Cross-Site Scripting
N/A
2019-03-05< 1.12
Smash Balloon Social Photo Feed <= 1.11.3 - Cross-Site Request Forgery to Back-Up Deletion
N/A
< 2.9.2
Multiple Plugins from Smash Balloon - Reflected Cross-Site Scripting
N/A
2016-11-21< 1.4.7
WordPress Instagram Feed Plugin <= 1.4.6.2 - Cross Site Request Forgery
N/A
2018-02-07< 1.6
WordPress Instagram Feed plugin <=1.5.1 - Cross-Site Scripting (XSS) vulnerability