Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) 3.20.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 1, 2025

A popular WordPress plugin called “WP Social Ninja” has a security issue called Stored Cross-Site Scripting. This means that unauthenticated attackers can insert harmful web scripts into pages on your website, as long as they can post malicious content on your Google Business Profile or Facebook page. This vulnerability affects all versions of the plugin up to 3.20.3.

Detected in:

WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) fixed vulnerable versions: >= * <= 3.20.3
WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.