Medium severity4.8NVD Advisory· Published Nov 9, 2017· Updated May 13, 2026

CVE-2017-16758

Description

Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter.

Affected products

Ultimate Instagram Feed Project/Ultimate Instagram Feed
cpe:2.3:a:ultimate_instagram_feed_project:ultimate_instagram_feed:*:*:*:*:*:wordpress:*:*
Range: <1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/1758562/ultimate-instagram-feednvdExploitThird Party Advisory
wpvulndb.com/vulnerabilities/8947nvdExploitThird Party Advisory
packetstormsecurity.com/files/144921/WordPress-Ultimate-Instagram-Feed-1.2-Cross-Site-Scripting.htmlnvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.312
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000