CVE-2025-6382

Name of the Vulnerable Software and Affected Versions Taeggie Feed plugin for WordPress versions up to and including 0.1.10

Description The Taeggie Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s taeggie-feed shortcode. The render() method incorporates user-provided data from the name attribute directly into a <script> tag, including within the id attribute and the jQuery.getScript() function, without adequate sanitization. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which will execute upon user access.

Recommendations Update the Taeggie Feed plugin to a version beyond 0.1.10.