cleantalk
Vulnerabilities and Security Researches

Taeggie Feed, CVE-2024-11748

CVE, Research URL

CVE-2024-11748

Home page URL

Security reports for Taeggie Feed

Application

Taeggie Feed

Published on
Dec 18, 2024
Research Description
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 0.1.10.
Status
vulnerable
Previous vulnerability researches
Taeggie Feed (CVE-2025-6382) , Jul 25, 2025
Taeggie Feed (CVE-2024-11748) , Dec 19, 2024
New vulnerability
Timber (CVE-2024-45411) , Jul 27, 2025
Advanced iFrame (CVE-2025-6987) , Jul 27, 2025
ReachShip WooCommerce Multi-Carrier & Conditional Shipping (CVE-2025-53213) , Jul 27, 2025
CaptionPix (CVE-2025-52788) , Jul 27, 2025
WP Database Backup – Unlimited Database & Files Backup by Backup for WP (CVE-2019-25224) , Jul 27, 2025