CVE-2024-11748
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
<p>Taeggie Feed displays a feed of social media content that can be modified and configured on the fly on taeggie.com.</p>
<p>Major features of Taeggie Feed include:</p>
<ul>
<li>Simple Facebook, Instagram, Twitter and LinkedIn integrations – just link your relevant social media accounts and go!</li>
<li>Retrieve content by hashtag or account (hashtag not available on Facebook).</li>
<li>Premoderate or postmoderate content as required.</li>
<li>Unlimited sources per feed.</li>
<li>Powerful content filtering.</li>
<li>Analytics and weekly email reports on social media activity.</li>
<li>Software-as-a-service, so you will rarely need to touch your plugin code.ny</li>
</ul>
<p>PS: You’ll need a Taeggie account to use it (except for demo/testing purposes).</p>
WordPress Plugin Directory