Taeggie Feed displays a feed of social media content that can be modified and configured on the fly on taeggie.com.
Major features of Taeggie Feed include:
- Simple Facebook, Instagram, Twitter and LinkedIn integrations – just link your relevant social media accounts and go!
- Retrieve content by hashtag or account (hashtag not available on Facebook).
- Premoderate or postmoderate content as required.
- Unlimited sources per feed.
- Powerful content filtering.
- Analytics and weekly email reports on social media activity.
- Software-as-a-service, so you will rarely need to touch your plugin code.ny
PS: You’ll need a Taeggie account to use it (except for demo/testing purposes).
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.4 MEDIUM | — | ||
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's taeggie-feed shortcode in all versions up to, and including, 0.1.10. The plugin’s render() method takes the user-supplied name attribute and injects it directly into a <script> tag - both in the id attribute and inside jQuery.getScript() - without proper escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||
| 6.4 MEDIUM | — | ||
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||