2 matches found
CVE-2025-6382
CVE-2025-6382 — Taeggie Feed (WordPress) Stored XSS in plugin versions up to 0.1.10. The render() function injects user-supplied data from the name attribute directly into a [removed] tag, including the id and within jQuery.getScript(), without proper escaping. This enables authenticated attacker...
WordPress Taeggie Feed plugin <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via name Attribute vulnerability discovered by Gilang in WordPress Plugin Taeggie Feed versions = 0.1.10...