CVE-2024-11748: 
WordPress vulnerability analysis and mitigation

The Taeggie Feed plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2024-11748) in versions up to and including 0.1.9. The vulnerability exists in the plugin's 'taeggie-feed' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 6.4 (Medium). The attack vector requires network access (AV:N) with low attack complexity (AC:L), requires low privileges (PR:L), needs no user interaction (UI:N), and has a changed scope (S:C) with low confidentiality and integrity impact (C:L, I:L) and no availability impact (A:N) (NVD).

When exploited, this vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the compromised page (NVD).

Users should update the Taeggie Feed plugin to a version newer than 0.1.9 when available. Until then, site administrators should carefully monitor and restrict access to users who have the ability to create or edit content containing the 'taeggie-feed' shortcode (NVD).