CVE-2025-6382 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Taeggie Feed plugin for WordPress, specifically versions up to and including 0.1.10. The vulnerability arises from improper neutralization of user input during web page generation (CWE-79). The plugin's render() method directly injects the user-supplied 'name' attribute into a <script> tag without proper escaping or sanitization. This injection occurs both in the id attribute of the script tag and inside a jQuery.getScript() call. As a result, an authenticated attacker with contributor-level access or higher can craft malicious input that is stored and later executed in the context of any user who visits the compromised page. This stored XSS can lead to session hijacking, privilege escalation, or other malicious actions executed in the victim's browser. The vulnerability has a CVSS v3.1 base score of 6.4 (medium severity), reflecting network attack vector, low attack complexity, required privileges (low), no user interaction, and a scope change with limited confidentiality and integrity impact but no availability impact. No known exploits are currently reported in the wild, and no official patches have been linked yet. The flaw is significant because it leverages a common WordPress plugin, which is widely used for content feeds, and the attack requires only contributor-level access, which is a relatively low privilege level in WordPress environments.

For European organizations using WordPress sites with the Taeggie Feed plugin, this vulnerability poses a tangible risk of client-side script injection leading to session hijacking, defacement, or unauthorized actions performed on behalf of legitimate users. Since the attack requires contributor-level access, insider threats or compromised contributor accounts could be leveraged to inject malicious scripts. The stored nature of the XSS means that any visitor to the affected pages could be impacted, potentially exposing sensitive user data or enabling further attacks such as phishing or malware distribution. This could damage organizational reputation, lead to data breaches, and violate GDPR requirements concerning data protection and user consent. The medium severity score indicates a moderate but actionable risk, especially for organizations with public-facing WordPress sites that rely on this plugin for content delivery. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once the vulnerability becomes widely known.

European organizations should immediately audit their WordPress installations to identify the presence of the Taeggie Feed plugin, particularly versions up to 0.1.10. Until an official patch is released, administrators should consider disabling or uninstalling the plugin to eliminate exposure. If disabling is not feasible, restrict contributor-level access strictly and monitor contributor activity for suspicious input or behavior. Implement Web Application Firewall (WAF) rules that detect and block suspicious script injection patterns in user inputs related to the taeggie-feed shortcode. Additionally, apply Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. Regularly update WordPress core and plugins, and subscribe to vendor or security mailing lists for timely patch releases. Conduct security awareness training for contributors to reduce the risk of insider misuse. Finally, perform regular security scans and penetration tests focusing on XSS vulnerabilities to detect any residual or related issues.