Taeggie Feed Security & Risk Analysis
wordpress.org/plugins/taeggie-feedTaeggie Feed displays a social feed that is configured on and served from reliable taeggie.com servers. Paid plugin with monthly billing.
Is Taeggie Feed Safe to Use in 2026?
Generally Safe
Score 98/100Taeggie Feed has a strong security track record. Known vulnerabilities have been patched promptly.
The 'taeggie-feed' plugin, version 0.1.11, presents a mixed security profile. On the positive side, the static analysis shows a very small attack surface, with only one shortcode identified and no unprotected entry points. Furthermore, all SQL queries are properly prepared, and there are no obvious signs of dangerous functions, file operations, or external HTTP requests. The absence of critical or high-severity taint flows is also encouraging.
However, significant concerns arise from the plugin's vulnerability history. The presence of two known medium-severity CVEs, specifically related to Cross-Site Scripting (XSS), indicates potential weaknesses in input sanitization and output escaping, despite the static analysis suggesting a high percentage of properly escaped outputs. The fact that these vulnerabilities are documented suggests that while they might be patched at the time of analysis, there's a recurring pattern of security flaws that could be reintroduced in future versions or that the existing sanitization might not be fully robust.
A notable weakness in the static analysis is the complete lack of nonce checks and capability checks for the identified entry points, including the shortcode. While the current version may not have exploitable issues due to other factors or perhaps due to patches applied to address the historical CVEs, this omission creates a potential avenue for attack if the shortcode's functionality becomes more sensitive or if its usage patterns change in the future. The plugin should implement robust authorization checks.
Key Concerns
- Missing Nonce Checks
- Missing Capability Checks
- Historical CVEs (2 Medium)
- Some output not properly escaped
Taeggie Feed Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Taeggie Feed <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Attribute
Taeggie Feed <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Taeggie Feed Code Analysis
Output Escaping
Taeggie Feed Attack Surface
Shortcodes 1
WordPress Hooks 1
Maintenance & Trust
Taeggie Feed Maintenance & Trust
Maintenance Signals
Community Trust
Taeggie Feed Alternatives
Social Slider Feed
instagram-slider-widget
Display Instagram, Facebook and YouTube feeds in widgets, posts, pages, or anywhere else on your website.
Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds
tagembed-widget
Collect & Embed Instagram Feed, Embed Facebook Feed, Embed YouTube Videos, Embed Twitter Feed, Google Reviews & 15+ Social Media Feed on website.
Curator.io
curatorio
Aggregate and embed your social media posts on your site (Facebook, Twitter, Instagram, Pinterest and many more) as a beautiful social media feed.
Iframely – WP media embeds, cards and blocks
iframely
Iframely cloud extends WordPress embeds with customizable embed blocks for over 1900 rich media publishers. For the rest of the Internet, Iframely sho …
Taggbox: Social Feed Widgets
taggbox-widget
Collect, Curate & Publish Instagram, Facebook Feeds, YouTube Videos, Twitter (X) Feeds, Google Reviews & 20+ Social Media Widgets on your website.
Taeggie Feed Developer Profile
1 plugin · 60 total installs
How We Detect Taeggie Feed
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/taeggie-feed/taeggie-feed.phpHTML / DOM Fingerprints
jQuery<iframe src="https://taeggie.com/embed//iframe" scrolling="no" frameborder="0" style="border:none; overflow:hidden; height: 720px; width: 100%;" allowTransparency="true"></iframe><script id="taeggie-feed-widget-script-">jQuery.getScript("