VYPR

Feedify – Web Push Notifications

by WordPress

CVEs (3)

  • CVE-2025-32540HigApr 17, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in feedify Feedify – Web Push Notifications push-notification-by-feedify allows Reflected XSS.This issue affects Feedify – Web Push Notifications: from n/a through <= 2.4.5.

  • CVE-2024-11811MedDec 20, 2024
    risk 0.40cvss 6.1epss 0.00

    The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping.…

  • CVE-2021-38352MedSep 10, 2021
    risk 0.40cvss 6.1epss 0.01

    The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.