CVE-2025-32540
- EPSS 0.19%
- Veröffentlicht 17.04.2025 15:47:35
- Zuletzt bearbeitet 17.04.2025 20:21:05
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in feedify Feedify – Web Push Notifications allows Reflected XSS. This issue affects Feedify – Web Push Notifications: from n/a through 2.4.5.
CVE-2024-13874
- EPSS 0.2%
- Veröffentlicht 10.04.2025 06:00:05
- Zuletzt bearbeitet 30.04.2025 19:12:18
The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-11811
- EPSS 0.73%
- Veröffentlicht 20.12.2024 23:15:05
- Zuletzt bearbeitet 20.12.2024 23:15:05
The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitiza...
CVE-2021-38352
- EPSS 0.21%
- Veröffentlicht 10.09.2021 14:15:10
- Zuletzt bearbeitet 21.11.2024 06:16:52
The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and in...