cleantalk
Vulnerabilities and Security Researches

Feedify – Web Push Notifications, CVE-2024-13874

CVE, Research URL

CVE-2024-13874

Home page URL

Security reports for Feedify – Web Push Notifications

Application

Feedify – Web Push Notifications

Published on
Apr 10, 2025
Research Description
The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
Min -, max 2.4.6.
Status
vulnerable
Previous vulnerability researches
Ni Purchase Order(PO) For WooCommerce (CVE-2023-5957) , Jun 06, 2024
New vulnerability
Cloak Front End Email (CVE-2025-26968) , Apr 19, 2025
JS Job Manager (CVE-2025-32626) , Apr 19, 2025
JS Job Manager (CVE-2025-32660) , Apr 19, 2025
HT Event – WordPress Event Manager Plugin for Elementor (CVE-2025-24624) , Apr 19, 2025
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout (CVE-2025-39558) , Apr 19, 2025