cleantalk
Vulnerabilities and Security Researches

Feedify – Web Push Notifications, CVE-2021-38352

CVE, Research URL

CVE-2021-38352

Home page URL

Security reports for Feedify – Web Push Notifications

Application

Feedify – Web Push Notifications

Published on
Sep 10, 2021
Research Description
The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.
Affected versions
Min -, max 2.1.9.
Status
vulnerable
Previous vulnerability researches
Feedify – Web Push Notifications (CVE-2021-38352) , Jun 06, 2024
Feedify – Web Push Notifications (CVE-2024-13874) , Apr 12, 2025
Feedify – Web Push Notifications (CVE-2025-32540) , Apr 19, 2025
Feedify – Web Push Notifications (CVE-2024-11811) , Dec 21, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025