cleantalk
Vulnerabilities and Security Researches

Feedify – Web Push Notifications, CVE-2024-13874

CVE, Research URL

CVE-2024-13874

Home page URL

Security reports for Feedify – Web Push Notifications

Application

Feedify – Web Push Notifications

Published on
Apr 10, 2025
Research Description
The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
Min -, max 2.4.6.
Status
vulnerable
Previous vulnerability researches
Feedify – Web Push Notifications (CVE-2021-38352) , Jun 06, 2024
Feedify – Web Push Notifications (CVE-2024-13874) , Apr 12, 2025
Feedify – Web Push Notifications (CVE-2025-32540) , Apr 19, 2025
Feedify – Web Push Notifications (CVE-2024-11811) , Dec 21, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025