CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11811 – Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11811
20 Dec 2024 — The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3209183%40push-notification-by-feedify%2Ftrunk&old=3177773%40push-notification-by-feedify%2Ftrunk&sfp_email=&sfph_mail=#file15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38352 – Feedify – Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38352
09 Sep 2021 — The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8. El plugin Feedify - Web Push Notifications de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro feedify_msg encontrado en el archivo ~/includes/base.php que permite a atacantes inyectar scripts web... • https://plugins.trac.wordpress.org/browser/push-notification-by-feedify/tags/2.1.1/includes/base.php#L199 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •