Vulnerability Details CVE-2021-38352
The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://plugins.trac.wordpress.org/browser/push-notification-by-feedify/tags/2.1.1/includes/base.php#L199
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38352
- https://plugins.trac.wordpress.org/browser/push-notification-by-feedify/tags/2.1.1/includes/base.php#L199
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38352
Products affected by CVE-2021-38352
-
cpe:2.3:a:feedify:web_push_notifications:2.1.3
-
cpe:2.3:a:feedify:web_push_notifications:2.1.6
-
cpe:2.3:a:feedify:web_push_notifications:2.1.7
-
cpe:2.3:a:feedify:web_push_notifications:2.1.8