Does Add to Feedly have any unpatched vulnerabilities?

Yes — Add to Feedly currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Add to Feedly compatible with WordPress 4.9.29?

According to WordPress.org data, Add to Feedly 1.2.11 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Add to Feedly updated?

Add to Feedly was last updated on Mar 23, 2018. Frequent updates are generally a positive security signal.

What is Add to Feedly's security score?

Add to Feedly has a WP-Safety security score of 42/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Add to Feedly Security & Risk Analysis

wordpress.org/plugins/add-to-feedly

This plugin provides a widget to Display a "Follow on Feedly" banner in your sidebar and a floating button at bottom.

80 active installs v1.2.11 PHP + WP 3.3+ Updated Mar 23, 2018

derosieresfeedfeedlyrsswidget

D · High Risk

CVEs total2

Unpatched2

Last CVESep 5, 2025

Plugin page Download

Safety Verdict

Is Add to Feedly Safe to Use in 2026?

High Risk

Score 42/100

Add to Feedly carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Sep 5, 2025Updated 8yr ago

Risk Assessment

The 'add-to-feedly' plugin v1.2.11 presents a mixed security picture. While the static analysis shows a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and all SQL queries are prepared, there are significant concerns regarding output escaping and a history of known vulnerabilities. Specifically, 100% of the observed outputs are not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. This is compounded by two known medium-severity CVEs, both of which are currently unpatched and include CSRF and XSS as common types. The presence of these unpatched vulnerabilities, despite the limited apparent attack surface in the current version's code, suggests a pattern of security weaknesses that have not been fully addressed. The bundled jQuery v1.10.2 is also outdated, which can introduce its own set of security risks. While the absence of direct entry points and raw SQL is positive, the unescaped output and unpatched CVEs make this plugin a moderate to high risk.

Key Concerns

Unpatched CVEs
Output escaping is not properly handled
Bundled outdated library

Vulnerabilities

Add to Feedly Security Vulnerabilities

CVEs by Year

1 CVE in 2023 · unpatched

2023

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-58859medium · 4.3Cross-Site Request Forgery (CSRF)

Add to Feedly <= 1.2.11 - Cross-Site Request Forgery

Sep 5, 2025Unpatched

CVE-2023-2470medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Add to Feedly <= 1.2.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings

May 2, 2023Unpatched

Code Analysis

Analyzed Mar 16, 2026

Add to Feedly Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery1.10.2

Output Escaping

0% escaped8 total outputs

Attack Surface

Add to Feedly Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_initaddtofeedly.php:19

actionwp_enqueue_scriptsaddtofeedly.php:205

actionwp_enqueue_scriptsaddtofeedly.php:206

actionadmin_menuaddtofeedly.php:209

actionplugins_loadedaddtofeedly.php:213

actionwp_footeraddtofeedly.php:216

Maintenance & Trust

Add to Feedly Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMar 23, 2018

PHP min version

Downloads9K

Community Trust

Rating86/100

Number of ratings3

Active installs80

Alternatives

Add to Feedly Alternatives

Super RSS Reader – Add attractive RSS Feed Widget

super-rss-reader

100

Display any RSS feed(s) in widget with news ticker effect in multiple tabs, thumbnails, customizable color themes and more.

10K No CVEs

RSS Feed Widget

rss-feed-widget

RSS Feed Widget with customizable slider. Feed title, description, image, censorship and a few other features which you can use.

2K 6 CVEs

Admin Dashboard RSS Feed

admin-dashboard-rss-feed

Admin Dashboard RSS Feed displays company news in the WordPress Admin Dashboard using an RSS feed. It provides quick access to the latest updates.

500 1 CVE

Subscribe Here Widget

subscribe-here-widget

Subscribe Here displays a visible plugin widget in the sidebar with Subscribe by Rss & Subscribe by Email(through Feedburner) options.

100 No CVEs

RSS Image Widget

rss-image-widget

100

Display images from an RSS or Atom feed as a widget or block with a lightweight lightbox gallery.

60 No CVEs

Developer Profile

Add to Feedly Developer Profile

David Merinas

3 plugins · 210 total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Add to Feedly

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/add-to-feedly/style.css/wp-content/plugins/add-to-feedly/js/jquery-1.10.2.min.js/wp-content/plugins/add-to-feedly/js/addtofeedly.js/wp-content/plugins/add-to-feedly/images/addtofeedly_master.png

Script Paths

/wp-content/plugins/add-to-feedly/js/jquery-1.10.2.min.js/wp-content/plugins/add-to-feedly/js/addtofeedly.js

Version Parameters

add-to-feedly/style.css?ver=add-to-feedly/js/jquery-1.10.2.min.js?ver=add-to-feedly/js/addtofeedly.js?ver=

HTML / DOM Fingerprints

CSS Classes

customtext

Data Attributes

widget_ADD_TO_FEEDLY

JS Globals

ADD_TO_FEEDLY_WIDGET_ID

FAQ