WP-Safety

Feedify – Web Push Notifications Security & Risk Analysis

wordpress.org/plugins/push-notification-by-feedify

Engage your customer with Web Push Notifications. Send them personalised messages even when they aren't on your website.

100 active installs v2.4.17 PHP + WP 3.3+ Updated Nov 6, 2025
chrome-pushdesktop-notificationfirefox-pushmobile-notificationspush-notifications
97
A · Safe
CVEs total3
Unpatched0
Last CVEApr 15, 2025
Plugin page Download
Safety Verdict

Is Feedify – Web Push Notifications Safe to Use in 2026?

Generally Safe

Score 97/100

Feedify – Web Push Notifications has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 15, 2025Updated 4mo ago
Risk Assessment

The "push-notification-by-feedify" v2.4.17 plugin exhibits a mixed security posture. On the positive side, the code demonstrates good practices with 100% of SQL queries using prepared statements and a high rate of output escaping. Furthermore, there are no identified critical or high-severity taint flows, suggesting a generally robust handling of data within the analyzed code paths.

However, there are notable security concerns. The presence of an unprotected AJAX handler represents a significant attack surface, as it can be triggered without proper authentication, potentially leading to unauthorized actions. While the plugin has no currently unpatched vulnerabilities, its history of 3 medium-severity Cross-Site Scripting (XSS) vulnerabilities is a pattern that warrants attention. This history, combined with the unprotected AJAX endpoint, indicates potential weaknesses in input validation or output sanitization that attackers may try to exploit, even if current versions are patched.

In conclusion, while the plugin has strengths in its database query handling and output escaping, the unprotected AJAX endpoint and past XSS vulnerabilities are critical weaknesses that elevate the risk. Users should be cautious, and developers should prioritize addressing the unprotected entry point and ensuring comprehensive input sanitization and output escaping across all functions, especially those exposed via AJAX.

Key Concerns

  • Unprotected AJAX handler
  • Past medium severity XSS vulnerabilities
Vulnerabilities
3

Feedify – Web Push Notifications Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-32540medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Feedify – Web Push Notifications <= 2.4.5 - Reflected Cross-Site Scripting

Apr 15, 2025 Patched in 2.4.6 (8d)
CVE-2024-11811medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting

Dec 20, 2024 Patched in 2.4.3 (1d)
CVE-2021-38352medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Feedify – Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting

Sep 9, 2021 Patched in 2.1.9 (866d)
Code Analysis
Analyzed Mar 16, 2026

Feedify – Web Push Notifications Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
100 escaped
Nonce Checks
11
Capability Checks
0
File Operations
6
External Requests
5
Bundled Libraries
0

Output Escaping

90% escaped111 total outputs
Data Flows
All sanitized

Data Flow Analysis

8 flows
feedify_on_post_scheduled (includes\base.php:324)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Feedify – Web Push Notifications Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_getkey_responsefeedify.php:199
authwp_ajax_FeedifyUpdateUserSubscriptionfeedify.php:222
WordPress Hooks 20
actionwp_headfeedify.php:30
actionafter_switch_themefeedify.php:31
actionadmin_enqueue_scriptsfeedify.php:55
actionadmin_enqueue_scriptsfeedify.php:151
filteradmin_headfeedify.php:153
actionwp_print_scriptsfeedify.php:183
actionupgrader_process_completefeedify.php:233
actionplugins_loadedfeedify.php:244
actionadmin_menuincludes\admin-menu.php:74
actionwp_loadedincludes\base.php:3
actionadmin_noticesincludes\base.php:5
actionadd_meta_boxesincludes\base.php:7
actionsave_postincludes\base.php:9
actiontransition_post_statusincludes\base.php:11
actionpublish_future_postincludes\base.php:13
actionwp_headincludes\base.php:15
actiontransition_post_statusincludes\base.php:17
actionadmin_initincludes\base.php:19
actionadmin_noticesincludes\base.php:792
actionadmin_initincludes\settings.php:58
Maintenance & Trust

Feedify – Web Push Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 6, 2025
PHP min version
Downloads12K

Community Trust

Rating100/100
Number of ratings5
Active installs100
Alternatives

Feedify – Web Push Notifications Alternatives

OneSignal – Web Push Notifications

OneSignal – Web Push Notifications

onesignal-free-web-push-notifications

A
98

Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.

70K 2 CVEs
Notix – Web Push Notifications

Notix – Web Push Notifications

notix-web-push-notifications

A
85

Bring more repeat traffic to your WordPress site with Notix. Best engine for web push subscribers collection and notifications delivery.

800 No CVEs
SendPulse Free Web Push

SendPulse Free Web Push

sendpulse-web-push

A
98

Web push notifications for your website. Available in Chrome (Android and desktop), Firefox (Android and desktop) and Safari (desktop).

600 2 CVEs
informvisitors

informvisitors

informvisitors

A
100

With informvisitors, you can start sending browser push notifications to your clients in less than a minute.Just install the plugin and enjoy.

10 No CVEs
Notificare

Notificare

notificare-website-push

A
85

Smart push notifications for WordPress websites.

10 No CVEs
Developer Profile

Feedify – Web Push Notifications Developer Profile

feedify

1 plugin · 100 total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
292 days
View full developer profile
Detection Fingerprints

How We Detect Feedify – Web Push Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/push-notification-by-feedify/assets/css/bootstrap.css/wp-content/plugins/push-notification-by-feedify/assets/css/style.css/wp-content/plugins/push-notification-by-feedify/assets/css/carousel.css/wp-content/plugins/push-notification-by-feedify/assets/css/font-awesome.css/wp-content/plugins/push-notification-by-feedify/assets/css/formValidation.min.css/wp-content/plugins/push-notification-by-feedify/assets/css/__intlTelInput.css/wp-content/plugins/push-notification-by-feedify/assets/css/feedify-one-step.css/wp-content/plugins/push-notification-by-feedify/assets/js/formValidation.min.js+3 more
Script Paths
/wp-content/plugins/push-notification-by-feedify/assets/js/myscript.js
Version Parameters
push-notification-by-feedify/assets/css/bootstrap.css?ver=push-notification-by-feedify/assets/css/style.css?ver=push-notification-by-feedify/assets/css/carousel.css?ver=push-notification-by-feedify/assets/css/font-awesome.css?ver=push-notification-by-feedify/assets/css/formValidation.min.css?ver=push-notification-by-feedify/assets/css/__intlTelInput.css?ver=push-notification-by-feedify/assets/css/feedify-one-step.css?ver=push-notification-by-feedify/assets/js/formValidation.min.js?ver=push-notification-by-feedify/assets/js/bootstrap.min.js?ver=push-notification-by-feedify/assets/js/intlTelInput.js?ver=push-notification-by-feedify/getkey_ajax.js?ver=

HTML / DOM Fingerprints

CSS Classes
feedify-one-step-sectionfeedify-logofeedify_header
HTML Comments
<!-- start -08-04-2021- 025 --><!--end -08-04-2021- 025 -->
Data Attributes
data-feedify-iddata-feedify-key
JS Globals
the_ajax_script
FAQ

Frequently Asked Questions about Feedify – Web Push Notifications