2 matches found
CVE-2023-5127
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...
CVE-2023-5127
CVE-2023-5127 affects the WP Font Awesome WordPress plugin (versions ≤ 1.7.9). The vulnerability is a stored XSS via shortcode attributes, specifically the icon attribute, allowing authenticated users with contributor+ privileges to inject scripts into pages executed when viewed. Evidence from mu...