16 matches found
CVE-2026-6415
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...
CVE-2026-6415
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...
PT-2026-41276
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the update preview JavaScript function...
WordPress Ed's Font Awesome plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Font Awesome versions = 2.0...
CVE-2026-2496
The CVE concerns the Ed's Font Awesome plugin for WordPress, vulnerable to Stored Cross-Site Scripting via the eds_font_awesome shortcode in all versions up to 2.0. Root cause: insufficient input sanitization and output escaping on user-supplied shortcode attributes. Impact: authenticated attacke...
PT-2026-26839
The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eds font awesome shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2022-51822
Malicious code in bioql PyPI...
EUVD-2023-57465
Malicious code in bioql PyPI...
CVE-2023-5127
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...
WordPress Font Awesome WP plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Font Awesome WP versions = 1.0...
WordPress WP Font Awesome Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)
Software WP Font Awesome Type Plugin Vulnerable versions = 1.7.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5127 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1bfa254a1aff Credits Lana Codes Required...
CVE-2023-45749 WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin = 3.2.4 versions...
PT-2023-30347 · WordPress · Font Awesome 4 Menus
Name of the Vulnerable Software and Affected Versions: Font Awesome 4 Menus plugin for WordPress versions up to, and including, 4.7.0 Description: The issue is related to Stored Cross-Site Scripting via the fa and fa-stack shortcodes due to insufficient input sanitization and output escaping on...
CVE-2023-0419
The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
WordPress plugin Font Awesome 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-14553 · WordPress · Font Awesome Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Font Awesome WordPress plugin versions prior to 4.3.2 Description: The issue concerns the Font Awesome WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them. This could allow users...