Malicious Package

Overview tailwindcss-fontawesome is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...

EUVD-2025-11552

Malicious code in bioql PyPI...

MAL-2025-20749 Malicious code in fontawesome-pro-all (npm)

The package fontawesome-pro-all was found to contain malicious code...

Malicious code in fontawesome-pro-all (npm)

The package fontawesome-pro-all was found to contain malicious code...

fontawesome-fonts bug fix update

An update is available for fontawesome-fonts. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Font Awesome gives you scalable vector icons that can instantly be...

CVE-2025-39428

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS...

CVE-2025-39428

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS...

CVE-2025-39428

CVE-2025-39428 : Cross-Site Scripting in Gravity Forms CSS Themes with Fontawesome and Placeholders (WordPress plugin) allows stored XSS. Affected: Gravity Forms CSS Themes with Fontawesome and Placeholders, versions n/a through 8.5. Root cause: improper input neutralization during web page gener...

CVE-2025-39428 WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders allows Stored XSS. This issue affects Gravity Forms CSS Themes with Fontawesome and Placeholders: from n/a through 8.5...

CVE-2025-39428 WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS...

WordPress plugin Gravity Forms CSS Themes with Fontawesome and Placeholders 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...

WordPress Wonder FontAwesome plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Wonder FontAwesome versions = 0.8...

CVE-2024-13512

The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2024-13512 Wonder FontAwesome <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2024-13512

CVE-2024-13512 affects the WordPress plugin Wonder FontAwesome (versions ≤ 0.8). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on a function, enabling unauthenticated attackers to update settings and inject malicious scripts via forged reque...

PT-2025-2199 · WordPress · Wonder Fontawesome

Name of the Vulnerable Software and Affected Versions: Wonder FontAwesome plugin for WordPress versions up to, and including, 0.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation in one of the plugin's functions. This allows...

WordPress plugin Wonder FontAwesome 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

WordPress FontAwesome.io ShortCodes plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin FontAwesome.io ShortCodes versions = 1.0...

WordPress plugin FontAwesome.io ShortCodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Malicious code in oj-odcs-fontawesome (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 305cca77ffd82127e64a3a925db786f7045fdb77cfcbdb5d968a8a785164e69b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...