WordPress Plugin Vulnerabilities

Advanced Custom Fields: Font Awesome < 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description

The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible forauthenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts that execute in a victim's browser.

Affects Plugins

References

Classification

Type
XSS
CWE

Miscellaneous

Original Researcher
JongHwan Shin (zzzsleep)
Verified
No

Timeline

Publicly Published
2026-02-18 (about 4 months ago)
Added
2026-02-18 (about 4 months ago)
Last Updated
2026-02-19 (about 4 months ago)

Other