WordPress Plugin Vulnerabilities
Advanced Custom Fields: Font Awesome < 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description
The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible forauthenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts that execute in a victim's browser.
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
JongHwan Shin (zzzsleep)
Verified
No
WPVDB ID
Timeline
Publicly Published
2026-02-18 (about 4 months ago)
Added
2026-02-18 (about 4 months ago)
Last Updated
2026-02-19 (about 4 months ago)