WordPress Plugin Vulnerabilities

Font Awesome Integration <= 5.0 - Contributor+ Stored Cross-Site Scripting

Description

The plugin does not sufficiently sanitize and escape user-supplied attributes in the 'fawesome' shortcode, which can lead to the injection of arbitrary web scripts on pages accessed by users.

Affects Plugins

Plugin icon
font-awesome-integration
No known fix

References

CVE
CVE-2023-5233
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/a2791f48-895f-4099-87ec-41aaac2494a2

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.4 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
9494c83d-4294-4993-973c-90ff07831c76

Timeline

Publicly Published
2023-09-27 (about 2 years ago)
Added
2023-09-28 (about 2 years ago)
Last Updated
2023-09-28 (about 2 years ago)

Other

Published
Title
Published
2026-02-25
Title
WooCommerce Coming Soon Product with Countdown <= 5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2023-06-05
Title
KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting
Published
2023-04-28
Title
WP Search Analytics < 1.4.6 - Admin+ Stored XSS
Published
2024-04-05
Title
Icegram Express < 5.7.16 - Authenticated (Administrator+) Cross-Site Scripting via CSV import
Published
2026-01-16
Title
CubeWP < 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode