Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2.

CVSS: 6.5 · CWE: CWE-79

View on NVD

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the update_preview() JavaScript function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject…

CVSS: 6.4 · CWE: CWE-79

View on NVD

The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `eds_font_awesome` shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts i…

CVSS: 6.4 · CWE: CWE-79

View on NVD

The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible forauthenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts that execute in a victim's browser.

CVSS: 6.4 · CWE: CWE-79

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiful H SS Font Awesome Icon ss-font-awesome-icon allows Stored XSS.This issue affects SS Font Awesome Icon: from n/a through <= 4.1.3.

CVSS: 6.5 · CWE: CWE-79

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS Themes with Fontawesome and Placeholders: from n/a through <= 8.5.

CVSS: 5.9 · CWE: CWE-79

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPOrbit Support Perfect Font Awesome Integration perfect-font-awesome-integration allows Stored XSS.This issue affects Perfect Font Awesome Integration: from n/a through <= 2.3.

CVSS: 6.5 · CWE: CWE-79

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelogger Contact Form 7 Star Rating with font Awesome contact-form-7-star-rating-with-font-awersome allows Stored XSS.This issue affects Contact Form 7 Star Rating with font Awesome: from n/a through <= 1.3.

CVSS: 5.9 · CWE: CWE-79

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farjana55 Font Awesome WP font-awesome-wp allows DOM-Based XSS.This issue affects Font Awesome WP: from n/a through <= 1.0.

CVSS: 6.5 · CWE: CWE-79

View on NVD

The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an a…

CVSS: 6.1 · CWE: CWE-352

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in massimo.serpilli Incredible Font Awesome incredible-font-awesome allows Stored XSS.This issue affects Incredible Font Awesome: from n/a through <= 1.0.

CVSS: 6.5 · CWE: CWE-79

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io ShortCodes: from n/a through 1.0.

CVSS: 6.5 · CWE: CWE-79

View on NVD

The Perfect Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfai' shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in page…

CVSS: 6.4 · CWE: CWE-79

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Surbma Surbma | Font Awesome surbma-font-awesome allows DOM-Based XSS.This issue affects Surbma | Font Awesome: from n/a through <= 3.0.

CVSS: 6.5 · CWE: CWE-79

View on NVD

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font Awesome: from n/a through 1.4.4.

CVSS: 6.5 · CWE: CWE-79

View on NVD

The WP Font Awesome Share Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpfai_social' shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts…

CVSS: 6.4 · CWE: CWE-79

View on NVD

The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: 4.8 · CWE: CWE-79

View on NVD

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.

CVSS: 4.3 · CWE: CWE-352

View on NVD

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever…

CVSS: 6.4 · CWE: CWE-79

View on NVD

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.

CVSS: 4.3 · CWE: CWE-352

View on NVD

The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execut…

CVSS: 6.4 · CWE: CWE-79

View on NVD

The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whe…

CVSS: 6.4 · CWE: CWE-79

View on NVD

The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa' and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that…

CVSS: 6.4 · CWE: CWE-79

View on NVD

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.

CVSS: 7.1 · CWE: CWE-79

View on NVD

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value.

CVSS: 4.3 · CWE: CWE-285

View on NVD

The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVSS: 5.4 · CWE: CWE-79

View on NVD

The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVSS: 5.4 · CWE: N/A

View on NVD

The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVSS: 5.4 · CWE: N/A

View on NVD

The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.

CVSS: 5.4 · CWE: N/A

View on NVD

Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress.

CVSS: 4.3 · CWE: CWE-352

View on NVD