Medium
CVE-2026-49044
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Ad…
Tag: Font Awesome
All CVEs associated with "Font Awesome". Page 1/1 • 30 CVEs.
Subscribe CVEs: RSS for “Font Awesome” · RSS (High+Critical only)
About “Font Awesome”
A curated feed of “Font Awesome”-related CVEs appears below. We currently track 30 CVEs for this tag (all time). In the last 365 days, 5 were published. Average CVSS is 5.9 (all time; 6.4 over 365d), and 3% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: font-awesome
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 7 | 7.2.0 | - | ||
| 6 | 6.7.2 | - | LTS | |
| 5 | 5.15.4 | - | LTS | |
| 4 | 4.7.0 | - Expired | ||
| 3 | 3.2.1 | - Expired | ||
| 2 | 2.0.0 | - Expired | ||
| 1 | 1.0.0 | - Expired |
Maintained Soon (≤ 180 days) Expired
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-05-27
2026-05-15
Medium
CVE-2026-6415
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON…
2026-03-21
Medium
CVE-2026-2496
The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `eds_font_awesome` shortcode in all versions up to, and including, 2.0. This is due to insuffi…
2026-02-19
Medium
CVE-2025-14983
The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output…
2025-09-05
Medium
CVE-2025-58837
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiful H SS Font Awesome Icon ss-font-awesome-icon allows Stored XSS.This issue affects SS Font A…
2025-04-17
Medium
CVE-2025-39428
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes…
2025-04-01
Medium
CVE-2025-31861
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPOrbit Support Perfect Font Awesome Integration perfect-font-awesome-integration allows Stored X…
2025-02-24
Medium
CVE-2025-27304
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelogger Contact Form 7 Star Rating with font Awesome contact-form-7-star-rating-with-font-awe…
2025-02-13
Medium
CVE-2025-26567
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farjana55 Font Awesome WP font-awesome-wp allows DOM-Based XSS.This issue affects Font Awesome WP…
2025-01-30
Medium
CVE-2024-13512
The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its f…
2025-01-16
Medium
CVE-2025-23927
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in massimo.serpilli Incredible Font Awesome incredible-font-awesome allows Stored XSS.This issue aff…
Medium
CVE-2025-23824
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io…
2024-12-12
Medium
CVE-2024-11891
The Perfect Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfai' shortcode in all versions up to, and including, 2.3 due to insufficient…
2024-11-19
Medium
CVE-2024-51798
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Surbma Surbma | Font Awesome surbma-font-awesome allows DOM-Based XSS.This issue affects Surbma |…
2024-06-08
Medium
CVE-2024-35705
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ciprian Popescu Block for Font Awesome allows Stored XSS.This issue affects Block for Font…
2024-05-22
Medium
CVE-2024-3198
The WP Font Awesome Share Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpfai_social' shortcode in all versions up to, and including, 1.1.1 due to insuff…
2024-01-16
Medium
CVE-2022-3829
The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting…
2023-12-17
Medium
CVE-2023-49751
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.
2023-10-25
Medium
CVE-2023-5127
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping…
2023-10-16
Medium
CVE-2023-45749
Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.
2023-09-28
Medium
CVE-2023-5233
The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization an…
Medium
CVE-2023-5232
The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and out…
2023-09-02
Medium
CVE-2023-4718
The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa' and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to insufficient input san…
2023-08-10
High
CVE-2023-30481
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.
2023-06-03
Medium
CVE-2023-0584
The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with…
2023-02-21
Medium
CVE-2023-0419
The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded,…
Medium
CVE-2023-0271
The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could…
2023-02-13
Medium
CVE-2022-4512
The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which coul…
2023-01-16
Medium
CVE-2022-4478
The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a…
2022-09-09
Medium
CVE-2022-37405
Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress.