Vulnerabilities and security researches forfont-awesome font-awesome

Jun 06, 2024

CVE, Research URL: CVE-2022-4478
Home page URL: Security reports for Font Awesome
Application: Font Awesome
Date: Jan 16, 2023
Research Description: The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
Affected versions: Min 4.0.0-rc15, max 4.3.2.
Status: vulnerable

CVE, Research URL: 3a8ac41100c64e1a87eb12ac70f52fa81a30ec32
Home page URL: Security reports for Font Awesome
Application: Font Awesome
Date: Mar 11, 2020
Research Description: Font Awesome [font-awesome] >= 4.0.0-RC15 - <= 4.0.0-RC16 WordPress Font Awesome plugin 4.0.0-RC15 - 4.0.0-RC16 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress Font Awesome plugin (versions 4.0.0-RC15 - 4.0.0-RC16).
Affected versions: Min 4.0.0-RC15, max 4.0.0-RC16.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 1f92541a-c18c-4e76-948a-9c954fc5bd59
Home page URL: Security reports for Font Awesome
Application: Font Awesome
Date: -
Research Description: Font Awesome [font-awesome] >= 4.0.0-rc15 - <= 4.0.0-rc16 Font Awesome 4.0.0-RC15 & RC16 - API Token & Access Token Disclosure The vulnerability exposes the Font Awesome API token and access token for users who have configured the plugin to use a kit. If compromised, these tokens could give an unauthorized person access to that user’s list of kits and kit settings.
Affected versions: Min 4.0.0-rc15, max 4.0.0-rc16.
Status: vulnerable

CVE, Research URL: c7c83cad06dd49b30f023f84c2fcfaf603bb8ef0
Home page URL: Security reports for Font Awesome
Application: Font Awesome
Date: Mar 11, 2020
Research Description: Font Awesome [font-awesome] >= 4.0.0-rc15 - <= 4.0.0-rc16 Font Awesome 4.0.0-rc15 and 4.0.0-rc16 - API Token Exposure The Font Awesome plugin for WordPress versions 4.0.0-rc15 and 4.0.0-rc16 are vulnerable to API Token Exposure. The vulnerability exposes the Font Awesome API token and access token for users who have configured the plugin to use a kit. If compromised, these tokens could give an unauthorized person access to that user’s list of kits and kit settings.
Affected versions: Min 4.0.0-rc15, max 4.0.0-rc16.
Status: vulnerable

Jun 25, 2026

PSC, Research URL: PSC-2026-64668
Home page URL: Security reports for Font Awesome
Application: Font Awesome
Date: Jun 25, 2026
Research Description: Icon plugins affect the editor, public markup, scripts, styles, and sometimes external kit configuration. That makes them convenient for visual design, but also security-sensitive because stored icon settings and asset URLs can become part of the public HTML served to visitors. Font Awesome version 5.1.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64668, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for icon rendering, asset loading, kit configuration, and editor integration behavior.
Affected versions: Min 5.1.5, max 5.1.5.
Status: SAFE & CERTIFIED