cleantalk
Vulnerabilities and Security Researches

Font Awesome, CVE-2022-4478

CVE, Research URL

CVE-2022-4478

Home page URL

Security reports for Font Awesome

Application

Font Awesome

Published on
Jan 16, 2023
Research Description
The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
Affected versions
Min 4.0.0-rc15, max 4.3.2.
Status
vulnerable
Previous vulnerability researches
Incredible Font Awesome (CVE-2025-23927) , Jan 18, 2025
Surbma | Font Awesome (CVE-2024-51798) , Nov 12, 2024
SS Font Awesome Icon (CVE-2025-58837) , Sep 07, 2025
Perfect Font Awesome Integration (CVE-2025-31861) , Apr 03, 2025
Perfect Font Awesome Integration (CVE-2024-11891) , Dec 13, 2024
New vulnerability
Cornerstone (CVE-2026-9710) , Jun 26, 2026
Cornerstone (CVE-2026-9709) , Jun 26, 2026
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2026-10833) , Jun 26, 2026
Post Duplicator (CVE-2026-10749) , Jun 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026