cleantalk
Vulnerabilities and Security Researches

Advanced Custom Fields: Font Awesome Field, CVE-2025-14983

CVE, Research URL

CVE-2025-14983

Home page URL

Security reports for Advanced Custom Fields: Font Awesome Field

Application

Advanced Custom Fields: Font Awesome Field

Published on
Feb 19, 2026
Research Description
The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible forauthenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
max 5.0.2.
Status
vulnerable
Previous vulnerability researches
Kenta Companion (5bf94585af0489d21852c82a9f9157821b1edd20) , Jun 07, 2024
Kenta Companion (CVE-2026-27090) , Feb 27, 2026
New vulnerability
BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library (CVE-2025-14283) , Feb 27, 2026
Filestack (CVE-2025-13959) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2025-11706) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2025-11725) , Feb 27, 2026
Aruba HiSpeed Cache (CVE-2026-23694) , Feb 27, 2026