cleantalk
Vulnerabilities and Security Researches

Advanced Custom Fields: Font Awesome Field, CVE-2025-14983

CVE, Research URL

CVE-2025-14983

Home page URL

Security reports for Advanced Custom Fields: Font Awesome Field

Application

Advanced Custom Fields: Font Awesome Field

Published on
Feb 19, 2026
Research Description
The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible forauthenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
max 5.0.2.
Status
vulnerable
Previous vulnerability researches
Post Slides (CVE-2025-15491) , Feb 27, 2026
New vulnerability
Court Reservation – Manage Your Court Bookings Online (CVE-2025-68852) , Feb 27, 2026
MailerLite – Signup forms (official) (CVE-2026-25420) , Feb 27, 2026
Starfish Review Generation & Marketing for WordPress (CVE-2025-15157) , Feb 27, 2026
Simple File List (CVE-2026-24953) , Feb 27, 2026
Visual Link Preview (CVE-2026-24984) , Feb 27, 2026