PT-2026-20622 · WordPress · Advanced Custom Fields: Font Awesome Field

Jonghwan Shin

·

Publicado

2026-02-19

·

Atualizado

2026-02-19

·

CVE-2025-14983

CVSS v3.1

6.4

Média

VetorAV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Advanced Custom Fields: Font Awesome Field plugin for WordPress versions up to and including 5.0.1
Description The Advanced Custom Fields: Font Awesome Field plugin for WordPress is susceptible to Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts that will execute in a victim’s browser.
Recommendations Update the Advanced Custom Fields: Font Awesome Field plugin to a version later than 5.0.1.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2025-14983

Produtos afetados

Advanced Custom Fields: Font Awesome Field