CVE-2022-4478


Font Awesome < 4.3.2 - Contributor+ Stored XSS

The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.


We have discovered 676,327 live websites that are affected by CVE-2022-4478.

Contact us to get more info



Affected Software

Product  Font Awesome
Category Font Scripts
Vulnerable Versions
  • from 0 before 4.3.2
Total Vulnerable Versions482
Vulnerable Domains676,327 live websites (11.49% of Font Awesome install base)


Common Weakness Enumeration


CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Jan 16, 2023

Credits

  • Lana Codes (finder)
  • WPScan (coordinator)





Countries

United States208,832 websites


Japan55,177 websites
Germany41,174 websites
GB34,483 websites
France32,441 websites
Netherlands23,828 websites
Poland22,603 websites
Italy22,266 websites
Russia20,790 websites
Canada17,062 websites

TLDs

.com292,772 websites
.org31,639 websites
.de26,229 websites
.net21,816 websites
.nl19,631 websites
.co.uk19,539 websites
.pl17,224 websites
.ru16,383 websites
.it14,393 websites
.fr13,627 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2022-4478

Top websites that are affected by CVE-2022-4478. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***.********.com United States***
***********.jp Japan*,***
***.*********.io United States*,***
***.********.org United States*,***
***.*******.gov United States*,***
*************.*********.com United States*,***
***.********.edu United States*,***
*********.org United States*,***
***.*********.org United States*,***
***.************.com United States*,***
See full domain list