CVE-2022-4478
Font Awesome < 4.3.2 - Contributor+ Stored XSSThe Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
We have discovered 676,327 live websites that are affected by CVE-2022-4478.
Contact us to get more info
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')