The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible forauthenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts that execute in a victim's browser.
References
Configurations
No configuration.
History
19 Feb 2026, 07:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-19 07:17
Updated : 2026-02-19 15:53
NVD link : CVE-2025-14983
Mitre link : CVE-2025-14983
CVE.ORG link : CVE-2025-14983
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')