CVE-2023-5127 in WP Font Awesome Plugin
Summary
by MITRE • 10/25/2023
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 04/11/2026
The WP Font Awesome plugin for WordPress represents a widely used tool that enables website administrators to implement font icons within their content through shortcode functionality. This particular vulnerability affects versions up to and including 1.7.9, where the plugin fails to properly sanitize user input and escape output when processing the 'icon' attribute within shortcodes. The flaw exists in the plugin's handling of user-supplied data, creating a persistent cross-site scripting attack vector that can be exploited by authenticated attackers.
The technical implementation of this vulnerability stems from inadequate validation and sanitization of the 'icon' parameter that users can supply when creating shortcodes. When an attacker with contributor-level permissions or higher creates or modifies content containing a maliciously crafted shortcode, the plugin stores the unsanitized input directly into the database. This stored payload remains dormant until a victim user accesses a page containing the injected shortcode, at which point the malicious script executes within the victim's browser context. The vulnerability operates as a classic stored XSS attack, where the malicious code is permanently embedded in the website's content rather than being reflected in a single request.
The operational impact of this vulnerability extends beyond simple script execution, as it allows attackers to perform various malicious activities within the context of authenticated users' browsers. Attackers could potentially steal session cookies, redirect users to malicious sites, modify content, or perform actions on behalf of the victim user. The privilege requirement of contributor-level access means that attackers who have gained access to a low-privilege account can escalate their impact significantly, potentially compromising the entire website if the attacker can manipulate content that other users will view. This vulnerability particularly affects websites where contributors have access to the WordPress admin interface and can create or edit posts and pages.
Security professionals should recognize this vulnerability as a direct violation of CWE-79, which addresses cross-site scripting flaws in web applications. The weakness demonstrates poor input validation and output escaping practices that are fundamental to preventing XSS attacks. From an ATT&CK framework perspective, this vulnerability maps to technique T1059.001 for command and control through scripting and T1566.001 for social engineering via phishing, as attackers can leverage this vulnerability to execute malicious scripts against unsuspecting users. Organizations should immediately update to the latest version of the WP Font Awesome plugin where this vulnerability has been patched, implement proper input validation measures, and conduct thorough security audits of all installed plugins. Additionally, administrators should consider implementing content security policies and monitoring for suspicious shortcode usage patterns to detect potential exploitation attempts.