CVE-2024-3198 in WP Font Awesome Share Icons Plugin
Summary
by MITRE • 05/22/2024
The WP Font Awesome Share Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's
'wpfai_social' shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/04/2026
The WP Font Awesome Share Icons plugin for WordPress represents a critical security vulnerability through its stored cross-site scripting flaw in the wpfai_social shortcode functionality. This vulnerability affects all plugin versions up to and including 111, creating a persistent threat vector that can be exploited by authenticated attackers who possess contributor-level privileges or higher. The flaw stems from inadequate input sanitization mechanisms and insufficient output escaping procedures that fail to properly validate or escape user-supplied attributes before processing them within the plugin's shortcode implementation.
The technical nature of this vulnerability places it squarely within the realm of CWE-79 - Improper Neutralization of Input During Web Page Generation, which specifically addresses the failure to properly sanitize user-provided data before incorporating it into web page content. This weakness allows malicious actors to inject malicious scripts that execute in the context of other users' browsers when they access pages containing the compromised shortcode. The stored nature of this XSS vulnerability means that the malicious payload persists in the database and executes every time the affected page is loaded, creating a particularly dangerous threat vector that can affect multiple users over extended periods.
Operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the capability to perform session hijacking, steal sensitive user credentials, redirect victims to malicious domains, or even execute more sophisticated attacks such as credential theft through browser-based exploitation techniques. The fact that this vulnerability requires only contributor-level access makes it particularly concerning from a security posture perspective, as it can be exploited by users who are typically considered less privileged within WordPress environments. This access level typically includes users who can publish posts and pages, making the attack surface potentially much broader than initially apparent.
The attack vector for this vulnerability is straightforward yet effective, requiring attackers to insert malicious script content into shortcode attributes that are then stored in the WordPress database. When legitimate users access pages containing these compromised shortcodes, their browsers execute the injected scripts, potentially leading to complete compromise of user sessions and data exposure. The vulnerability aligns with several ATT&CK techniques including T1566 - Phishing and T1071.001 - Application Layer Protocol: Web Protocols, as it leverages web-based interfaces to deliver malicious payloads. Organizations should implement immediate mitigation strategies including plugin updates to versions that address the sanitization issues, implementing strict content validation policies, and conducting comprehensive security audits of all installed plugins to identify similar vulnerabilities. Additionally, administrators should consider implementing web application firewalls and monitoring for suspicious shortcode usage patterns to detect potential exploitation attempts.