cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-3829,https://securityvulnerability.io/vulnerability/CVE-2022-3829,Font Awesome 4 Menus <= 4.7.0 - Admin+ Stored XSS,"The Font Awesome 4 Menus WordPress plugin through version 4.7.0 contains a vulnerability that fails to properly sanitize and escape certain settings. This oversight can permit users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting attacks. Even in situations where the 'unfiltered_html' capability is disabled, like in multisite configurations, this flaw poses a significant threat to WordPress installations. Proper validation and sanitization mechanisms are necessary to mitigate the associated risks.",Wordpress,Font Awesome 4 Menus,4.8,MEDIUM,0.0005200000014156103,false,,false,false,true,true,false,false,2024-01-16T15:53:24.250Z,0
CVE-2023-4718,https://securityvulnerability.io/vulnerability/CVE-2023-4718,Stored Cross-Site Scripting Vulnerability in Font Awesome 4 Menus Plugin for WordPress,"The Font Awesome 4 Menus plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level and higher permissions to exploit stored cross-site scripting via the 'fa' and 'fa-stack' shortcodes. This weakness is due to inadequate input sanitization and output escaping on user-supplied attributes, enabling attackers to inject arbitrary web scripts. These scripts are executed whenever a user visits the affected page, compromising user security and potentially leading to further attacks.",Wordpress,Font Awesome 4 Menus,5.4,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2023-09-02T04:15:00.000Z,0