Main Vulnerability Database Vulnerabilities #VU25986

Information disclosure in Font Awesome - #VU25986

Published: March 11, 2020

Vulnerability identifier: #VU25986

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Font Awesome

Affected software:
Font Awesome

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin exposes the Font Awesome API token and access token for users who have configured the plugin to use a kit. A remote attacker can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

Sources

https://wpvulndb.com/vulnerabilities/10122/
https://blog.fontawesome.com/font-awesome-wordpress-plugin-api-token-vulnerability-fixed/

Information disclosure in Font Awesome - #VU25986

Detailed vulnerability description

Remediation

Sources

Please verify you're human