Main Vulnerability Database Vulnerabilities #VU25986

#VU25986 Information disclosure in Font Awesome

Published: March 11, 2020

Vulnerability identifier: #VU25986

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Font Awesome

Software vendor:
Font Awesome

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin exposes the Font Awesome API token and access token for users who have configured the plugin to use a kit. A remote attacker can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://wpvulndb.com/vulnerabilities/10122/
https://blog.fontawesome.com/font-awesome-wordpress-plugin-api-token-vulnerability-fixed/