CVE-2025-26567
📋 TL;DR
This DOM-based XSS vulnerability in the Font Awesome WP WordPress plugin allows attackers to inject malicious scripts that execute in users' browsers when they visit compromised pages. It affects all WordPress sites using Font Awesome WP plugin versions up to 1.0. Attackers can steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- Font Awesome WP WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover through session hijacking, credential theft, malware distribution to visitors, and persistent compromise of all users accessing affected pages.
Likely Case
Session hijacking for authenticated users, defacement of website content, redirection to malicious sites, and theft of user data entered on compromised pages.
If Mitigated
Limited impact if CSP headers are properly configured, user input is sanitized elsewhere, and users have script-blocking extensions, though some functionality may break.
🎯 Exploit Status
DOM-based XSS typically requires user interaction (visiting a malicious link) but doesn't require authentication. Exploitation is straightforward once the attack vector is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.0 (check plugin repository for latest)
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Font Awesome WP' and check for updates. 4. If update available, click 'Update Now'. 5. If no update available, deactivate and delete the plugin, then find a secure alternative.
🔧 Temporary Workarounds
Content Security Policy (CSP) Implementation
allImplement strict CSP headers to prevent execution of inline scripts and unauthorized script sources.
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self' https://trusted.cdn.com; object-src 'none'"
Plugin Deactivation
linuxTemporarily disable the vulnerable plugin until patched version is available.
wp plugin deactivate font-awesome-wp
🧯 If You Can't Patch
- Immediately deactivate and remove the Font Awesome WP plugin from all WordPress installations.
- Implement web application firewall (WAF) rules to block XSS payloads targeting this plugin.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Font Awesome WP' with version 1.0 or earlier.Check Version:
wp plugin list --name=font-awesome-wp --field=versionVerify Fix Applied:
Verify plugin is either updated to version after 1.0 or completely removed from plugins directory.📡 Detection & Monitoring
Log Indicators:
- Unusual POST/GET requests containing script tags or JavaScript events to pages using Font Awesome WP
- Multiple failed XSS attempts in web server logs
Network Indicators:
- Outbound connections to suspicious domains from your web server following XSS payload execution
SIEM Query:
source="web_logs" AND (uri="*font-awesome-wp*" AND (message="*<script>*" OR message="*javascript:*" OR message="*onload=*"))