MEDIUM
Justin Kruit
CVE published 2026-05-27
CVE-2026-49044
A stored cross-site scripting (XSS) vulnerability exists in the Advanced Custom Fields: Font Awesome Field WordPress plugin, affecting versions up to and including 5.0.2. The vulnerability stems from improper neutralization of input during web page generation (CWE-79). An attacker with low privileges can inject malicious scripts that execute in the context of other users' browsers, potentially leading to [truncated]