Cross-site Scripting Vulnerability in Perfect Font Awesome Integration by WPOrbit
CVE-2025-31861

6.5MEDIUM

Key Information:

Vendor: WPorbit Support
Status: Perfect Font Awesome Integration
Vendor: CVE Published:; 1 April 2025

🔔 Create WPorbit Support Vulnerability Alert

What is CVE-2025-31861?

The Perfect Font Awesome Integration plugin developed by WPOrbit is vulnerable to a stored cross-site scripting (XSS) flaw. This vulnerability allows attackers to inject malicious scripts into web pages, which can subsequently be executed in the browsers of unsuspecting users. It specifically affects versions from n/a through 2.2. Proper input validation and sanitization mechanisms are compromised, making this issue a potential risk for website owners who utilize the plugin.

Affected Version(s)

Perfect Font Awesome Integration <= 2.2

References

https://patchstack.com/database/wordpress/plugin/perfect-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)

JSON