Font Awesome WordPress Plugin API Token Vulnerability in Version 4.0.0-rc15 & 4.0.0-rc16
https://blog.fontawesome.comThe Font Awesome WordPress plugin has 100,000+ active installations and can be used to integrate Font Awesome Free or Pro icons on your site. In versions 4.0.0-rc15 & 4.0.0-rc16, there is a vulnerability that exposes the Font Awesome API token and access token for users who have configured the plugin to use a kit. If compromised, these tokens could give an unauthorized person access to that userβs list of kits and kit settings.
The issue has been fixed in Version 4.0.0-rc17 which is available now from the WordPress Plugin Repo.