Does Advanced Custom Fields: Font Awesome Field have any unpatched vulnerabilities?

No. All known vulnerabilities in Advanced Custom Fields: Font Awesome Field have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced Custom Fields: Font Awesome Field compatible with WordPress 6.9.4?

According to WordPress.org data, Advanced Custom Fields: Font Awesome Field 5.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Advanced Custom Fields: Font Awesome Field compatible with PHP 5.6+?

Advanced Custom Fields: Font Awesome Field requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Advanced Custom Fields: Font Awesome Field updated?

Advanced Custom Fields: Font Awesome Field was last updated on Jan 9, 2026. Frequent updates are generally a positive security signal.

What is Advanced Custom Fields: Font Awesome Field's security score?

Advanced Custom Fields: Font Awesome Field has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Custom Fields: Font Awesome Field Security & Risk Analysis

wordpress.org/plugins/advanced-custom-fields-font-awesome

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K active installs v5.0.2 PHP 5.6+ WP 3.5+ Updated Jan 9, 2026

acfadvanced-custom-fieldsfont-awesomefontawesome

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 18, 2026

Plugin page Download

Safety Verdict

Is Advanced Custom Fields: Font Awesome Field Safe to Use in 2026?

Generally Safe

Score 99/100

Advanced Custom Fields: Font Awesome Field has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 18, 2026Updated 2mo ago

Risk Assessment

The 'advanced-custom-fields-font-awesome' plugin version 5.0.2 exhibits a generally positive security posture due to strong coding practices observed in static analysis. The absence of dangerous functions, 100% usage of prepared statements for SQL queries, and a very high rate of output escaping (98%) are commendable. The limited attack surface, with only one AJAX handler and no unprotected entry points, further contributes to its security. However, the presence of external HTTP requests and a single cron event without explicit mention of their security considerations warrant careful review.

The vulnerability history indicates a past medium-severity Cross-site Scripting (XSS) vulnerability, although it is currently patched. The fact that the last vulnerability was in 2026 is unusual and likely a data entry error; however, even with patched vulnerabilities, it suggests the plugin has had exploitable weaknesses in the past. The lack of taint analysis results is also a notable omission, preventing a deeper understanding of how data flows within the plugin.

Overall, while the current version demonstrates good security hygiene in static analysis, the past XSS vulnerability and the presence of external HTTP requests and cron events without explicit security assurances suggest that vigilance is still required. The plugin benefits from strong defensive coding in areas like SQL and output handling, but further investigation into the security of its external interactions and the completeness of its security testing (as indicated by the lack of taint analysis) is recommended.

Key Concerns

Past medium severity XSS vulnerability (patched)
External HTTP requests present
Cron events present
No capability checks found
Limited taint analysis data

Vulnerabilities

Advanced Custom Fields: Font Awesome Field Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-14983medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Custom Fields: Font Awesome <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 18, 2026 Patched in 5.0.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

Advanced Custom Fields: Font Awesome Field Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

118 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped120 total outputs

Attack Surface

Advanced Custom Fields: Font Awesome Field Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_ACFFA_delete_icon_setadmin\class-ACFFA-Admin.php:31

WordPress Hooks 35

actioninitacf-font-awesome.php:62

actionadmin_noticesacf-font-awesome.php:97

actionACFFA_theme_install_update_checkacf-font-awesome.php:99

actionacf/include_field_typesacf-font-awesome.php:254

actionadmin_noticesadmin\class-ACFFA-Admin.php:19

actionadmin_noticesadmin\class-ACFFA-Admin.php:20

filterplugin_action_linksadmin\class-ACFFA-Admin.php:21

actionadmin_menuadmin\class-ACFFA-Admin.php:22

actionadmin_initadmin\class-ACFFA-Admin.php:23

filterpre_update_option_acffa_settingsadmin\class-ACFFA-Admin.php:24

filterpre_update_option_acffa_settingsadmin\class-ACFFA-Admin.php:25

filterpre_update_option_acffa_settingsadmin\class-ACFFA-Admin.php:26

filterpre_update_option_acffa_settingsadmin\class-ACFFA-Admin.php:27

filterpre_update_option_acffa_settingsadmin\class-ACFFA-Admin.php:28

actionupdate_option_acffa_settingsadmin\class-ACFFA-Admin.php:29

actionadmin_initadmin\class-ACFFA-Admin.php:30

filterACFFA_show_fontawesome_pro_blurbsadmin\class-ACFFA-Admin.php:32

actionadmin_enqueue_scriptsadmin\class-ACFFA-Admin.php:35

actionadmin_enqueue_scriptsadmin\class-ACFFA-Admin.php:36

actionadmin_enqueue_scriptsadmin\class-ACFFA-Admin.php:38

actionadmin_footeradmin\class-ACFFA-Admin.php:174

actionacf/initadmin\class-ACFFA-Admin.php:1032

actionwp_enqueue_scriptsfields\acf-font-awesome-v5.php:38

filteracf/load_fieldfields\acf-font-awesome-v5.php:40

actionwp_footerfields\acf-font-awesome-v5.php:281

actionwp_enqueue_scriptsfields\acf-font-awesome-v6.php:38

filteracf/load_fieldfields\acf-font-awesome-v6.php:40

filterACFFA_v5_upgrade_compat_selected_field_setsfields\acf-font-awesome-v6.php:43

filterACFFA_v5_upgrade_compat_format_valuefields\acf-font-awesome-v6.php:44

actionwp_footerfields\acf-font-awesome-v6.php:301

actionwp_enqueue_scriptsfields\acf-font-awesome-v7.php:38

filteracf/load_fieldfields\acf-font-awesome-v7.php:40

filterACFFA_v5_upgrade_compat_selected_field_setsfields\acf-font-awesome-v7.php:43

filterACFFA_v5_upgrade_compat_format_valuefields\acf-font-awesome-v7.php:44

actionwp_footerfields\acf-font-awesome-v7.php:332

Scheduled Events 1

ACFFA_theme_install_update_check

Maintenance & Trust

Advanced Custom Fields: Font Awesome Field Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 9, 2026

PHP min version5.6

Downloads1.7M

Community Trust

Rating98/100

Number of ratings36

Active installs100K

Alternatives

Advanced Custom Fields: Font Awesome Field Alternatives

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs

Table Field Add-on for ACF and SCF

advanced-custom-fields-table-field

A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.

50K 2 CVEs

ACF: Better Search

acf-better-search

This plugin adds to default WordPress search engine the ability to search by content from selected fields of Advanced Custom Fields plugin.

40K 1 CVE

WP All Import – Import Add-On for ACF

csv-xml-import-for-acf

100

Drag & drop to import any CSV, Excel, XML, or Google Sheets file into Advanced Custom Fields. Supports repeaters, flexible content, galleries, and …

40K No CVEs

Advanced Custom Fields: Gravity Forms Add-on

acf-gravityforms-add-on

100

Provides an Advanced Custom Field which allows a WordPress user to select a Gravity Form as part of a field group configuration.

30K No CVEs

Developer Profile

Advanced Custom Fields: Font Awesome Field Developer Profile

Matt Keys

4 plugins · 121K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

421 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Custom Fields: Font Awesome Field

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advanced-custom-fields-font-awesome/assets/css/acf-fa-plugin.css/wp-content/plugins/advanced-custom-fields-font-awesome/assets/js/acf-fa-plugin.js/wp-content/plugins/advanced-custom-fields-font-awesome/fields/acf-font-awesome-v5.php/wp-content/plugins/advanced-custom-fields-font-awesome/fields/acf-font-awesome-v6.php/wp-content/plugins/advanced-custom-fields-font-awesome/fields/acf-font-awesome-v7.php

Script Paths

/wp-content/plugins/advanced-custom-fields-font-awesome/assets/js/acf-fa-plugin.js

Version Parameters

advanced-custom-fields-font-awesome/assets/css/acf-fa-plugin.css?ver=advanced-custom-fields-font-awesome/assets/js/acf-fa-plugin.js?ver=

HTML / DOM Fingerprints

CSS Classes

acf-fa-fieldacf-fa-pickeracf-fa-picker-content

HTML Comments

ACF Font Awesome Field. ACF Font Awesome Field Type. ACF Font Awesome Picker. ACF Font Awesome Picker Content.

Data Attributes

data-fa-versiondata-font-awesome-field

JS Globals

acf_font_awesome_config

FAQ