WP-Safety

Awesome Fontawesome Collection Security & Risk Analysis

wordpress.org/plugins/awesome-fontawesome-collection

By Using fontawesome icon plugin you can demonstrate icons in your pages and widget area.

100 active installs v1.4 PHP + WP 4.0+ Updated Nov 19, 2019
awesomecollectionfontfontawesomeicon
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Awesome Fontawesome Collection Safe to Use in 2026?

Generally Safe

Score 85/100

Awesome Fontawesome Collection has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The 'awesome-fontawesome-collection' plugin v1.4 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, file operations, external HTTP requests, and the exclusive use of prepared statements for SQL queries are strong indicators of secure coding practices. The plugin also demonstrates an awareness of security by including a nonce check. However, the low percentage of properly escaped output (35%) presents a significant concern. This suggests a potential for Cross-Site Scripting (XSS) vulnerabilities, where user-supplied data might be rendered directly in the browser without adequate sanitization.

The plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the lack of critical or high-severity taint flows and unsanitized paths, indicates that the plugin has historically been well-maintained and secure. The small attack surface, consisting of a single shortcode with no apparent authentication checks, is also a positive sign, though the lack of explicit permission checks on this shortcode is a minor weakness.

In conclusion, while the plugin's development appears to follow good security principles regarding SQL injection and code execution risks, the insufficient output escaping is a notable weakness that could be exploited. The clean vulnerability history is reassuring, but the output escaping issue warrants attention to ensure continued security.

Key Concerns

  • Low output escaping rate
  • Shortcode without permission check
Vulnerabilities
None known

Awesome Fontawesome Collection Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Awesome Fontawesome Collection Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
85
46 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

35% escaped131 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<adminpagesetting> (includes\adminpagesetting.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Awesome Fontawesome Collection Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[phoe-icon] includes\shortcode.php:14
WordPress Hooks 9
actionwp_enqueue_scriptsIconsett.php:34
actionadmin_enqueue_scriptsIconsett.php:36
actionmedia_buttons_contextIconsett.php:84
actionadmin_headIconsett.php:87
actionadmin_menuIconsett.php:111
actionadmin_enqueue_scriptsIconsett.php:120
actionadmin_footer-widgets.phpwidget\add_custom_widget.php:29
actionwidgets_initwidget\add_custom_widget.php:654
actionwp_headwidget\add_custom_widget.php:657
Maintenance & Trust

Awesome Fontawesome Collection Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedNov 19, 2019
PHP min version
Downloads7K

Community Trust

Rating30/100
Number of ratings2
Active installs100
Alternatives

Awesome Fontawesome Collection Alternatives

Font Awesome

Font Awesome

font-awesome

A
99

The official way to use Font Awesome Free or Pro icons on your WordPress site, brought to you by the Font Awesome team.

400K 2 CVEs
WP Font Awesome

WP Font Awesome

wp-font-awesome

A
91

This plugin allows you to easily embed Font Awesome icon to your site with simple shortcodes.

10K 2 CVEs
Icon Widget

Icon Widget

icon-widget

A
91

Display an icon, title and description with a widget or a shortcode.

5K 2 CVEs
FA WP Admin Menu Icons

FA WP Admin Menu Icons

fa-wp-admin-menu-icons

A
100

Use Font Awesome icons for custom post types and custom menu pages.

100 No CVEs
NM Font Awesome

NM Font Awesome

nm-font-awesome

A
85

Wordpress plugin that adds the latest version 5 of Font Awesome into your WordPress project.

100 No CVEs
Developer Profile

Awesome Fontawesome Collection Developer Profile

Phoeniixx

25 plugins · 5K total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Awesome Fontawesome Collection

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/awesome-fontawesome-collection/assets/css/phoeniixx-font-awesome.min.css/wp-content/plugins/awesome-fontawesome-collection/assets/css/phoeniixx-font-awesome-ie7.min.css/wp-content/plugins/awesome-fontawesome-collection/assets/css/fontawesome-iconpicker.css/wp-content/plugins/awesome-fontawesome-collection/assets/js/fontawesome-iconpicker.js/wp-content/plugins/awesome-fontawesome-collection/assets/css/admin.css/wp-content/plugins/awesome-fontawesome-collection/assets/js/admin.js
Script Paths
/wp-content/plugins/awesome-fontawesome-collection/assets/js/fontawesome-iconpicker.js/wp-content/plugins/awesome-fontawesome-collection/assets/js/admin.js
Version Parameters
phoeniixx-font-awesome.min.css?ver=phoeniixx-font-awesome-ie7.min.css?ver=fontawesome-iconpicker.css?ver=fontawesome-iconpicker.js?ver=admin.css?ver=admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
phoen-iconpickerphoefontawesome-iconpickerphoeiconpicker-componentphoe-change-icon-placeholderphoen_widget_dashiconlist-group-itemiconstext+2 more
Data Attributes
data-selectedaria-hidden
JS Globals
window.elementwindow.add_icon
Shortcode Output
[phoenix_icon_text]
FAQ

Frequently Asked Questions about Awesome Fontawesome Collection