Block for Font Awesome Security & Risk Analysis
wordpress.org/plugins/block-for-font-awesomeDisplay a Font Awesome 5, Font Awesome 6, Font Awesome 7 or Font Awesome kit icon in a Gutenberg block or a custom HTML block.
Is Block for Font Awesome Safe to Use in 2026?
Generally Safe
Score 99/100Block for Font Awesome has a strong security track record. Known vulnerabilities have been patched promptly.
The 'block-for-font-awesome' plugin version 1.7.7 demonstrates a generally good security posture based on the static analysis, with no critical or high-severity code signals indicating immediate risks. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. Furthermore, the high percentage of properly escaped output and the presence of nonce and capability checks (though capability checks are noted as absent, the single nonce check is a positive sign) suggest developers are implementing some secure coding practices. However, the presence of two known medium-severity vulnerabilities, even if currently patched, with past occurrences of Cross-Site Scripting and Cross-Site Request Forgery, indicates a recurring pattern that warrants attention. While the attack surface is small and currently appears unprotected entry points are zero, the history of XSS and CSRF vulnerabilities, even if resolved, suggests potential for input validation or output sanitization oversights that have been exploited in the past. Therefore, while the immediate code analysis is reassuring, the historical vulnerability record necessitates vigilance, particularly regarding how user-supplied data is handled within the shortcodes and any other potential, less obvious, interaction points.
Key Concerns
- History of XSS vulnerabilities
- History of CSRF vulnerabilities
- Some outputs not properly escaped (16%)
- No capability checks found
Block for Font Awesome Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Block for Font Awesome <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Block for Font Awesome <= 1.4.0 - Cross-Site Request Forgery
Block for Font Awesome Code Analysis
Output Escaping
Data Flow Analysis
Block for Font Awesome Attack Surface
Shortcodes 2
WordPress Hooks 6
Maintenance & Trust
Block for Font Awesome Maintenance & Trust
Maintenance Signals
Community Trust
Block for Font Awesome Alternatives
Creative FA and BS Icons Shortcode
creative-fa-and-bs-icons-shortcode
This plugin Allows you to add Font-Awesome and Bootstrap Icons Easily using shortcode. Just install and activate this plugin and use shortcode for usi …
WP Font Awesome
wp-font-awesome
This plugin allows you to easily embed Font Awesome icon to your site with simple shortcodes.
JVM Rich Text Icons
jvm-rich-text-icons
Insert icons anywhere in your content — inline in text, headings, buttons, or as a standalone block.
Cf7 Icons and Labels
cf7-icons-and-labels
This plugin can be used to add font awesome icons and labels to the Contact Form 7.
Icon Box Block – Insert your favorite icon with customization and design
envision-icon-box-block
Icon Box is a straightforward block for the Gutenberg editor that lets you place a stylish icon with a fully customizable box.
Block for Font Awesome Developer Profile
8 plugins · 4K total installs
How We Detect Block for Font Awesome
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/block-for-font-awesome/assets/css/admin.csshttps://use.fontawesome.com/releases/v5.15.4/js/all.jshttps://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.7.2/js/all.min.jshttps://use.fontawesome.com/releases/v6.7.2/js/all.jshttps://cdnjs.cloudflare.com/ajax/libs/font-awesome/7.2.0/js/all.min.jshttps://use.fontawesome.com/releases/v7.2.0/js/all.jsblock-for-font-awesome/assets/css/admin.css?ver=HTML / DOM Fingerprints
[fa[/fa][icon[/icon]