WP-Safety

Ed's Font Awesome Security & Risk Analysis

wordpress.org/plugins/eds-font-awesome

Ed's Font Awesome Plugin is the ultimate Font Awesome Icon Shortcode plugin. Place over 2,000 font awesome icons anywhere on your WordPress site …

0 active installs v3.0 PHP 7.0+ WP 6.8+ Updated Apr 9, 2026
eds-font-awesome-pluginfont-awesomefont-awesome-iconsiconsshortcode
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEMar 20, 2026
Plugin page Download
Safety Verdict

Is Ed's Font Awesome Safe to Use in 2026?

Mostly Safe

Score 78/100

Ed's Font Awesome is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Mar 20, 2026Updated 1mo ago
Risk Assessment

The "eds-font-awesome" v3.0 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals strong adherence to secure coding practices, with 100% of SQL queries using prepared statements and 100% of output properly escaped. There are no identified dangerous functions, file operations, external HTTP requests, or bundled libraries, which are all good indicators. However, a significant concern arises from the absence of nonce checks and capability checks across all identified entry points (10 shortcodes). While there are no unprotected AJAX handlers or REST API routes, the lack of these fundamental security mechanisms on shortcodes leaves them potentially vulnerable to unauthorized execution or manipulation. The vulnerability history is also a major red flag, with one unpatched medium severity CVE classified as Cross-Site Scripting (XSS). This, coupled with the absence of specific security checks on entry points, suggests a potential for attackers to exploit this plugin to inject malicious scripts.

Key Concerns

  • Unpatched medium severity CVE (XSS)
  • Missing nonce checks on all entry points
  • Missing capability checks on all entry points
Vulnerabilities
1 published

Ed's Font Awesome Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-2496medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ed's Font Awesome <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Mar 20, 2026Unpatched
Version History

Ed's Font Awesome Release Timeline

v3.0Current1 CVE
CVE-2026-2496
v2.11 CVE
CVE-2026-2496
v2.01 CVE
CVE-2026-2496
v1.01 CVE
CVE-2026-2496
vv11 CVE
CVE-2026-2496
Code Analysis
Analyzed Apr 16, 2026

Ed's Font Awesome Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
54 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped54 total outputs
Attack Surface

Ed's Font Awesome Attack Surface

Entry Points10
Unprotected0

Shortcodes 10

[eds_font_awesome] eds_font_awesome.php:29
[eds_fa_mask] eds_font_awesome.php:30
[eds_fa_mask_circle] eds_font_awesome.php:31
[eds_font_awesome_rotate] eds_font_awesome.php:32
[eds_fa_spin] eds_font_awesome.php:33
[eds_fa_layers] eds_font_awesome.php:34
[eds_fa_layer_icon] eds_font_awesome.php:35
[eds_fa_layer_text] eds_font_awesome.php:36
[eds_fa_layer_counter] eds_font_awesome.php:37
[eds_fa_link] eds_font_awesome.php:38
WordPress Hooks 4
actioniniteds_font_awesome.php:21
actionadmin_menueds_font_awesome.php:22
actionadmin_enqueue_scriptseds_font_awesome.php:23
actionwp_enqueue_scriptseds_font_awesome.php:24
Maintenance & Trust

Ed's Font Awesome Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 9, 2026
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Ed's Font Awesome Alternatives

Creative FA and BS Icons Shortcode

Creative FA and BS Icons Shortcode

creative-fa-and-bs-icons-shortcode

A
85

This plugin Allows you to add Font-Awesome and Bootstrap Icons Easily using shortcode. Just install and activate this plugin and use shortcode for usi &hellip;

0 No CVEs
Cf7 Icons and Labels

Cf7 Icons and Labels

cf7-icons-and-labels

A
85

This plugin can be used to add font awesome icons and labels to the Contact Form 7.

600 No CVEs
SS Font Awesome Icon

SS Font Awesome Icon

ss-font-awesome-icon

C
63

Easiest way to integrate Font Awesome Icon in any post or widget.

200 1 unpatched
Ultimate Icon Shortcodes – LITE

Ultimate Icon Shortcodes – LITE

ultimate-icon-shortcodes

A
85

This plugin will add a small button to your post / page editor, clicking on that will bring up our visual icon selector. Choose the icon you want and &hellip;

10 No CVEs
Popular Brand Icons – Simple Icons

Popular Brand Icons – Simple Icons

simple-icons

C
63

An easy to use lightweight SVG icons plugin with over 1500+ brand icons. Use these icons in your menus, widgets, posts, or pages.

3K 1 unpatched
Developer Profile

Ed's Font Awesome Developer Profile

waianaeboy702

2 plugins · 0 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ed's Font Awesome

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/eds-font-awesome/css/font-awesome.min.css/wp-content/plugins/eds-font-awesome/js/fontawesome-all.min.js
Script Paths
/wp-content/plugins/eds-font-awesome/js/fontawesome-all.min.js
Version Parameters
eds-font-awesome/css/font-awesome.min.css?ver=eds-font-awesome/js/fontawesome-all.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
eds_font_awesome
Data Attributes
data-fa-transformdata-fa-mask
Shortcode Output
<i class="<div class="fa-fa-layers fa-fw
FAQ

Frequently Asked Questions about Ed's Font Awesome