Does Font Awesome have any unpatched vulnerabilities?

No. All known vulnerabilities in Font Awesome have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Font Awesome compatible with WordPress 6.9.4?

According to WordPress.org data, Font Awesome 5.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Font Awesome compatible with PHP 7.4+?

Font Awesome requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Font Awesome updated?

Font Awesome was last updated on Dec 17, 2025. Frequent updates are generally a positive security signal.

What is Font Awesome's security score?

Font Awesome has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Font Awesome Security & Risk Analysis

wordpress.org/plugins/font-awesome

The official way to use Font Awesome Free or Pro icons on your WordPress site, brought to you by the Font Awesome team.

400K active installs v5.1.3 PHP 7.4+ WP 5.8+ Updated Dec 17, 2025

fontawesomeiconiconfontsvg-iconwebfont

A · Safe

CVEs total2

Unpatched0

Last CVEDec 22, 2022

Plugin page Download

Safety Verdict

Is Font Awesome Safe to Use in 2026?

Generally Safe

Score 99/100

Font Awesome has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 22, 2022Updated 3mo ago

Risk Assessment

The Font Awesome plugin v5.1.3 exhibits a generally good security posture based on the static analysis, with no identified dangerous functions, file operations, or raw SQL queries. The high percentage of properly escaped output is also a positive sign. However, the presence of external HTTP requests without further details on their purpose or how they handle responses warrants scrutiny, as these could potentially be leveraged in certain attack vectors. The plugin also has a history of two medium severity vulnerabilities, including Cross-Site Scripting and Exposure of Sensitive Information. While these are currently patched, it suggests that the plugin has had exploitable flaws in the past, and future vulnerabilities are possible if development practices do not maintain vigilance.

Overall, while the code analysis suggests a solid foundation in terms of preventing common vulnerabilities like SQL injection and XSS through proper escaping and prepared statements, the historical vulnerability data and the unidentified external HTTP requests present the primary areas of concern. The lack of any identified attack surface points and zero taint flows is reassuring, but the past issues should not be ignored. Continued monitoring and prompt patching of any future vulnerabilities will be crucial for maintaining a secure implementation.

Key Concerns

History of medium severity vulnerabilities (2 CVEs)
External HTTP requests present
Some output not properly escaped (27%)

Vulnerabilities

Font Awesome Security Vulnerabilities

CVEs by Year

1 CVE in 2020

2020

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2022-4478medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Font Awesome <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Dec 22, 2022 Patched in 4.3.2 (397d)

WF-4783eff5-b7cf-4342-b762-85f745c38ec8-font-awesomemedium · 6.5Exposure of Sensitive Information Through Data Queries

Font Awesome 4.0.0-rc15 and 4.0.0-rc16 - API Token Exposure

Mar 11, 2020 Patched in 4.0.0-rc17 (1413d)

Code Analysis

Analyzed Mar 16, 2026

Font Awesome Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

73% escaped26 total outputs

Attack Surface

Font Awesome Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 26

actionenqueue_block_assetsblock-editor\font-awesome-icon-block-init.php:105

actionenqueue_block_editor_assetsblock-editor\font-awesome-icon-block-init.php:107

actionwp_initialize_sitefont-awesome-init.php:28

actioninitfont-awesome.php:126

actionadmin_noticesfont-awesome.php:209

actionadmin_noticesfont-awesome.php:216

actionenqueue_block_assetsincludes\class-fontawesome.php:416

actionrest_api_initincludes\class-fontawesome.php:762

actionrest_api_initincludes\class-fontawesome.php:769

actionrest_api_initincludes\class-fontawesome.php:776

actionrest_api_initincludes\class-fontawesome.php:783

actionadmin_menuincludes\class-fontawesome.php:1011

actionadmin_enqueue_scriptsincludes\class-fontawesome.php:1072

actionadmin_enqueue_scriptsincludes\class-fontawesome.php:1673

actionmedia_buttonsincludes\class-fontawesome.php:1761

actionafter_wp_tiny_mceincludes\class-fontawesome.php:1783

filtertiny_mce_before_initincludes\class-fontawesome.php:1797

filterscript_loader_tagincludes\class-fontawesome.php:2022

filterstyle_loader_tagincludes\class-fontawesome.php:2088

filterstyle_loader_tagincludes\class-fontawesome.php:2154

filterscript_loader_tagincludes\class-fontawesome.php:2190

filterscript_loader_tagincludes\class-fontawesome.php:2233

filterstyle_loader_tagincludes\class-fontawesome.php:2271

filterscript_loader_tagincludes\class-fontawesome.php:2298

actionadmin_noticesincludes\error-util.php:47

actionwp_print_scriptsincludes\error-util.php:60

Maintenance & Trust

Font Awesome Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 17, 2025

PHP min version7.4

Downloads5.7M

Community Trust

Rating72/100

Number of ratings61

Active installs400K

Alternatives

Font Awesome Alternatives

Shortcodes for Font Awesome

shortcodes-for-font-awesome

100

Generate inline HTML with Font Awesome icon libray by using shortcodes.

10 No CVEs

TomS Pretty List

toms-pretty-list

100

TomS Pretty List block is a feature list block that help you easily to make a beautiful list. Support Font icon and Svg icon.

0 No CVEs

Icon Element – Icon Pack for Elementor Page Builder (6718 icons)

icon-element

100

The ultimate icon-packs for elementor page builder.

40K No CVEs

WP Font Awesome

wp-font-awesome

This plugin allows you to easily embed Font Awesome icon to your site with simple shortcodes.

10K 2 CVEs

Custom Favicon – Easily Add a Favicon in WordPress

custom-favicon

100

Easily add a custom favicon and Apple touch icon to your WordPress site, including support for dark mode, SVG icons, and admin dashboard branding.

5K No CVEs

Developer Profile

Font Awesome Developer Profile

fontawesome

1 plugin · 400K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

905 days

View full developer profile

Detection Fingerprints

How We Detect Font Awesome

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/font-awesome/css/font-awesome.css

Script Paths

/wp-content/plugins/font-awesome/js/font-awesome.js

Version Parameters

font-awesome/css/font-awesome.css?ver=font-awesome/js/font-awesome.js?ver=

HTML / DOM Fingerprints

CSS Classes

fafasfarfalfab

JS Globals

FontAwesomeConfig

FAQ