Does Flag Icons have any unpatched vulnerabilities?

Yes — Flag Icons currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Flag Icons compatible with WordPress 5.8.13?

According to WordPress.org data, Flag Icons 2.2 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

How often is Flag Icons updated?

Flag Icons was last updated on Apr 10, 2022. Frequent updates are generally a positive security signal.

What is Flag Icons's security score?

Flag Icons has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Flag Icons Security & Risk Analysis

wordpress.org/plugins/language-icons-flags-switcher

Flags Icons Language Switcher.

4K active installs v2.2 PHP + WP 3.3+ Updated Apr 10, 2022

flagsiconslanguagemultisiteswitch

C · Use Caution

CVEs total1

Unpatched1

Last CVEMar 31, 2025

Plugin page Download

Safety Verdict

Is Flag Icons Safe to Use in 2026?

Use With Caution

Score 64/100

Flag Icons has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Mar 31, 2025Updated 3yr ago

Risk Assessment

The plugin "language-icons-flags-switcher" v2.2 exhibits a mixed security posture. While it boasts no critical or high severity vulnerabilities in its history and shows good practices in SQL query handling, there are significant concerns regarding output escaping. A concerning 0% of its 276 output operations are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of one unpatched medium severity CVE, also related to XSS, further exacerbates this risk. The lack of nonce checks and capability checks, combined with a single shortcode entry point (though reported as unprotected, the analysis suggests no unprotected entry points in the static analysis section), warrants careful attention. While the plugin has a clean record regarding dangerous functions and file operations, the widespread lack of output escaping and the existing unpatched vulnerability present a substantial risk that could be exploited by attackers to inject malicious code into websites using this plugin.

Key Concerns

Unpatched CVE (medium severity)
0% output escaping
No nonce checks
No capability checks

Vulnerabilities

Flag Icons Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31575medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Flag Icons <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 31, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Flag Icons Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

276

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped276 total outputs

Attack Surface

Flag Icons Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[flagicons] functionsfile.php:31

WordPress Hooks 5

actionwp_footerfunctionsfile.php:27

actionadmin_enqueue_scriptsfunctionsfile.php:110

actionwp_enqueue_scriptsfunctionsfile.php:122

actionadmin_menusettingsmenu.php:7

actionadmin_initsettingsmenu.php:9

Maintenance & Trust

Flag Icons Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedApr 10, 2022

PHP min version

Downloads63K

Community Trust

Rating98/100

Number of ratings20

Active installs4K

Alternatives

Flag Icons Alternatives

Multisite Language Switcher

multisite-language-switcher

100

A simple, powerful and easy-to-use plugin that will help you to manage multilingual content in a multisite WordPress installation.

4K No CVEs

Language Switcher for Transposh

language-switcher-for-transposh

A professional, highly customizable language switcher for Transposh. Requires Transposh Translation Filter plugin to be installed.

1K 1 CVE

MultilingualPress

multilingual-press

Create a fast translation network on WordPress multisite.

300 No CVEs

MslsMenu

mslsmenu

100

Adds the output of the Multisite Language Switcher to one (or more) of your navigation menu(s)

200 No CVEs

Simple Language Switcher

simple-language-switcher

A simple and lightweight plugin that displays a customizable language switcher.

200 No CVEs

Developer Profile

Flag Icons Developer Profile

Vasilis Triantafyllou

2 plugins · 4K total installs

trust score

Avg Security Score

75/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Flag Icons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/language-icons-flags-switcher/style.css

HTML / DOM Fingerprints

CSS Classes

op1op2op3op4op5op6op7op8+1 more

Shortcode Output

flagicons

FAQ