WP-Safety

Omni Icon – Modern SVG icon library for WordPress Security & Risk Analysis

wordpress.org/plugins/omni-icon

A modern SVG icon library for WordPress with support for custom uploads and 200,000+ Iconify icons across block editor, page builders, and themes.

90 active installs v0.0.16 PHP 8.1+ WP 6.0+ Updated Mar 12, 2026
gutenbergicon-blockiconifyiconssvg
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Omni Icon – Modern SVG icon library for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Omni Icon – Modern SVG icon library for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The "omni-icon" v0.0.16 plugin exhibits a generally positive security posture with no known vulnerabilities or critical taint flows reported. The absence of external HTTP requests, SQL injection risks due to prepared statements, and a clean vulnerability history are strong indicators of good security practices in its development. However, the static analysis reveals significant concerns that temper this positive outlook. The presence of 23 "dangerous functions," specifically "assert," is a major red flag, suggesting potential for unintended behavior or denial-of-service vulnerabilities if not handled with extreme care. Furthermore, the lack of any nonce checks, coupled with only two capability checks and no explicit permission callbacks for its entry points (though there are no apparent entry points detected in this analysis), creates a potential blind spot for authorization. While the output escaping rate is reasonably good at 67%, the remaining 33% could still pose a risk for cross-site scripting (XSS) vulnerabilities if sensitive data is outputted without proper sanitization. The plugin's attack surface appears to be zero, which is excellent, but this could also mean that the plugin's core functionality is not exposed in a way that would trigger more thorough analysis in the provided metrics.

Key Concerns

  • Presence of dangerous functions (assert)
  • Missing nonce checks
  • Low number of capability checks
  • Unescaped output (33% of outputs)
Vulnerabilities
None known

Omni Icon – Modern SVG icon library for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Omni Icon – Modern SVG icon library for WordPress Code Analysis

Dangerous Functions
23
Raw SQL Queries
0
0 prepared
Unescaped Output
19
39 escaped
Nonce Checks
0
Capability Checks
2
File Operations
12
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

assertassert(is_string($data['className']));src\Core\Discovery\CommandDiscovery.php:65
assertassert(is_string($data['name']));src\Core\Discovery\CommandDiscovery.php:66
assertassert(is_string($data['description']));src\Core\Discovery\CommandDiscovery.php:67
assertassert(is_array($data['aliases']));src\Core\Discovery\CommandDiscovery.php:68
assertassert(is_string($data['synopsis']) || $data['synopsis'] === null);src\Core\Discovery\CommandDiscovery.php:69
assertassert(is_string($data['when']) || $data['when'] === null);src\Core\Discovery\CommandDiscovery.php:70
assertassert(is_string($data['type']));src\Core\Discovery\CommandDiscovery.php:71
assertassert(is_string($data['method']));src\Core\Discovery\CommandDiscovery.php:72
assertassert(is_object($instance));src\Core\Discovery\CommandDiscovery.php:96
assertassert(is_string($alias));src\Core\Discovery\CommandDiscovery.php:115
assertassert(is_string($data['className']));src\Core\Discovery\HookDiscovery.php:86
assertassert(is_string($data['methodName']));src\Core\Discovery\HookDiscovery.php:87
assertassert(is_string($data['hook']));src\Core\Discovery\HookDiscovery.php:88
assertassert(is_int($data['priority']));src\Core\Discovery\HookDiscovery.php:89
assertassert(is_int($data['acceptedArgs']));src\Core\Discovery\HookDiscovery.php:90
assertassert(is_callable($callback));src\Core\Discovery\HookDiscovery.php:107
assertassert(is_object($instance));src\Core\Discovery\HookDiscovery.php:122
assertassert(is_callable($callback));src\Core\Discovery\HookDiscovery.php:124
assertassert(is_string($data['className']));src\Core\Discovery\ServiceDiscovery.php:42
assertassert(is_string($data['serviceId']));src\Core\Discovery\ServiceDiscovery.php:43
assertassert(is_array($data['tags']));src\Core\Discovery\ServiceDiscovery.php:53
assertassert(is_string($tag));src\Core\Discovery\ServiceDiscovery.php:55
assertassert(is_string($data['alias']));src\Core\Discovery\ServiceDiscovery.php:59

Output Escaping

67% escaped58 total outputs
Attack Surface

Omni Icon – Modern SVG icon library for WordPress Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionadmin_enqueue_scriptssrc\Admin\AdminPage.php:50
filterrest_pre_serve_requestsrc\Api\IconController.php:66
actionrest_api_initsrc\Core\Discovery\ControllerDiscovery.php:64
actionadmin_headsrc\Integration\Gutenberg\BlocksService.php:39
actioninitsrc\Plugin.php:124
actionplugins_loadedsrc\Plugin.php:125
Maintenance & Trust

Omni Icon – Modern SVG icon library for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version8.1
Downloads778

Community Trust

Rating100/100
Number of ratings2
Active installs90
Alternatives

Omni Icon – Modern SVG icon library for WordPress Alternatives

JVM Rich Text Icons

JVM Rich Text Icons

jvm-rich-text-icons

A
98

Insert icons anywhere in your content — inline in text, headings, buttons, or as a standalone block.

3K 2 CVEs
SVG Block for Dashicons by RotiStudio

SVG Block for Dashicons by RotiStudio

svg-block-for-dashicon-rotistudio

A
100

Adds a native Gutenberg block for inserting 334 WordPress Dashicons as inline SVG — fast, lightweight, and fully customizable.

0 No CVEs
The Icon Block

The Icon Block

icon-block

A
100

Easily add SVG icons and graphics to the WordPress block editor.

30K No CVEs
Popular Brand Icons – Simple Icons

Popular Brand Icons – Simple Icons

simple-icons

C
63

An easy to use lightweight SVG icons plugin with over 1500+ brand icons. Use these icons in your menus, widgets, posts, or pages.

3K 1 unpatched
WP and Divi Icons

WP and Divi Icons

wp-and-divi-icons

A
92

Add 660+ optimized, scalable SVG icons for your WordPress site. Use them anywhere and easily customize their color and size to suit your needs.

2K No CVEs
Developer Profile

Omni Icon – Modern SVG icon library for WordPress Developer Profile

Sua

3 plugins · 8K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Omni Icon – Modern SVG icon library for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/omni-icon/resources/webcomponents/omni-icon.ts/wp-content/plugins/omni-icon/resources/integration/gutenberg/blocks/icon-block/editor.css/wp-content/plugins/omni-icon/resources/integration/bricks/editor.ts/wp-content/plugins/omni-icon/resources/integration/etch/editor.ts
Script Paths
/wp-content/plugins/omni-icon/vendor/autoload.php/wp-content/plugins/omni-icon/vendor/scoper-autoload.php
Version Parameters
omni-icon/resources/webcomponents/omni-icon.ts?ver=omni-icon/resources/integration/gutenberg/blocks/icon-block/editor.css?ver=omni-icon/resources/integration/bricks/editor.ts?ver=omni-icon/resources/integration/etch/editor.ts?ver=

HTML / DOM Fingerprints

CSS Classes
omni-icon-editor-wrapper
Data Attributes
lc-helper="omni-icon"omni-icon-name
JS Globals
window.omniIconEtch
REST Endpoints
/wp-json/omni-icon/v1/icons
Shortcode Output
<omni-icon<omni-icon name="omni:livecanvas"
FAQ

Frequently Asked Questions about Omni Icon – Modern SVG icon library for WordPress