WP-Safety

SVG Icons Security & Risk Analysis

wordpress.org/plugins/shp-icon

This plugin allows you to use SVG icons within WordPress as shortcode and/or as Gutenberg Block and adds SVG support with the SVG-Sanitizer library.

300 active installs v1.2.2 PHP 8.1+ WP 6.1.7+ Updated May 26, 2025
iconssvg
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SVG Icons Safe to Use in 2026?

Generally Safe

Score 100/100

SVG Icons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago
Risk Assessment

The "shp-icon" v1.2.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and a high percentage of properly escaped output. There are also no known vulnerabilities (CVEs) associated with this plugin, suggesting a relatively stable history. However, significant concerns arise from its attack surface. The presence of two AJAX handlers, both lacking authentication checks, presents a direct pathway for potential unauthorized actions. Furthermore, the taint analysis reveals three flows with unsanitized paths, which, while not flagged as critical or high severity in this specific analysis, still represent a potential risk for injection vulnerabilities if input is not meticulously handled downstream. The absence of capability checks on entry points is also a notable weakness.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • No capability checks on entry points
  • Nonce checks present but limited
Vulnerabilities
None known

SVG Icons Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

SVG Icons Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
24
155 escaped
Nonce Checks
1
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
0

Output Escaping

87% escaped179 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
upload (src\Package\Upload.php:63)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

SVG Icons Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_shp_icon_push_iconsrc\Package\Upload.php:38
noprivwp_ajax_shp_icon_push_iconsrc\Package\Upload.php:39
WordPress Hooks 15
actionplugins_loadedshp-icon.php:78
actioninitsrc\Block\Icon.php:24
actioninitsrc\Package\Assets.php:23
actionadmin_enqueue_scriptssrc\Package\Assets.php:25
actionenqueue_block_editor_assetssrc\Package\Assets.php:26
actioninitsrc\Package\Assets.php:53
actioninitsrc\Package\Assets.php:68
actioninitsrc\Package\OptionsPage.php:32
actionadmin_menusrc\Package\OptionsPage.php:72
actionadmin_initsrc\Package\OptionsPage.php:73
filterupload_dirsrc\Package\Upload.php:169
actioninitsrc\Plugin.php:102
filterupload_mimessrc\Plugin.php:144
filterwp_handle_upload_prefiltersrc\Plugin.php:145
actionrest_api_initsrc\Plugin.php:148
Maintenance & Trust

SVG Icons Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 26, 2025
PHP min version8.1
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs300
Alternatives

SVG Icons Alternatives

Popular Brand Icons – Simple Icons

Popular Brand Icons – Simple Icons

simple-icons

C
63

An easy to use lightweight SVG icons plugin with over 1500+ brand icons. Use these icons in your menus, widgets, posts, or pages.

3K 1 unpatched
WP and Divi Icons

WP and Divi Icons

wp-and-divi-icons

A
92

Add 660+ optimized, scalable SVG icons for your WordPress site. Use them anywhere and easily customize their color and size to suit your needs.

2K No CVEs
Hugeicons

Hugeicons

hugeicons

A
100

Add beautiful Hugeicons to your WordPress site with an easy-to-use icon picker for both classic and block editors.

100 No CVEs
Omni Icon – Modern SVG icon library for WordPress

Omni Icon – Modern SVG icon library for WordPress

omni-icon

A
100

A modern SVG icon library for WordPress with support for custom uploads and 200,000+ Iconify icons across block editor, page builders, and themes.

90 No CVEs
Spectre Icons

Spectre Icons

spectre-icons

A
100

Curated SVG icon libraries for Elementor with fast manifests, inline rendering, and color controls.

70 No CVEs
Developer Profile

SVG Icons Developer Profile

joelmelon

3 plugins · 320 total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SVG Icons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shp-icon/assets/gutenberg/blocks.js/wp-content/plugins/shp-icon/assets/scripts/admin.js/wp-content/plugins/shp-icon/assets/scripts/ui.js/wp-content/plugins/shp-icon/assets/styles/ui.css/wp-content/plugins/shp-icon/assets/styles/admin.css
Script Paths
/wp-content/plugins/shp-icon/assets/gutenberg/blocks.js/wp-content/plugins/shp-icon/assets/scripts/admin.js/wp-content/plugins/shp-icon/assets/scripts/ui.js
Version Parameters
/wp-content/plugins/shp-icon/assets/gutenberg/blocks.js?ver=/wp-content/plugins/shp-icon/assets/scripts/admin.js?ver=/wp-content/plugins/shp-icon/assets/scripts/ui.js?ver=/wp-content/plugins/shp-icon/assets/styles/ui.css?ver=/wp-content/plugins/shp-icon/assets/styles/admin.css?ver=

HTML / DOM Fingerprints

JS Globals
window.shp_icon_data
FAQ

Frequently Asked Questions about SVG Icons