WP-Safety

Easy Category Icons Security & Risk Analysis

wordpress.org/plugins/templatic-categoryicons

The Templatic Category Icons plugin adds the ability for your theme to be able to show a category icon in the sidebar and before the category title in …

700 active installs v1.0.1 PHP + WP 3.5+ Updated Oct 27, 2018
category-iconcategory-titletemplatic
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Easy Category Icons Safe to Use in 2026?

Generally Safe

Score 85/100

Easy Category Icons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The 'templatic-categoryicons' plugin, version 1.0.1, exhibits several concerning security practices despite a clean vulnerability history. The static analysis reveals a significant attack surface concentrated in a single AJAX handler that lacks authentication checks. This immediately presents a critical risk, as any unauthenticated user could potentially interact with this endpoint. Furthermore, the taint analysis indicates two flows with unsanitized paths, classified as high severity. This suggests that data entering the plugin through these paths might not be properly validated or cleaned, potentially leading to vulnerabilities like cross-site scripting (XSS) or SQL injection if not handled carefully elsewhere. While the plugin has no recorded CVEs, this lack of history does not negate the clear risks identified in the current code. The plugin also struggles with output escaping, with a substantial percentage of outputs not being properly escaped, increasing the likelihood of XSS vulnerabilities. The absence of nonce checks and capability checks on the unprotected AJAX handler further exacerbates the risk. Overall, the plugin has a weak security posture due to critical vulnerabilities identified in its current code, outweighing its historical absence of reported vulnerabilities.

Key Concerns

  • AJAX handler without authentication
  • High severity unsanitized taint flows
  • Low percentage of properly escaped output
  • No nonce checks
  • No capability checks
  • SQL queries not fully using prepared statements
Vulnerabilities
None known

Easy Category Icons Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Easy Category Icons Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
2 prepared
Unescaped Output
10
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

33% prepared6 total queries

Output Escaping

38% escaped16 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
templ_save_iconfield (templatic_category_icons.php:274)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Easy Category Icons Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_templ_new_icontemplatic_category_icons.php:68
WordPress Hooks 10
actionadmin_noticestemplatic_category_icons.php:21
actionwp_headtemplatic_category_icons.php:31
actionadmin_headtemplatic_category_icons.php:32
actionadmin_inittemplatic_category_icons.php:48
actionadmin_inittemplatic_category_icons.php:51
filterget_the_archive_titletemplatic_category_icons.php:337
filtersingle_term_titletemplatic_category_icons.php:338
filterdocument_title_partstemplatic_category_icons.php:340
filterbreadcrumb_trail_itemstemplatic_category_icons.php:341
filterlist_catstemplatic_category_icons.php:386
Maintenance & Trust

Easy Category Icons Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedOct 27, 2018
PHP min version
Downloads20K

Community Trust

Rating52/100
Number of ratings10
Active installs700
Alternatives

Easy Category Icons Alternatives

Custom Post Template By Templatic

Custom Post Template By Templatic

templatic-singletemplate

A
85

The Templatic Single Template plugin provides the ability for your theme to include " Post Templates " in much the same way you add " P …

600 No CVEs
Post Badges

Post Badges

templatic-badge

A
85

The Templatic Badge plugins add the ability to add badges and it's respective colour you wants to show in front end.

400 No CVEs
WP Custom Category Meta

WP Custom Category Meta

wp-custom-category-meta

A
85

Allow you to add custom meta tags and title for category.

100 No CVEs
No Category Title

No Category Title

no-category-title

A
85

Removes "Category:" string form category title

30 No CVEs
Category List Icon

Category List Icon

category-list-icon

A
85

Display category icon on list.

10 No CVEs
Developer Profile

Easy Category Icons Developer Profile

templatic1

6 plugins · 2K total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Easy Category Icons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/templatic-categoryicons/css/templatic_category_icons.css/wp-content/plugins/templatic-categoryicons/js/templatic_category_icons.js
Script Paths
https://use.fontawesome.com/598b3d998a.js
Version Parameters
templatic-categoryicons/css/templatic_category_icons.css?ver=templatic-categoryicons/js/templatic_category_icons.js?ver=

HTML / DOM Fingerprints

CSS Classes
templ_icon_buttontempl_remove
Data Attributes
name="templ_select_icon_type"id="templ_select_icon_type_image"id="templ_select_icon_type_awesome"id="templ_icon_type_image"id="templ_preview_img"name="templ_icon_img"+4 more
JS Globals
ajax_object
FAQ

Frequently Asked Questions about Easy Category Icons