Does Themify Icons have any unpatched vulnerabilities?

No. All known vulnerabilities in Themify Icons have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Themify Icons compatible with WordPress 6.8.5?

According to WordPress.org data, Themify Icons 2.0.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Themify Icons compatible with PHP 7.2+?

Themify Icons requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Themify Icons updated?

Themify Icons was last updated on Aug 18, 2025. Frequent updates are generally a positive security signal.

What is Themify Icons's security score?

Themify Icons has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Themify Icons Security & Risk Analysis

wordpress.org/plugins/themify-icons

Nifty plugin that enables you to use the Themify Icons (https://themify.me/themify-icons) font on your site.

3K active installs v2.0.4 PHP 7.2+ WP 5.2+ Updated Aug 18, 2025

editorfonticonmenumenu-items

A · Safe

CVEs total2

Unpatched0

Last CVEAug 20, 2025

Plugin page Download

Safety Verdict

Is Themify Icons Safe to Use in 2026?

Generally Safe

Score 98/100

Themify Icons has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 20, 2025Updated 7mo ago

Risk Assessment

The Themify Icons plugin v2.0.4 exhibits a mixed security posture. The static analysis indicates several positive security practices, including the absence of dangerous functions, 100% of SQL queries utilizing prepared statements, and a commendable three capability checks in place. The limited attack surface, with all identified entry points having some form of authorization, is also a positive indicator. However, there are notable concerns. A significant portion of output (54%) is not properly escaped, creating a potential for Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks on AJAX handlers is a critical oversight, leaving these endpoints vulnerable to CSRF attacks.

The vulnerability history reveals a past of two medium-severity CVEs, both related to Cross-Site Scripting. While there are currently no unpatched vulnerabilities, the recurring nature of XSS issues suggests a potential weakness in the plugin's sanitization or output encoding practices. The last vulnerability being in 2025 is concerning as it implies the data might be from a future scan or there are unpatched vulnerabilities that haven't been publicly disclosed yet. Overall, while the plugin has strengths in its database interactions and some access control, the prevalent output escaping issues and the lack of nonce protection on AJAX handlers present significant security risks that require immediate attention.

Key Concerns

Significant unescaped output detected
Missing nonce checks on AJAX handlers
Previous medium severity XSS vulnerabilities

Vulnerabilities

Themify Icons Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-49395medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Themify Icons <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 20, 2025 Patched in 2.0.4 (7d)

CVE-2023-51693medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Themify Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 27, 2023 Patched in 2.0.2 (27d)

Code Analysis

Analyzed Mar 16, 2026

Themify Icons Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

46% escaped26 total outputs

Attack Surface

Themify Icons Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_ti_get_iconsincludes\admin.php:25

Shortcodes 1

[ti_icon] includes\shortcode.php:79

WordPress Hooks 19

actionadmin_menuincludes\admin.php:12

filterplugin_row_metaincludes\admin.php:37

actionwp_nav_menu_item_custom_fieldsincludes\menu-icons.php:33

actionwp_update_nav_menu_itemincludes\menu-icons.php:52

actiondelete_postincludes\menu-icons.php:64

filterthe_titleincludes\menu-icons.php:67

filterwp_nav_menu_argsincludes\menu-icons.php:70

filterwp_nav_menuincludes\menu-icons.php:79

actionadmin_print_styles-nav-menus.phpincludes\menu-icons.php:95

filtermce_external_pluginsincludes\tinymce.php:7

filtermce_buttonsincludes\tinymce.php:8

actionwp_enqueue_editorincludes\tinymce.php:9

actionprint_media_templatesincludes\tinymce.php:10

actionin_widget_formincludes\widget-icons.php:12

filterwidget_update_callbackincludes\widget-icons.php:18

filterdynamic_sidebar_paramsincludes\widget-icons.php:41

actionadmin_print_styles-widgets.phpincludes\widget-icons.php:48

actionwp_enqueue_scriptsinit.php:43

actioninitinit.php:67

Maintenance & Trust

Themify Icons Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 18, 2025

PHP min version7.2

Downloads55K

Community Trust

Rating0/100

Number of ratings0

Active installs3K

Alternatives

Themify Icons Alternatives

Missing Menu Items

missing-menu-items

Adds missing menu items into your Appearance menu in the WordPress admin area to make maneuvering to useful WordPress editor features easy.

100 No CVEs

Easy Symbols & Icons

easy-symbols-icons

100

A simple WordPress plugin to manage and use icon fonts via a block editor with easy font uploads and selection.

0 No CVEs

Enable Navigation Icons

enable-navigation-icons

100

Easily add icons to Navigation Block items in WordPress.

0 No CVEs

Precise Expressions Admin Menu Reorganizer Lite

precise-expressions-admin-menu-reorganizer-lite

100

Clean up and reorganize your WordPress and WooCommerce admin menus. Hide clutter, build custom rules, and simplify the dashboard instantly.

0 No CVEs

Font Awesome

font-awesome

The official way to use Font Awesome Free or Pro icons on your WordPress site, brought to you by the Font Awesome team.

400K 2 CVEs

Developer Profile

Themify Icons Developer Profile

themifyme

10 plugins · 140K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

145 days

View full developer profile

Detection Fingerprints

How We Detect Themify Icons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/themify-icons/assets/themify-icons/themify-icons.css/wp-content/plugins/themify-icons/assets/styles.css

Script Paths

/wp-content/plugins/themify-icons/assets/icon-picker.js

Version Parameters

themify-icons/assets/themify-icons/themify-icons.css?ver=themify-icons/assets/styles.css?ver=themify-icons/assets/icon-picker.js?ver=

HTML / DOM Fingerprints

CSS Classes

themify-menu-iconti_iconicon-lefticon-wrappedicon-wrapped-topicon-boxedicon-boxed-topbg-color-white+24 more

Data Attributes

data-target

JS Globals

themifyIconsPlugin

Shortcode Output

<span class="ti_icon<i class="themify-menu-icon <i class="

FAQ

Themify Icons Security & Risk Analysis

Is Themify Icons Safe to Use in 2026?

Generally Safe

Key Concerns

Themify Icons Security Vulnerabilities

CVEs by Year

Severity Breakdown

Themify Icons Code Analysis

Bundled Libraries

Output Escaping

Themify Icons Attack Surface

AJAX Handlers 1

Shortcodes 1

Themify Icons Maintenance & Trust

Maintenance Signals

Community Trust

Themify Icons Alternatives

Missing Menu Items

Easy Symbols & Icons

Enable Navigation Icons

Precise Expressions Admin Menu Reorganizer Lite

Font Awesome

Themify Icons Developer Profile

How We Detect Themify Icons

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Themify Icons