WP-Safety

WP Fontallic Easypromoweb Security & Risk Analysis

wordpress.org/plugins/wp-fontallic-easypromoweb

Font Awesome Icons and more in the visual editor with filter-search and rich content editing at your fingertips

60 active installs v1.2 PHP 5.2.4+ WP 3.0.1+ Updated Oct 12, 2019
font-awesomefontallicfontelicoshortcode-font-awesomewp-fontallic
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Fontallic Easypromoweb Safe to Use in 2026?

Generally Safe

Score 85/100

WP Fontallic Easypromoweb has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The plugin 'wp-fontallic-easypromoweb' v1.2 presents a mixed security posture. On the positive side, static analysis reveals no dangerous functions, no direct SQL queries (all use prepared statements), no file operations, and no external HTTP requests. The attack surface is small, with only two entry points (shortcodes) and no unprotected AJAX handlers or REST API routes. Furthermore, there is no known vulnerability history, indicating a potentially well-maintained and secure plugin over time.

However, several concerning patterns emerge from the static analysis. The most significant concern is the complete absence of nonce checks and capability checks. This means that the functionality exposed through the shortcodes could potentially be triggered by any user, regardless of their logged-in status or permissions, if they can be tricked into visiting a page containing the shortcode. Additionally, the output escaping is only 57% proper, leaving a substantial portion of output potentially vulnerable to cross-site scripting (XSS) attacks if the plugin handles user-provided data within its shortcode output. The lack of taint analysis results is also notable; while it could indicate no issues were found, it's more likely that the analysis tools did not fully cover the plugin's code paths. Without these checks, the effectiveness of the plugin's security relies heavily on the specific implementation within the shortcodes, which cannot be fully assessed from the provided data.

In conclusion, while the plugin has strong foundations with its avoidance of common dangerous practices like raw SQL and external requests, the critical lack of nonce and capability checks, coupled with significant unescaped output, introduces considerable risk. The absence of historical vulnerabilities is a positive sign but does not mitigate the present security gaps. The plugin is recommended for use with extreme caution and ideally should be updated to include proper authorization and output sanitization.

Key Concerns

  • No nonce checks found
  • No capability checks found
  • Low percentage of properly escaped output
Vulnerabilities
None known

WP Fontallic Easypromoweb Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Fontallic Easypromoweb Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

57% escaped7 total outputs
Attack Surface

WP Fontallic Easypromoweb Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[iconepw] wp-fontallic-easypromoweb.php:170
[iconfa] wp-fontallic-easypromoweb.php:199
WordPress Hooks 18
actionadmin_menuepw-options.php:22
actionadmin_initepw-options.php:128
actionadmin_print_styles-settings_page_epw_plugin_optionsepw-options.php:205
filterstyle_loader_srcwp-fontallic-easypromoweb.php:122
filterscript_loader_srcwp-fontallic-easypromoweb.php:123
filterstyle_loader_srcwp-fontallic-easypromoweb.php:124
filterscript_loader_srcwp-fontallic-easypromoweb.php:125
filterthe_generatorwp-fontallic-easypromoweb.php:130
actionedit_form_after_titlewp-fontallic-easypromoweb.php:281
actionedit_form_after_titlewp-fontallic-easypromoweb.php:282
actionmedia_buttonswp-fontallic-easypromoweb.php:283
filtermce_csswp-fontallic-easypromoweb.php:284
filtermce_buttons_3wp-fontallic-easypromoweb.php:285
filtertiny_mce_before_initwp-fontallic-easypromoweb.php:286
filterwidget_textwp-fontallic-easypromoweb.php:287
actionadmin_headwp-fontallic-easypromoweb.php:308
actionadmin_headwp-fontallic-easypromoweb.php:309
actionwp_enqueue_scriptswp-fontallic-easypromoweb.php:310
Maintenance & Trust

WP Fontallic Easypromoweb Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedOct 12, 2019
PHP min version5.2.4
Downloads6K

Community Trust

Rating100/100
Number of ratings3
Active installs60
Alternatives

WP Fontallic Easypromoweb Alternatives

Ultimate Icon Shortcodes – LITE

Ultimate Icon Shortcodes – LITE

ultimate-icon-shortcodes

A
85

This plugin will add a small button to your post / page editor, clicking on that will bring up our visual icon selector. Choose the icon you want and …

10 No CVEs
Advanced Custom Fields: Font Awesome Field

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

A
99

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE
WP Font Awesome

WP Font Awesome

wp-font-awesome

A
91

This plugin allows you to easily embed Font Awesome icon to your site with simple shortcodes.

10K 2 CVEs
JVM Rich Text Icons

JVM Rich Text Icons

jvm-rich-text-icons

A
98

Insert icons anywhere in your content — inline in text, headings, buttons, or as a standalone block.

3K 2 CVEs
Block for Font Awesome

Block for Font Awesome

block-for-font-awesome

A
99

Display a Font Awesome 5, Font Awesome 6, Font Awesome 7 or Font Awesome kit icon in a Gutenberg block or a custom HTML block.

1K 2 CVEs
Developer Profile

WP Fontallic Easypromoweb Developer Profile

danichimc

1 plugin · 60 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Fontallic Easypromoweb

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-fontallic-easypromoweb/css/fontello/css/fontello.css/wp-content/plugins/wp-fontallic-easypromoweb/css/fontello/css/fontello-codes.css/wp-content/plugins/wp-fontallic-easypromoweb/css/fontello/css/fontello-embedded.css/wp-content/plugins/wp-fontallic-easypromoweb/css/fontello/css/fontello-ie7-codes.css/wp-content/plugins/wp-fontallic-easypromoweb/css/fontello/css/fontello-ie7.css/wp-content/plugins/wp-fontallic-easypromoweb/css/fontello/css/fontello-ie7-codes.css/wp-content/plugins/wp-fontallic-easypromoweb/css/fontello/css/fontello-ie7.css/wp-content/plugins/wp-fontallic-easypromoweb/css/fontello/fontello.ttf+4 more
Script Paths
/wp-content/plugins/wp-fontallic-easypromoweb/js/wp-fontallic.js/wp-content/plugins/wp-fontallic-easypromoweb/js/wp-fontallic-script.js
Version Parameters
wp-fontallic-easypromoweb/css/fontello/css/fontello.css?ver=wp-fontallic-easypromoweb/js/wp-fontallic.js?ver=wp-fontallic-easypromoweb/js/wp-fontallic-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
easypromoweb-icon-animate-spin
HTML Comments
LineconsTypiconsFontelicoEntypo+9 more
Data Attributes
data-fontallic-id
JS Globals
wpFontallicwpFontallicOpt
Shortcode Output
<i class="easypromoweb-icon-<i class="fa fa-
FAQ

Frequently Asked Questions about WP Fontallic Easypromoweb