WP-Safety

Admin Custom Font Security & Risk Analysis

wordpress.org/plugins/admin-custom-font

Admin Custom Font plugin allows you to replace default/factory font in WordPress Admin Dashboard with hundreds of different Google Fonts.

1K active installs v2.5.2 PHP 5.3+ WP 4.6+ Updated Mar 30, 2023
admincustomfontgoogleopensans
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Admin Custom Font Safe to Use in 2026?

Generally Safe

Score 85/100

Admin Custom Font has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "admin-custom-font" v2.5.2 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any identified CVEs, combined with robust use of prepared statements for SQL queries and the presence of nonce and capability checks, indicates a development team that is mindful of security best practices. The limited attack surface and lack of complex code signals like external HTTP requests or file operations further contribute to its perceived safety.

However, a significant concern arises from the complete lack of output escaping. With 4 total outputs analyzed and 0% properly escaped, this presents a considerable risk. Any user-supplied data that is reflected back to the browser without proper sanitization could lead to cross-site scripting (XSS) vulnerabilities. While taint analysis did not reveal immediate exploitable flows, the unescaped output is a serious weakness that could be exploited in conjunction with other factors. The plugin's vulnerability history is clean, but this doesn't negate the immediate risks identified in the code analysis.

In conclusion, while "admin-custom-font" v2.5.2 benefits from a clean vulnerability history and good general coding practices like prepared statements and permission checks, the critical flaw of unescaped output introduces a significant security risk. This oversight needs to be addressed to prevent potential XSS attacks.

Key Concerns

  • Output escaping is not implemented
Vulnerabilities
None known

Admin Custom Font Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Admin Custom Font Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
0 escaped
Nonce Checks
1
Capability Checks
3
File Operations
3
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped4 total outputs
Attack Surface

Admin Custom Font Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionplugins_loadedadmin-custom-font.php:63
actionplugins_loadedadmin-custom-font.php:173
actionadmin_menuadmin-custom-font.php:181
actionadmin_enqueue_scriptsadmin-custom-font.php:466
actionlogin_enqueue_scriptsadmin-custom-font.php:474
actionwp_enqueue_scriptsadmin-custom-font.php:482
Maintenance & Trust

Admin Custom Font Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedMar 30, 2023
PHP min version5.3
Downloads22K

Community Trust

Rating90/100
Number of ratings13
Active installs1K
Alternatives

Admin Custom Font Alternatives

WP Scripts Customizer

WP Scripts Customizer

wp-scripts-customizer

A
85

WP Scripts Customizer allows to enter scripts you would like output to head and footer of your WordPress theme page via WordPress Theme customizer.

10 No CVEs
Custom Fonts – Host Your Fonts Locally

Custom Fonts – Host Your Fonts Locally

custom-fonts

A
98

Custom Fonts is a powerful WordPress plugin that allows you to upload your own custom fonts or choose from a vast collection of Google Fonts, all host …

300K 2 CVEs
Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts

Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts

olympus-google-fonts

A
98

The easiest to customize fonts in WordPress. Optimized for Speed. 1000+ font choices. Supports Google Fonts, Adobe Fonts and Upload Fonts.

200K 3 CVEs
Use Any Font | Custom Font Uploader

Use Any Font | Custom Font Uploader

use-any-font

A
97

Upload custom fonts with custom font uploader. Auto converts to woff2 for better performance. Self-hosted, GDPR compliant, and easy custom font plugin

200K 4 CVEs
Microthemer Lite – Visual Editor to Customize CSS

Microthemer Lite – Visual Editor to Customize CSS

microthemer

A
100

A visual editor to customize the CSS styling of anything on your site - from Google fonts to responsive layouts.

10K No CVEs
Developer Profile

Admin Custom Font Developer Profile

Darko A7

1 plugin · 1K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Admin Custom Font

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admin-custom-font/css/admin-custom-font.css/wp-content/plugins/admin-custom-font/css/admin-custom-font-login.css/wp-content/plugins/admin-custom-font/css/admin-custom-font-toolbar.css

HTML / DOM Fingerprints

CSS Classes
admin-custom-font-settings
HTML Comments
<!-- Direct Access Forbidden --><!-- UTILITY SECTION --><!-- UPGRADE --><!-- INSTALL -->+4 more
Data Attributes
name="admin_custom_font_nonce_input_txt"name="admin_custom_font_family_option"name="admin_custom_font_size_option"name="admin_custom_font_weight_option"id="adminmenu span.awaiting-mod > span.plugin-count"id="adminmenu span.update-plugins > span.plugin-count"
JS Globals
admin_custom_font_compile_cssadmin_custom_font_clear_cssadmin_custom_font_updateadmin_custom_font_activateadmin_custom_font_uninstalladmin_custom_font_language_init+2 more
FAQ

Frequently Asked Questions about Admin Custom Font