EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading Security & Risk Analysis

wordpress.org/plugins/easyfonts

Host Google Fonts locally to speed up your site, improve Core Web Vitals, and ensure GDPR compliance. A lightweight (35KB), zero-config plugin.

1K active installs v1.3.0 PHP 7.4+ WP 5.0+ Updated Apr 12, 2026
core-web-vitalsdisable-google-fontsgdprgoogle-fontslocal-google-fonts
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 9, 2025
Safety Verdict

Is EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading Safe to Use in 2026?

Generally Safe

Score 99/100

EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 9, 2025Updated 3mo ago
Risk Assessment

The "easyfonts" plugin v1.2.0 exhibits a mixed security posture. On the positive side, the static analysis reveals no identified critical or high-severity taint flows, no dangerous functions used, and SQL queries are consistently prepared. Furthermore, the plugin demonstrates some awareness of security by including a nonce check and a capability check, which are good practices. However, there are areas for improvement. The output escaping is only at 67%, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities if the unescaped outputs are user-controlled or rendered in sensitive contexts. The presence of file operations and external HTTP requests, while not inherently insecure, warrant careful review for any potential misconfigurations or vulnerabilities that could be exploited.

The vulnerability history, though showing no currently unpatched CVEs, highlights a past medium-severity Cross-Site Request Forgery (CSRF) vulnerability. This indicates that the plugin has had security flaws in the past, suggesting a need for ongoing vigilance and rigorous testing. While the current version seems to have addressed past issues, the history itself is a signal that the plugin's security track record is not entirely clean. Overall, "easyfonts" v1.2.0 has some commendable security features but has weaknesses in output escaping and a history of past vulnerabilities that warrant attention.

Key Concerns

  • Output escaping is not comprehensive
  • Past medium severity vulnerability recorded
Vulnerabilities
1 published

EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31005medium · 4.3Cross-Site Request Forgery (CSRF)

Easyfonts <= 1.1.2 - Cross-Site Request Forgery

Apr 9, 2025 Patched in 1.1.3 (7d)
Version History

EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading Release Timeline

v1.3
v1.2
v1.1.4
v1.1.3
v1.1.21 CVE
v1.1.11 CVE
v1.1.01 CVE
v1.0.41 CVE
v1.0.31 CVE
v1.0.21 CVE
v1.0.11 CVE
v1.0.01 CVE
Code Analysis
Analyzed Mar 16, 2026

EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
10 escaped
Nonce Checks
1
Capability Checks
1
File Operations
7
External Requests
2
Bundled Libraries
0

Output Escaping

67% escaped15 total outputs
Attack Surface

EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionplugins_loadedeasyfonts.php:34
actiontemplate_redirecteasyfonts.php:35
actionadmin_enqueue_scriptseasyfonts.php:36
filterwordpress_prepare_outputeasyfonts.php:63
filtergroovy_menu_final_outputeasyfonts.php:64
actionadmin_noticesinc\notices.php:18
actionadmin_menuinc\options.php:9
actionadmin_initinc\options.php:10
actionadmin_enqueue_scriptsinc\options.php:11
Maintenance & Trust

EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 12, 2026
PHP min version7.4
Downloads10K

Community Trust

Rating100/100
Number of ratings6
Active installs1K
Developer Profile

EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading Developer Profile

Uzair

4 plugins · 2K total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easyfonts/inc/options.css/wp-content/plugins/easyfonts/inc/notices.css
Script Paths
/wp-content/plugins/easyfonts/inc/options.js
Version Parameters
/wp-content/plugins/easyfonts/inc/options.css?ver=/wp-content/plugins/easyfonts/inc/notices.css?ver=/wp-content/plugins/easyfonts/inc/options.js?ver=

HTML / DOM Fingerprints

CSS Classes
easyfonts-optionseasyfonts-notice
JS Globals
easyfonts_ajax_object
FAQ

Frequently Asked Questions about EasyFonts – Host Google Fonts Locally, GDPR Compliant, Faster Loading