Embed Google Fonts Security & Risk Analysis

wordpress.org/plugins/embed-google-fonts

Embed Google Fonts tries to automatically replace registered Google Fonts from themes and plugin with local versions, directly loaded from your own se …

6K active installs v3.1.1 PHP 8.0+ WP 6.5.2+ Updated May 2, 2024
embedgdprgoogle-fonts
85
A · Safe
CVEs total1
Unpatched0
Last CVEApr 29, 2024
Safety Verdict

Is Embed Google Fonts Safe to Use in 2026?

Generally Safe

Score 85/100

Embed Google Fonts has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 29, 2024Updated 2yr ago
Risk Assessment

The 'embed-google-fonts' plugin, version 3.1.1, exhibits a generally good security posture with several positive indicators. The complete absence of raw SQL queries and the use of prepared statements for all database interactions is a significant strength. The plugin also demonstrates good practice by including nonce checks and capability checks for its single AJAX entry point, and all REST API routes have permission callbacks. Taint analysis shows no identified vulnerabilities, which is promising. However, the relatively low percentage of properly escaped output (38%) raises a concern. This suggests a potential for cross-site scripting (XSS) vulnerabilities, particularly if user-supplied data is being outputted without sufficient sanitization. Furthermore, the plugin has a history of known vulnerabilities, including a medium-severity one discovered as recently as April 2024. While this vulnerability is currently patched, it indicates a past tendency for security flaws and warrants continued vigilance. The presence of file operations and external HTTP requests, while not inherently risky, are areas that should be carefully scrutinized for any potential misconfigurations or vulnerabilities.

Key Concerns

  • Output escaping is not consistently applied
  • Known vulnerability in history (medium severity)
Vulnerabilities
1 published

Embed Google Fonts Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-33925medium · 4.3Missing Authorization

Embed Google Fonts <= 3.1.0 - Missing Authorization

Apr 29, 2024 Patched in 3.1.1 (669d)
Version History

Embed Google Fonts Release Timeline

v3.1.1Current
v3.1.01 CVE
v3.0.21 CVE
v2.3.11 CVE
v2.2.41 CVE
v2.2.11 CVE
v2.1.11 CVE
v2.0.61 CVE
Code Analysis
Analyzed Mar 16, 2026

Embed Google Fonts Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
8
5 escaped
Nonce Checks
1
Capability Checks
1
File Operations
5
External Requests
2
Bundled Libraries
0

Output Escaping

38% escaped13 total outputs
Attack Surface

Embed Google Fonts Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_embed_google_fonts_copy_filesincludes\class.embed-google-fonts-administration.php:5
WordPress Hooks 10
filterplugin_row_metaincludes\class.embed-google-fonts-administration.php:6
actionwp_enqueue_scriptsincludes\class.embed-google-fonts-proxy.php:6
actionwp_print_stylesincludes\class.embed-google-fonts-proxy.php:7
actionwpfc_delete_cacheincludes\class.embed-google-fonts-proxy.php:9
actionafter_rocket_clean_domainincludes\class.embed-google-fonts-proxy.php:10
filterembed_google_fonts_get_slugincludes\class.embed-google-fonts-proxy.php:12
filterembed_google_fonts_get_handleincludes\class.embed-google-fonts-proxy.php:13
filterembed_google_fonts_get_base_directoryincludes\class.embed-google-fonts-proxy.php:14
filterembed_google_fonts_get_local_base_directoryincludes\class.embed-google-fonts-proxy.php:15
filterembed_google_fonts_get_local_urlincludes\class.embed-google-fonts-proxy.php:16
Maintenance & Trust

Embed Google Fonts Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 2, 2024
PHP min version8.0
Downloads51K

Community Trust

Rating100/100
Number of ratings12
Active installs6K
Developer Profile

Embed Google Fonts Developer Profile

Adrian Mörchen

3 plugins · 6K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
669 days
View full developer profile
Detection Fingerprints

How We Detect Embed Google Fonts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/embed-google-fonts/includes/css/frontend.css/wp-content/plugins/embed-google-fonts/includes/js/frontend.js
Script Paths
/wp-content/plugins/embed-google-fonts/includes/js/frontend.js
Version Parameters
embed-google-fonts/includes/css/frontend.css?ver=embed-google-fonts/includes/js/frontend.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Embed Google Fonts