WP-Safety

Fonts Manager – Local Hosting for Google Fonts Security & Risk Analysis

wordpress.org/plugins/fonts-manager

Fonts Manager is a WordPress plugin that enables you to host Google Fonts locally, optimizing the performance and privacy of your website.

0 active installs v1.0.0 PHP 7.2+ WP 5.9+ Updated Feb 17, 2024
google-fontslocal-hostingperformanceweb-fonts
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Fonts Manager – Local Hosting for Google Fonts Safe to Use in 2026?

Generally Safe

Score 85/100

Fonts Manager – Local Hosting for Google Fonts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "fonts-manager" plugin v1.0.0 presents a significant security risk due to its unprotected AJAX handlers. While the code shows good practices like using prepared statements for SQL queries and a high percentage of properly escaped output, the complete lack of authentication checks on all seven identified AJAX entry points is a major concern. This means any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure depending on the functionality they expose.

The static analysis also reveals no critical or high-severity taint flows, which is a positive sign. Furthermore, the plugin has no recorded vulnerability history, suggesting a generally secure development past. However, this lack of historical issues does not negate the immediate risk posed by the unprotected AJAX endpoints.

In conclusion, "fonts-manager" v1.0.0 has strengths in its SQL handling and output escaping. However, the presence of numerous unprotected AJAX endpoints creates a critical vulnerability that overshadows these positive aspects. The plugin's security posture is compromised by this oversight, and immediate remediation is recommended.

Key Concerns

  • Unprotected AJAX handlers
  • Missing nonce checks on AJAX
  • Missing capability checks on AJAX
Vulnerabilities
None known

Fonts Manager – Local Hosting for Google Fonts Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Fonts Manager – Local Hosting for Google Fonts Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Fonts Manager – Local Hosting for Google Fonts Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
60 escaped
Nonce Checks
0
Capability Checks
0
File Operations
12
External Requests
0
Bundled Libraries
0

Output Escaping

91% escaped66 total outputs
Attack Surface
7 unprotected

Fonts Manager – Local Hosting for Google Fonts Attack Surface

Entry Points7
Unprotected7

AJAX Handlers 7

authwp_ajax_winofm_scan_pageincludes/ajax-calls/localization.php:114
authwp_ajax_winofm_host_fontsincludes/ajax-calls/localization.php:168
authwp_ajax_winofm_tool_contentincludes/functions.php:354
authwp_ajax_winofm_cleanup_filesincludes/functions.php:416
authwp_ajax_winofm_regenerate_filesincludes/functions.php:464
authwp_ajax_winofm_save_files_locallyincludes/functions.php:498
authwp_ajax_winofm_save_settingsincludes/functions.php:523
WordPress Hooks 4
actioninitfonts-manager.php:64
actionadmin_menufonts-manager.php:73
actionadmin_enqueue_scriptsfonts-manager.php:82
actiontemplate_redirectincludes/functions.php:297
Maintenance & Trust

Fonts Manager – Local Hosting for Google Fonts Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedFeb 17, 2024
PHP min version7.2
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Fonts Manager – Local Hosting for Google Fonts Alternatives

Custom Fonts – Host Your Fonts Locally

Custom Fonts – Host Your Fonts Locally

custom-fonts

A
98

Custom Fonts is a powerful WordPress plugin that allows you to upload your own custom fonts or choose from a vast collection of Google Fonts, all host …

400K 2 CVEs
Disable Google Fonts

Disable Google Fonts

disable-google-fonts

A
85

Disable enqueuing of fonts from Google used by WordPress core, default themes, Gutenberg, and many more.

40K No CVEs
Chrome and Safari Web Font Rendering Fix

Chrome and Safari Web Font Rendering Fix

chrome-font-rendering-fix

A
100

Fix Chrome/Safari font rendering issues by displaying local fonts until web fonts load.

40 No CVEs
Enable Disabled Serbian Latin Google Fonts

Enable Disabled Serbian Latin Google Fonts

enable-disabled-serbian-latin-google-fonts

A
85

Enable enqueuing of Google fonts disabled in Serbian language package.

10 No CVEs
LocalFonts

LocalFonts

browsefyi-local-font-loader-for-google-fonts

A
100

Self-host Google Fonts for faster load times, GDPR/DSGVO compliance, and visitor privacy. Zero configuration required.

0 No CVEs
Developer Profile

Fonts Manager – Local Hosting for Google Fonts Developer Profile

aleswebs

3 plugins · 100 total installs

80
trust score
Avg Security Score
80/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Fonts Manager – Local Hosting for Google Fonts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fonts-manager/assets/css/styles.css/wp-content/plugins/fonts-manager/assets/js/scripts.js
Script Paths
/wp-content/plugins/fonts-manager/assets/js/scripts.js
Version Parameters
winofm_admin_styleswinofm_localization_tool

HTML / DOM Fingerprints

CSS Classes
winofm-mainwinofm-main-contentwinofm-sidebar
FAQ

Frequently Asked Questions about Fonts Manager – Local Hosting for Google Fonts