Does Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts have any unpatched vulnerabilities?

No. All known vulnerabilities in Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts compatible with WordPress 6.9.4?

According to WordPress.org data, Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts 4.0.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts Security & Risk Analysis

wordpress.org/plugins/olympus-google-fonts

The easiest to customize fonts in WordPress. Optimized for Speed. 1000+ font choices. Supports Google Fonts, Adobe Fonts and Upload Fonts.

200K active installs v4.0.6 PHP + WP 4.0+ Updated Feb 2, 2026

adobe-fontscustom-fontsgoogle-fontstypekit-fontsupload-fonts

A · Safe

CVEs total3

Unpatched0

Last CVEAug 16, 2024

Plugin page Download

Safety Verdict

Is Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts Safe to Use in 2026?

Generally Safe

Score 98/100

Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 16, 2024Updated 2mo ago

Risk Assessment

The "olympus-google-fonts" v4.0.6 plugin exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, several areas raise concerns. The presence of two unprotected AJAX handlers directly expose entry points without authorization checks, which is a significant risk. Additionally, the plugin's history of three known medium-severity vulnerabilities, including missing authorization, CSRF, and XSS, coupled with the recent discovery on August 16, 2024, suggests a pattern of potentially insecure coding practices that have required patching in the past.

The static analysis reveals a moderate attack surface with a concerning number of unprotected AJAX endpoints. The taint analysis, while limited in scope, did identify two flows with unsanitized paths, although these were not classified as critical or high severity. The plugin also performs file operations and makes external HTTP requests, which, while not inherently insecure, can become vulnerabilities if not handled carefully within the context of the entire application.

Overall, the plugin has strengths in its SQL handling and output escaping. However, the unprotected AJAX handlers and the recurring vulnerability types in its history warrant careful consideration. The recent patch history and the identified unprotected entry points suggest that while efforts are made to secure the code, there remain areas that could be exploited if not thoroughly reviewed and hardened. It is crucial to monitor for any future vulnerabilities and ensure prompt patching.

Key Concerns

Unprotected AJAX handlers
Previous medium vulnerabilities (x3)
Flows with unsanitized paths (x2)

Vulnerabilities

Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-43302medium · 5.4Missing Authorization

Fonts <= 3.7.7 - Missing Authorization

Aug 16, 2024 Patched in 3.7.8 (4d)

CVE-2024-43301medium · 6.1Cross-Site Request Forgery (CSRF)

Fonts <= 3.7.7 - Cross-Site Request Forgery

Aug 16, 2024 Patched in 3.7.8 (4d)

CVE-2021-24637medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Google Fonts Typography <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via blockType arguments

Aug 23, 2021 Patched in 3.0.3 (883d)

Code Analysis

Analyzed Mar 16, 2026

Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

271 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped288 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

dismiss_notice (includes\class-ogf-welcome.php:71)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 4

authwp_ajax_ogf_dismiss_guideadmin\class-ogf-welcome-screen.php:19

authwp_ajax_customizer_clear_cacheincludes\class-ogf-clear-cache.php:28

authwp_ajax_customizer_resetincludes\class-ogf-reset.php:28

authwp_ajax_ogf_dismiss_noticeincludes\class-ogf-welcome.php:56

WordPress Hooks 71

actionadmin_enqueue_scriptsadmin\class-ogf-upload-fonts-screen.php:44

actionadmin_menuadmin\class-ogf-upload-fonts-screen.php:46

actionadmin_headadmin\class-ogf-upload-fonts-screen.php:47

filterupload_mimesadmin\class-ogf-upload-fonts-screen.php:58

filterwp_check_filetype_and_extadmin\class-ogf-upload-fonts-screen.php:59

actionadmin_menuadmin\class-ogf-welcome-screen.php:17

actionadmin_enqueue_scriptsadmin\class-ogf-welcome-screen.php:18

actionenqueue_block_editor_assetsblocks\init.php:89

actionogf_inline_stylesclass-olympus-google-fonts.php:24

filterwp_resource_hintsclass-olympus-google-fonts.php:25

actioncustomize_controls_enqueue_scriptsclass-olympus-google-fonts.php:26

actioncustomize_preview_initclass-olympus-google-fonts.php:27

actioncustomize_registerclass-olympus-google-fonts.php:32

filterogf_elementscompatibility\colorlib.php:20

filteret_websafe_fontscompatibility\divi-builder.php:13

filterogf_elementscompatibility\edgethemes.php:27

filterelementor/fonts/groupscompatibility\elementor.php:13

filterelementor/fonts/additional_fontscompatibility\elementor.php:25

filterogf_elementscompatibility\elementor.php:69

filterogf_elementscompatibility\graphenethemessolutions.php:21

filterogf_elementscompatibility\lyrathemes.php:28

filtermpcs_classroom_style_handlescompatibility\memberpress-courses.php:33

filterogf_elementscompatibility\memberpress-courses.php:82

filterogf_elementscompatibility\themefreesia.php:24

filterogf_elementscompatibility\themegrill.php:20

filterogf_elementscompatibility\themeisle.php:25

filterogf_elementscompatibility\thewordpressteam.php:20

filterogf_elementscompatibility\woocommerce.php:111

filtertiny_mce_before_initincludes\class-ogf-classic-editor.php:57

filtermce_buttonsincludes\class-ogf-classic-editor.php:58

filtertiny_mce_before_initincludes\class-ogf-classic-editor.php:59

filterogf_classic_font_formatsincludes\class-ogf-classic-editor.php:60

actionadmin_initincludes\class-ogf-classic-editor.php:61

actionadmin_initincludes\class-ogf-classic-editor.php:62

actioncustomize_registerincludes\class-ogf-clear-cache.php:27

actioncustomize_controls_enqueue_scriptsincludes\class-ogf-clear-cache.php:29

actionwp_dashboard_setupincludes\class-ogf-dashboard-widget.php:19

actionadmin_initincludes\class-ogf-notifications.php:68

actionadmin_initincludes\class-ogf-notifications.php:69

actionadmin_noticesincludes\class-ogf-notifications.php:118

actioncustomize_registerincludes\class-ogf-reset.php:27

actioncustomize_controls_enqueue_scriptsincludes\class-ogf-reset.php:29

actionadmin_menuincludes\class-ogf-typekit.php:17

actionadmin_initincludes\class-ogf-typekit.php:18

actionadmin_headincludes\class-ogf-typekit.php:19

actionadmin_headincludes\class-ogf-typekit.php:20

actionadmin_headincludes\class-ogf-typekit.php:21

actionwp_enqueue_scriptsincludes\class-ogf-typekit.php:22

actionenqueue_block_editor_assetsincludes\class-ogf-typekit.php:23

actionadmin_noticesincludes\class-ogf-welcome.php:55

actionadmin_initincludes\class-ogf-welcome.php:57

actionadmin_enqueue_scriptsincludes\class-ogf-welcome.php:58

actioncustomize_registerincludes\customizer\class-ogf-optimization-controls.php:24

actioncustomize_registerincludes\customizer\class-ogf-optimization-controls.php:25

actioncustomize_controls_enqueue_scriptsincludes\customizer\class-ogf-optimization-controls.php:26

actionwp_headincludes\customizer\output-css.php:31

actionogf_inline_stylesincludes\customizer\output-css.php:87

actionogf_gutenberg_inline_stylesincludes\customizer\output-css.php:88

actionogf_inline_stylesincludes\customizer\output-css.php:305

actionogf_gutenberg_inline_stylesincludes\customizer\output-css.php:306

actioncustomize_controls_enqueue_scriptsincludes\customizer\panels.php:16

actioncustomize_registerincludes\customizer\panels.php:247

actioncustomize_registerincludes\customizer\settings.php:21

actioncustomize_registerincludes\customizer\settings.php:413

filterwp_theme_json_data_defaultincludes\gutenberg\class-ogf-gutenberg-filters.php:19

filterblock_editor_settings_allincludes\gutenberg\class-ogf-gutenberg-filters.php:20

actionenqueue_block_editor_assetsincludes\gutenberg\output-css.php:21

actionadmin_headincludes\gutenberg\output-css.php:46

filterblock_editor_settings_allincludes\gutenberg\output-css.php:196

actioninitolympus-google-fonts.php:27

actionadmin_initolympus-google-fonts.php:52

Maintenance & Trust

Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 2, 2026

PHP min version

Downloads10.0M

Community Trust

Rating100/100

Number of ratings1,203

Active installs200K

Alternatives

Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts Alternatives

Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts

yabe-webfont

100

Easy self-host Google Fonts, Adobe Fonts support, or upload custom fonts in WordPress. Integrated into the most popular themes and page builders.

5K No CVEs

Local Fonts Uploader – Upload & Host Any Font Locally for GDPR

local-fonts-uploader

100

Easily upload and host fonts locally. Avoid external requests to enhance security, privacy, speed, and GDPR compliance.

2K No CVEs

Custom Fonts – Host Your Fonts Locally

custom-fonts

Custom Fonts is a powerful WordPress plugin that allows you to upload your own custom fonts or choose from a vast collection of Google Fonts, all host …

300K 2 CVEs

Use Any Font | Custom Font Uploader

use-any-font

Upload custom fonts with custom font uploader. Auto converts to woff2 for better performance. Self-hosted, GDPR compliant, and easy custom font plugin

200K 4 CVEs

Custom Adobe Fonts (Typekit)

custom-typekit-fonts

100

Custom Adobe Fonts allows you to extends the fonts supports from the Abobe Fonts.

60K No CVEs

Developer Profile

Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts Developer Profile

fontsplugin

2 plugins · 300K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

297 days

View full developer profile

Detection Fingerprints

How We Detect Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/olympus-google-fonts/admin/style.css/wp-content/plugins/olympus-google-fonts/assets/js/uploadFonts.js

Script Paths

/wp-content/plugins/olympus-google-fonts/assets/js/uploadFonts.js

Version Parameters

olympus-google-fonts/admin/style.css?ver=olympus-google-fonts/assets/js/uploadFonts.js?ver=

HTML / DOM Fingerprints

CSS Classes

ogf_custom_fonts

Data Attributes

data-ogf-upload-type

JS Globals

window.wp.mediawindow.jQuery

FAQ