[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsfsASkHFWiEL0PDZtZP-IYNmynGop2m1gLro9RkTDIs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":14,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":43,"crawl_stats":33,"alternatives":50,"analysis":51,"fingerprints":662},"persian-admin-fonts","Persian Admnin Fonts","4.1.05","MDZ","https:\u002F\u002Fprofiles.wordpress.org\u002Fmdesignfa\u002F","\u003Cp>توجه: لطفا بعد از بروزرسانی به صفحه تنظیمات افزونه بروید و تنظیمات خود را ذخیره کنید تا فایل های داینامیک افزونه، بر اساس تنظیمات شما بار دیگر ایجاد شوند\u003Cbr \u002F>\nافزونه فونت فارسی یک افزونه کاملا رایگان برای سیستم مدیریت محتوا وردپرس می باشد. به کمک این افزونه شما می توانید فونت های ادمین وردپرس را تغییر دهید.10 فونت بسیار معروف و استاندارد برای وب در این افزونه گنجانده شده است همچنین شما می توانید فونت های دلخواه خود را درون افزونه آپلود کنید و از آنها استفاده کنید. افزونه فونت فارسی ادمین صفحه تنظیمات بسیار کاملی دارد و از فونت های ایتالیک و فشرده هم پشتیبانی می کند. این افزونه بسیار بهینه کد نویسی شده است و به هیچ عنوان در طرف فرانت سایت شما اجرا نمی شود.این افزونه توانایی تغییر فونت های صفحه ورود ادمین را هم دارا می باشد. سازگاری کامل با صفحه ساز المنتور و همچنین توانایی اضافه کردن کد های CSS دلخواه شما به ادمین وردپرس و المنتور از ویژگی های بسیار جدید این نرم افزار می باشد.\u003Cbr \u002F>\nThis free plugin makes you able to change your admin-side (wordpress) fonts very easily.if you dont use Persian (Farsi) lang for your admin-side, this plugin is useless for you. Persian Admin Fonts also contains +10 free Persian fonts but you can upload your custom font family to it and use it. while deactivating this wordpress plugin, we set up a realy simple confirmation to decide keep this plugin data (Options) or not, if you choose to get rid of extra data it will simply purge all its options inside you database. by the power of this free product, you can also add your custom CSS codes to the admin-side but if you dont know how to work with the CSS styles, we dont recommend to activate it.\u003C\u002Fp>\n\u003Ch3>به روز رسانی\u003C\u002Fh3>\n\u003Cp>بعد از انجام هر بروزرسانی به صفحه تنظیمات افزونه بروید و دکمه ذخیره تنظیمات را بزنید تا فایل های داینامیک افزونه بر اساس تنظیمات شما دوباره تولید شوند\u003C\u002Fp>\n\u003Ch3>لغو نصب افزونه\u003C\u002Fh3>\n\u003Cp>در هنگام غیر فعالسازی از شما سوال می شود که آیا مایلید اطلاعات این افزونه را نگاه دارید؟\u003Cbr \u002F>\nدر هنگام حذف افزونه شما تصمیم گیرنده خواهید بود که اطلاعات این افزونه را در درون دیتابیس سایت خود نگاه دارید یا نه. اگر به طور موقت غیرفعال سازی می کنید، پیشنهاد می شود اطلاعات افزونه را حذف نکنید اما اگر به صورت دائمی تصمیم بر حذف این افزونه گرفته اید، برای سبک سازی و بهینه سازی حجم دیتابیس سایت اطلاعات این افزونه را حذف کنید.\u003C\u002Fp>\n\u003Ch3>سازگاری ها\u003C\u002Fh3>\n\u003Cp>سازگار با ووکامرس\u003Cbr \u002F>\nسازگار با المنتور\u003Cbr \u002F>\nسازگار با صفحه ساز Visual Composer\u003Cbr \u002F>\nسازگار با صفحه ساز WP-Backery\u003Cbr \u002F>\nسازگار با Gutenberg\u003Cbr \u002F>\nسازگار با تم های پیش فرض وردپرس\u003Cbr \u002F>\nسازگار با افزونه سئو Yoast\u003Cbr \u002F>\nسازگار با افزونه WP Media Folders\u003Cbr \u002F>\nسازگار با افزونه BM Custom Login\u003C\u002Fp>\n\u003Ch3>صفحه تنظیمات\u003C\u002Fh3>\n\u003Cp>تنظیمات این افزونه در تنظیمات واقع شده است، در صورتی که پیدا نکردید این آدرس را در ادامه آدرس سایت خودتون وارد کنید: https:\u002F\u002Fwww.YOUR-SITE-URL\u002Fwp-admin\u002Foptions-general.php?page=persian-fonts-options\u003C\u002Fp>\n\u003Ch3>تم های اضافی\u003C\u002Fh3>\n\u003Cp>با استفاده از تم های اضافی به بخش مدیریت سایت خودتون رنگ و شکلی تازه ببخشید\u003C\u002Fp>\n","تغییر فونت های ادمین سایت شما با یک کلیک! به همراه 10 فونت معروف و استاندارد برای وب و قابلیت آپلود فونت های شخصی شما!",500,65585,100,1,"2026-02-18T11:47:00.000Z","6.9.4","","7.4",[20],"free-farsi-fonts-for-wp-admin","https:\u002F\u002Flanding.mdezign.ir\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpersian-admin-fonts.4.1.05.zip",99,0,"2025-10-21 00:00:00","2026-03-15T15:16:48.613Z",[28],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":6,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":25,"updated_date":39,"references":40,"days_to_patch":42},"CVE-2025-62980","persian-admnin-fonts-missing-authorization","Persian Admnin Fonts \u003C= 4.1.03 - Missing Authorization","The Persian Admnin Fonts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.1.03. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.",null,"\u003C=4.1.03","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-02-24 18:48:06",[41],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F77771c45-4a67-4c26-a679-86110459aaeb?source=api-prod",127,{"slug":44,"display_name":7,"profile_url":8,"plugin_count":45,"total_installs":46,"avg_security_score":13,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},"mdesignfa",4,730,87,88,"2026-04-04T07:06:23.695Z",[],{"attackSurface":52,"codeSignals":132,"taintFlows":601,"riskAssessment":649,"analyzedAt":661},{"hooks":53,"ajaxHandlers":114,"restRoutes":129,"shortcodes":130,"cronEvents":131,"entryPointCount":45,"unprotectedCount":24},[54,60,64,68,73,77,79,83,85,87,90,93,98,102,107,111],{"type":55,"name":56,"callback":57,"file":58,"line":59},"action","admin_menu","add_admin_menu","admin\\class-admin.php",31,{"type":55,"name":61,"callback":62,"file":58,"line":63},"admin_enqueue_scripts","add_font",59,{"type":55,"name":65,"callback":66,"file":58,"line":67},"plugins_loaded","addCssto_elementor",65,{"type":69,"name":70,"callback":71,"file":58,"line":72},"filter","upload_mimes","allow_fonts_mimes",68,{"type":55,"name":74,"callback":75,"file":58,"line":76},"admin_footer","addcsstoTinymce",197,{"type":55,"name":74,"callback":75,"file":58,"line":78},200,{"type":55,"name":80,"callback":81,"file":58,"line":82},"elementor\u002Feditor\u002Ffooter","closure",418,{"type":55,"name":80,"callback":81,"file":58,"line":84},433,{"type":55,"name":80,"callback":81,"file":58,"line":86},450,{"type":55,"name":74,"callback":88,"file":58,"line":89},"doredirect",478,{"type":55,"name":74,"callback":91,"file":58,"line":92},"emptyonDeactivate",502,{"type":55,"name":94,"callback":95,"file":96,"line":97},"login_enqueue_scripts","addlogin_fonts","front\\class-front.php",32,{"type":55,"name":99,"callback":100,"file":96,"line":101},"wp_enqueue_scripts","add_front_fonts",37,{"type":55,"name":103,"callback":104,"file":105,"line":106},"init","pfmdz_i18n","persianadminfonts-bymdez.php",60,{"type":69,"name":108,"callback":109,"file":105,"line":110},"elementor\u002Ffrontend\u002Fprint_google_fonts","__return_false",67,{"type":55,"name":61,"callback":81,"priority":112,"file":105,"line":113},999,75,[115,120,123,126],{"action":116,"nopriv":117,"callback":116,"hasNonce":117,"hasCapCheck":118,"file":119,"line":23},"pfmsz_emptyOptions_AjaxConf",false,true,"admin\\addadminAjax.php",{"action":121,"nopriv":117,"callback":121,"hasNonce":117,"hasCapCheck":118,"file":119,"line":122},"pfmdz_writetocssfile_ajax",146,{"action":124,"nopriv":117,"callback":124,"hasNonce":117,"hasCapCheck":118,"file":119,"line":125},"pfmdz_nightMode_ajax",171,{"action":127,"nopriv":117,"callback":127,"hasNonce":117,"hasCapCheck":118,"file":119,"line":128},"pfmdz_addgoog_fonts",193,[],[],[],{"dangerousFunctions":133,"sqlUsage":134,"outputEscaping":136,"fileOperations":45,"externalRequests":24,"nonceChecks":24,"capabilityChecks":596,"bundledLibraries":597},[],{"prepared":24,"raw":24,"locations":135},[],{"escaped":137,"rawEcho":138,"locations":139},316,252,[140,143,145,147,149,151,153,155,157,159,162,165,167,169,171,173,175,177,179,181,183,185,187,188,190,192,193,195,197,200,201,202,204,205,207,209,211,213,215,216,218,220,222,223,224,226,228,229,230,232,233,235,236,238,240,241,243,244,246,248,250,251,252,253,254,255,256,257,258,259,260,261,264,266,268,270,272,274,276,278,280,282,283,285,287,288,290,292,293,295,297,299,301,302,304,306,308,310,312,314,315,317,319,321,323,324,326,328,330,332,334,336,338,340,342,343,345,347,349,351,352,354,356,358,360,362,364,366,368,370,371,373,375,377,379,380,382,384,386,388,390,392,393,395,397,399,401,403,405,407,408,409,411,413,415,416,418,420,422,424,425,427,429,431,433,435,437,439,441,443,445,446,448,450,452,453,455,457,458,460,462,464,466,468,470,472,473,475,476,478,480,482,483,485,487,489,491,492,494,496,497,499,500,501,503,505,507,509,511,512,514,516,518,519,521,523,525,527,529,531,533,534,536,538,540,542,544,546,548,550,552,554,556,558,560,562,564,566,568,570,572,574,576,578,580,582,584,586,588,590,592,594],{"file":119,"line":141,"context":142},139,"raw output",{"file":58,"line":144,"context":142},177,{"file":58,"line":146,"context":142},179,{"file":58,"line":148,"context":142},225,{"file":58,"line":150,"context":142},300,{"file":58,"line":152,"context":142},301,{"file":58,"line":154,"context":142},456,{"file":58,"line":156,"context":142},458,{"file":58,"line":158,"context":142},515,{"file":160,"line":161,"context":142},"admin\\css\\pfmdz-admincss.php",314,{"file":163,"line":164,"context":142},"templates\\html\\help1html.php",14,{"file":163,"line":166,"context":142},16,{"file":163,"line":168,"context":142},18,{"file":163,"line":170,"context":142},20,{"file":163,"line":172,"context":142},26,{"file":163,"line":174,"context":142},30,{"file":163,"line":176,"context":142},36,{"file":163,"line":178,"context":142},40,{"file":163,"line":180,"context":142},44,{"file":163,"line":182,"context":142},48,{"file":163,"line":184,"context":142},52,{"file":163,"line":186,"context":142},58,{"file":163,"line":106,"context":142},{"file":163,"line":189,"context":142},62,{"file":163,"line":191,"context":142},64,{"file":163,"line":72,"context":142},{"file":163,"line":194,"context":142},72,{"file":163,"line":196,"context":142},76,{"file":198,"line":199,"context":142},"templates\\html\\help2html.php",15,{"file":198,"line":166,"context":142},{"file":198,"line":168,"context":142},{"file":198,"line":203,"context":142},19,{"file":198,"line":170,"context":142},{"file":198,"line":206,"context":142},21,{"file":198,"line":208,"context":142},22,{"file":198,"line":210,"context":142},23,{"file":198,"line":212,"context":142},24,{"file":198,"line":214,"context":142},25,{"file":198,"line":172,"context":142},{"file":198,"line":217,"context":142},27,{"file":198,"line":219,"context":142},28,{"file":198,"line":221,"context":142},29,{"file":198,"line":174,"context":142},{"file":198,"line":59,"context":142},{"file":225,"line":164,"context":142},"templates\\html\\help4html.php",{"file":225,"line":227,"context":142},17,{"file":225,"line":217,"context":142},{"file":225,"line":174,"context":142},{"file":225,"line":231,"context":142},33,{"file":225,"line":176,"context":142},{"file":225,"line":234,"context":142},38,{"file":225,"line":178,"context":142},{"file":225,"line":237,"context":142},42,{"file":225,"line":239,"context":142},46,{"file":225,"line":182,"context":142},{"file":242,"line":203,"context":142},"templates\\html\\our-fav-fonts.php",{"file":242,"line":221,"context":142},{"file":242,"line":245,"context":142},39,{"file":242,"line":247,"context":142},49,{"file":249,"line":164,"context":142},"templates\\html\\our-services.php",{"file":249,"line":227,"context":142},{"file":249,"line":168,"context":142},{"file":249,"line":203,"context":142},{"file":249,"line":170,"context":142},{"file":249,"line":206,"context":142},{"file":249,"line":208,"context":142},{"file":249,"line":210,"context":142},{"file":249,"line":172,"context":142},{"file":249,"line":221,"context":142},{"file":249,"line":174,"context":142},{"file":249,"line":231,"context":142},{"file":262,"line":263,"context":142},"templates\\html\\settingspagehtml.php",836,{"file":262,"line":265,"context":142},928,{"file":262,"line":267,"context":142},933,{"file":262,"line":269,"context":142},936,{"file":262,"line":271,"context":142},949,{"file":262,"line":273,"context":142},965,{"file":262,"line":275,"context":142},967,{"file":262,"line":277,"context":142},969,{"file":262,"line":279,"context":142},974,{"file":262,"line":281,"context":142},977,{"file":262,"line":281,"context":142},{"file":262,"line":284,"context":142},979,{"file":262,"line":286,"context":142},984,{"file":262,"line":286,"context":142},{"file":262,"line":289,"context":142},986,{"file":262,"line":291,"context":142},993,{"file":262,"line":291,"context":142},{"file":262,"line":294,"context":142},995,{"file":262,"line":296,"context":142},997,{"file":262,"line":298,"context":142},1002,{"file":262,"line":300,"context":142},1006,{"file":262,"line":300,"context":142},{"file":262,"line":303,"context":142},1009,{"file":262,"line":305,"context":142},1013,{"file":262,"line":307,"context":142},1022,{"file":262,"line":309,"context":142},1024,{"file":262,"line":311,"context":142},1027,{"file":262,"line":313,"context":142},1032,{"file":262,"line":313,"context":142},{"file":262,"line":316,"context":142},1036,{"file":262,"line":318,"context":142},1038,{"file":262,"line":320,"context":142},1040,{"file":262,"line":322,"context":142},1042,{"file":262,"line":322,"context":142},{"file":262,"line":325,"context":142},1044,{"file":262,"line":327,"context":142},1046,{"file":262,"line":329,"context":142},1047,{"file":262,"line":331,"context":142},1049,{"file":262,"line":333,"context":142},1054,{"file":262,"line":335,"context":142},1059,{"file":262,"line":337,"context":142},1061,{"file":262,"line":339,"context":142},1064,{"file":262,"line":341,"context":142},1069,{"file":262,"line":341,"context":142},{"file":262,"line":344,"context":142},1073,{"file":262,"line":346,"context":142},1075,{"file":262,"line":348,"context":142},1077,{"file":262,"line":350,"context":142},1079,{"file":262,"line":350,"context":142},{"file":262,"line":353,"context":142},1081,{"file":262,"line":355,"context":142},1083,{"file":262,"line":357,"context":142},1084,{"file":262,"line":359,"context":142},1086,{"file":262,"line":361,"context":142},1091,{"file":262,"line":363,"context":142},1096,{"file":262,"line":365,"context":142},1098,{"file":262,"line":367,"context":142},1101,{"file":262,"line":369,"context":142},1106,{"file":262,"line":369,"context":142},{"file":262,"line":372,"context":142},1110,{"file":262,"line":374,"context":142},1112,{"file":262,"line":376,"context":142},1114,{"file":262,"line":378,"context":142},1116,{"file":262,"line":378,"context":142},{"file":262,"line":381,"context":142},1118,{"file":262,"line":383,"context":142},1120,{"file":262,"line":385,"context":142},1121,{"file":262,"line":387,"context":142},1123,{"file":262,"line":389,"context":142},1128,{"file":262,"line":391,"context":142},1134,{"file":262,"line":391,"context":142},{"file":262,"line":394,"context":142},1136,{"file":262,"line":396,"context":142},1142,{"file":262,"line":398,"context":142},1147,{"file":262,"line":400,"context":142},1150,{"file":262,"line":402,"context":142},1152,{"file":262,"line":404,"context":142},1156,{"file":262,"line":406,"context":142},1159,{"file":262,"line":406,"context":142},{"file":262,"line":406,"context":142},{"file":262,"line":410,"context":142},1161,{"file":262,"line":412,"context":142},1162,{"file":262,"line":414,"context":142},1169,{"file":262,"line":414,"context":142},{"file":262,"line":417,"context":142},1173,{"file":262,"line":419,"context":142},1175,{"file":262,"line":421,"context":142},1177,{"file":262,"line":423,"context":142},1179,{"file":262,"line":423,"context":142},{"file":262,"line":426,"context":142},1181,{"file":262,"line":428,"context":142},1183,{"file":262,"line":430,"context":142},1184,{"file":262,"line":432,"context":142},1186,{"file":262,"line":434,"context":142},1191,{"file":262,"line":436,"context":142},1193,{"file":262,"line":438,"context":142},1197,{"file":262,"line":440,"context":142},1206,{"file":262,"line":442,"context":142},1208,{"file":262,"line":444,"context":142},1213,{"file":262,"line":444,"context":142},{"file":262,"line":447,"context":142},1215,{"file":262,"line":449,"context":142},1216,{"file":262,"line":451,"context":142},1222,{"file":262,"line":451,"context":142},{"file":262,"line":454,"context":142},1225,{"file":262,"line":456,"context":142},1229,{"file":262,"line":456,"context":142},{"file":262,"line":459,"context":142},1232,{"file":262,"line":461,"context":142},1233,{"file":262,"line":463,"context":142},1235,{"file":262,"line":465,"context":142},1238,{"file":262,"line":467,"context":142},1254,{"file":262,"line":469,"context":142},1256,{"file":262,"line":471,"context":142},1261,{"file":262,"line":471,"context":142},{"file":262,"line":474,"context":142},1266,{"file":262,"line":474,"context":142},{"file":262,"line":477,"context":142},1273,{"file":262,"line":479,"context":142},1275,{"file":262,"line":481,"context":142},1280,{"file":262,"line":481,"context":142},{"file":262,"line":484,"context":142},1285,{"file":262,"line":486,"context":142},1290,{"file":262,"line":488,"context":142},1293,{"file":262,"line":490,"context":142},1299,{"file":262,"line":490,"context":142},{"file":262,"line":493,"context":142},1302,{"file":262,"line":495,"context":142},1309,{"file":262,"line":495,"context":142},{"file":262,"line":498,"context":142},1315,{"file":262,"line":498,"context":142},{"file":262,"line":498,"context":142},{"file":262,"line":502,"context":142},1318,{"file":262,"line":504,"context":142},1323,{"file":262,"line":506,"context":142},1330,{"file":262,"line":508,"context":142},1332,{"file":262,"line":510,"context":142},1337,{"file":262,"line":510,"context":142},{"file":262,"line":513,"context":142},1339,{"file":262,"line":515,"context":142},1342,{"file":262,"line":517,"context":142},1348,{"file":262,"line":517,"context":142},{"file":262,"line":520,"context":142},1350,{"file":262,"line":522,"context":142},1353,{"file":262,"line":524,"context":142},1359,{"file":262,"line":526,"context":142},1361,{"file":262,"line":528,"context":142},1365,{"file":262,"line":530,"context":142},1373,{"file":262,"line":532,"context":142},1379,{"file":262,"line":532,"context":142},{"file":262,"line":535,"context":142},1385,{"file":262,"line":537,"context":142},1391,{"file":262,"line":539,"context":142},1394,{"file":262,"line":541,"context":142},1395,{"file":262,"line":543,"context":142},1402,{"file":262,"line":545,"context":142},1410,{"file":262,"line":547,"context":142},1416,{"file":262,"line":549,"context":142},1419,{"file":262,"line":551,"context":142},1420,{"file":262,"line":553,"context":142},1433,{"file":262,"line":555,"context":142},1435,{"file":262,"line":557,"context":142},1440,{"file":262,"line":559,"context":142},1442,{"file":262,"line":561,"context":142},1446,{"file":262,"line":563,"context":142},1447,{"file":262,"line":565,"context":142},1448,{"file":262,"line":567,"context":142},1449,{"file":262,"line":569,"context":142},1457,{"file":262,"line":571,"context":142},1459,{"file":262,"line":573,"context":142},1462,{"file":262,"line":575,"context":142},1465,{"file":262,"line":577,"context":142},1468,{"file":262,"line":579,"context":142},1471,{"file":262,"line":581,"context":142},1480,{"file":262,"line":583,"context":142},1482,{"file":262,"line":585,"context":142},1483,{"file":262,"line":587,"context":142},1484,{"file":262,"line":589,"context":142},1485,{"file":262,"line":591,"context":142},1486,{"file":262,"line":593,"context":142},1487,{"file":262,"line":595,"context":142},1488,6,[598],{"name":599,"version":33,"knownCves":600},"TinyMCE",[],[602,620,628],{"entryPoint":603,"graph":604,"unsanitizedCount":24,"severity":619},"pfmdz_addgoog_fonts (admin\\addadminAjax.php:176)",{"nodes":605,"edges":617},[606,611],{"id":607,"type":608,"label":609,"file":119,"line":610},"n0","source","$_REQUEST",184,{"id":612,"type":613,"label":614,"file":119,"line":615,"wp_function":616},"n1","sink","update_option() [Settings Manipulation]",187,"update_option",[618],{"from":607,"to":612,"sanitized":118},"low",{"entryPoint":621,"graph":622,"unsanitizedCount":24,"severity":619},"\u003CaddadminAjax> (admin\\addadminAjax.php:0)",{"nodes":623,"edges":626},[624,625],{"id":607,"type":608,"label":609,"file":119,"line":610},{"id":612,"type":613,"label":614,"file":119,"line":615,"wp_function":616},[627],{"from":607,"to":612,"sanitized":118},{"entryPoint":629,"graph":630,"unsanitizedCount":24,"severity":619},"\u003Csettingspagehtml> (templates\\html\\settingspagehtml.php:0)",{"nodes":631,"edges":646},[632,635,637,641],{"id":607,"type":608,"label":633,"file":262,"line":634},"$_POST (x46)",107,{"id":612,"type":613,"label":614,"file":262,"line":636,"wp_function":616},108,{"id":638,"type":608,"label":639,"file":262,"line":640},"n2","$_POST (x37)",114,{"id":642,"type":613,"label":643,"file":262,"line":644,"wp_function":645},"n3","echo() [XSS]",976,"echo",[647,648],{"from":607,"to":612,"sanitized":118},{"from":638,"to":642,"sanitized":118},{"summary":650,"deductions":651},"The 'persian-admin-fonts' plugin v4.1.05 exhibits a mixed security posture. On the positive side, the static analysis indicates a relatively contained attack surface with all AJAX handlers protected by authentication checks. Furthermore, there are no raw SQL queries or unsanitized paths identified in the taint analysis, which are common sources of critical vulnerabilities.\n\nHowever, several areas raise concerns. A significant portion of output (44%) is not properly escaped, potentially exposing the site to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled rigorously. The absence of nonce checks on the AJAX handlers, despite having capability checks, is a notable weakness that could be exploited if the capability checks themselves can be bypassed. While there are no currently unpatched CVEs, the plugin has a history of one known CVE, which was for a 'Missing Authorization' issue. This historical pattern, combined with the lack of specific nonce checks on AJAX endpoints, suggests a potential for authorization-related vulnerabilities in the future if not diligently addressed.\n\nIn conclusion, while the plugin has implemented some good security practices like prepared statements and authorization checks on its entry points, the unescaped output and the absence of nonce checks on AJAX endpoints represent tangible risks. The past CVE for missing authorization warrants vigilance. The plugin is not inherently insecure but requires careful monitoring and potential remediation of the identified output escaping and nonce check issues.",[652,655,658],{"reason":653,"points":654},"Significant portion of output not properly escaped",8,{"reason":656,"points":657},"No nonce checks on AJAX handlers",7,{"reason":659,"points":660},"Vulnerability history: 1 CVE (Missing Authorization)",5,"2026-03-16T19:36:18.178Z",{"wat":663,"direct":672},{"assetPaths":664,"generatorPatterns":667,"scriptPaths":668,"versionParams":669},[665,666],"\u002Fwp-content\u002Fplugins\u002Fpersian-admin-fonts\u002Flibs\u002Ffonts\u002Fcss\u002FdynamicAdminFont.css","\u002Fwp-content\u002Fplugins\u002Fpersian-admin-fonts\u002Flibs\u002Ffonts\u002Fcss\u002Fdynamic-front-fonts.css",[],[],[670,671],"persian-admin-fonts\u002Fstyle.css?ver=","persian-admin-fonts\u002Fadmin\u002Fcss\u002Fpfmdz-admincss.css?ver=",{"cssClasses":673,"htmlComments":675,"htmlAttributes":676,"restEndpoints":678,"jsGlobals":679,"shortcodeOutput":682},[674],"pfmdz-settings-page",[],[677],"data-pfmdz-font-selector",[],[680,681],"pfmdz_admin_ajax_url","pfmdz_admin_nonce",[]]