[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCya6ezACkVgTE--wB3bJEiUq70GazqKP7YyBEb4p9as":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":35,"analysis":145,"fingerprints":236},"rh-devnia-webfonts","RH Devnia Webfonts","1.0","waheeds","https:\u002F\u002Fprofiles.wordpress.org\u002Fwaheeds\u002F","\u003Cp>You may through this plugin to change your font in your arabic Web site using a modern fonts Devina Web Font Service\u003C\u002Fp>\n\u003Cp>A few notes about the sections above:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>with out change any thing or write code in theme\u003C\u002Fli>\n\u003Cli>just choose font and save option\u003C\u002Fli>\n\u003Cli>fonts are hosted by maxcdn and files will dont lose or be offline\u003C\u002Fli>\n\u003Cli>you can preview font after select\u003C\u002Fli>\n\u003Cli>tetsed up to wordpress 4.1\u003C\u002Fli>\n\u003C\u002Ful>\n","this plugin is change your body font with devnia web fonts service if yout site was in arabic language.",10,2510,100,1,"2015-01-20T12:48:00.000Z","4.1.42","3.9","",[20,21,22,23],"arabic","bootstrap","fonts","web-fonts","http:\u002F\u002Fwww.rh.net.sa","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frh-devnia-webfonts.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,84,"2026-04-04T14:00:30.792Z",[36,58,80,105,125],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"disable-google-fonts","Disable Google Fonts","2.0","Milan Dinić","https:\u002F\u002Fprofiles.wordpress.org\u002Fdimadin\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fmilandinic.com\u002Fwordpress\u002Fplugins\u002Fdisable-google-fonts\u002F\" rel=\"nofollow ugc\">Plugin homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmilandinic.com\u002F\" rel=\"nofollow ugc\">Plugin author\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmilandinic.com\u002Fdonate\u002F\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin stops loading of fonts from Google Fonts used by WordPress core, Gutenberg plugin, bundled themes (Twenty Twelve, Twenty Thirteen, Twenty Fourteen, Twenty Fifteen, Twenty Sixteen, Twenty Seventeen), and most other themes. If theme or plugin (whose name is not listed here) uses fonts from Google Fonts, those fonts still might be loaded if that theme or plugin loads fonts from Google in a way that is incompatible with this plugin.\u003C\u002Fp>\n\u003Cp>Reasons for not using Google Fonts might be privacy and security, local development or production, blocking of Google’s servers, characters not supported by font, performance.\u003C\u002Fp>\n\u003Cp>Disable Google Fonts is a very lightweight, it has no settings, just activate it and it works immediately.\u003C\u002Fp>\n\u003Cp>And it’s on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdimadin\u002Fdisable-google-fonts\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Disable enqueuing of fonts from Google used by WordPress core, default themes, Gutenberg, and many more.",40000,893618,88,42,"2019-02-24T21:01:00.000Z","5.1.22","3.5","5.2.4",[53,54,55],"google-fonts","google-web-fonts","open-sans","https:\u002F\u002Fmilandinic.com\u002Fwordpress\u002Fplugins\u002Fdisable-google-fonts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-google-fonts.2.0.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":18,"tags":73,"homepage":77,"download_link":78,"security_score":68,"vuln_count":14,"unpatched_count":27,"last_vuln_date":79,"fetched_at":29},"seed-fonts","Seed Fonts","2.4.2","Seed Webs","https:\u002F\u002Fprofiles.wordpress.org\u002Fseedthemes\u002F","\u003Cp>Seed Fonts is WordPress plugin that helps you use web fonts (@font-face embed) easier. You can use by\u003C\u002Fp>\n\u003Col>\n\u003Cli>Google Fonts\u003C\u002Fli>\n\u003Cli>Bundled Thai-English fonts\u003C\u002Fli>\n\u003Cli>Your own web fonts. (Upload to \u002Fwp-content\u002Fupload\u002Ffonts\u002Ffontname\u002F or \u002Fwp-content\u002Fthemes\u002FThemeName\u002Fvendor\u002Ffonts\u002Ffontname\u002F – lowercase is recommended.)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The GitHub repository can be found at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSeedWebs\u002Fseed-fonts\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FSeedWebs\u002Fseed-fonts\u003C\u002Fa>.\u003C\u002Fp>\n","Use web fonts (@font-face) by choosing from Google Fonts, Bundled Thai-English fonts, and your own web fonts.",20000,179556,92,16,"2024-08-06T04:03:00.000Z","6.6.5","4.0",[74,75,23,76],"font-face-embed","typography","webfont","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fseed-fonts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseed-fonts.2.4.2.zip","2023-06-16 00:00:00",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":71,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":100,"download_link":101,"security_score":102,"vuln_count":103,"unpatched_count":14,"last_vuln_date":104,"fetched_at":29},"fonto","Fonto – Custom Web Fonts Manager","1.2.2","vlad.olaru","https:\u002F\u002Fprofiles.wordpress.org\u002Fvladolaru\u002F","\u003Cp>Fonto is a custom fonts management plugin that will seamlessly integrate with the WordPress editor, allowing you to get right to using your fancy free or premium fonts.\u003C\u002Fp>\n\u003Cp>It is built to work with pretty much any configuration font vendors offer (like Typekit, Fonts.com, MyFonts.com, Google Fonts), either by allowing them to serve the fonts via an embed code or by self-hosting the font files.\u003C\u002Fp>\n\u003Cp>Plus, we’ve integrated Fonto with our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustomify\u002F\" rel=\"ugc\">Customify\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstyle-manager\u002F\" rel=\"ugc\">Style Manager\u003C\u002Fa> plugins to make it even smoother to control your site’s general typography.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FCMB2\u002FCMB2\" rel=\"nofollow ugc\">CMB2\u003C\u002Fa> Metaboxes, custom fields library – License: GPLv2 or later\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjcchavezs\u002Fcmb2-conditionals\u002F\" rel=\"nofollow ugc\">CMB2 Conditionals\u003C\u002Fa> plugin for CMB2 – License: GPLv2 or later\u003C\u002Fli>\n\u003C\u002Ful>\n","Use your custom premium web fonts directly in the Editor or with the Customify and Style Manager plugins. Works with Typekit, MyFonts, Fonts.",2000,38108,60,4,"2024-10-16T08:33:00.000Z","4.9.9","5.6.20",[96,97,98,99,22],"custom-font","custom-fonts","custom-web-fonts","font-manager","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffonto","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffonto.1.2.2.zip",70,2,"2025-04-03 00:00:00",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":16,"requires_at_least":118,"requires_php":18,"tags":119,"homepage":123,"download_link":124,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"supreme-google-webfonts","Supreme Google Webfonts","2.0.1","Josh","https:\u002F\u002Fprofiles.wordpress.org\u002Fjosh401\u002F","\u003Cp>This plugin simply activates, and makes accessible the ENTIRE Google Webfonts repository.  Your visual editor will show a new, third row with an easy drop-down list for choosing fonts.\u003C\u002Fp>\n\u003Cp>I also added a box for font size selection… they seem to go hand in hand.\u003C\u002Fp>\n\u003Cp>If you like this plugin, \u003Cstrong>Please Leave A Rating\u003C\u002Fstrong>.  Also, click “works” if you are indeed satisfied with the plugin.  Thank you.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=A9E5VNRBMVBCS\" rel=\"nofollow ugc\">Even the smallest donations will be gratefully accepted if you wish to click here\u003C\u002Fa>.  \u003Cstrong>Donations help to continue and support future upgrades and releases.\u003C\u002Fstrong>  Please consider donating if you are extremely pleased with this plugin and will continue using it on your site; especially if you are operating a commercial website.  Thank you!\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added all 291 currently available Google Webfonts.\u003C\u002Fli>\n\u003C\u002Ful>\n","Description: Adds all Google Webfonts into your visual editor panel when creating posts or pages.  Now you have access to almost 700 universal, cross- &hellip;",1000,46174,82,15,"2017-11-28T19:59:00.000Z","3.2.1",[22,54,120,121,122],"google-webfonts","visual-editor","webfonts","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsupreme-google-webfonts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsupreme-google-webfonts.2.0.1.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":13,"num_ratings":103,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":138,"tags":139,"homepage":143,"download_link":144,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"khattat-arabic-fonts","Khattat – Arabic Fonts","2.6.0","Mokhtar Bensaid","https:\u002F\u002Fprofiles.wordpress.org\u002Fmokhtarbsaid\u002F","\u003Cp>Choose a beautiful Arabic font for your site from over 110 stunning fonts to enhance user experience.\u003Cbr \u002F>\nCairo, Lateef, Tajawal, Amiri, Rubik, Sky… and others beautiful fonts.\u003C\u002Fp>\n\u003Cp>The new official Saudi font announced has been added.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Beautiful arabic fonts.\u003C\u002Fli>\n\u003Cli>Select custom font for each element: body, h1, h2, h3, h4, h5, h6.\u003C\u002Fli>\n\u003Cli>Translation ready of the plugin strings to arabic see language folder from the plugin root folder.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin helped website owners who have an Arabic language website\u003C\u002Fp>\n\u003Ch4>Font Ressources\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffontface.me\" rel=\"nofollow ugc\">Font Face\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffonts.google.com\" rel=\"nofollow ugc\">Google Fonts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>My GitHub Repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmokhtarbsaid\u002Fsaudi-font\" rel=\"nofollow ugc\">Saudi Font\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>My GitHub Repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmokhtarbsaid\u002Frare-arabic-fonts\" rel=\"nofollow ugc\">Rare Arabic Fonts\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003C\u002Ful>\n","Choose a beautiful Arabic font for your site from over 110 stunning fonts to enhance user experience.",500,3615,"2025-08-13T05:21:00.000Z","6.7.5","5.8","7.4",[20,22,140,141,142],"%d8%a7%d9%84%d8%b9%d8%b1%d8%a8%d9%8a%d8%a9","%d8%ae%d8%b7%d9%88%d8%b7","%d8%ae%d8%b7%d9%88%d8%b7-%d8%b9%d8%b1%d8%a8%d9%8a%d8%a9","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkhattat-arabic-fonts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkhattat-arabic-fonts.2.6.0.zip",{"attackSurface":146,"codeSignals":170,"taintFlows":194,"riskAssessment":228,"analyzedAt":235},{"hooks":147,"ajaxHandlers":166,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":27,"unprotectedCount":27},[148,154,158,162],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","init","plugin_name_load_plugin_textdomain","index.php",22,{"type":149,"name":155,"callback":156,"file":152,"line":157},"wp_head","font_style",45,{"type":149,"name":159,"callback":160,"file":152,"line":161},"admin_print_styles","ui_kit",52,{"type":149,"name":163,"callback":164,"file":152,"line":165},"admin_menu","devnia_admin_actions",62,[],[],[],[],{"dangerousFunctions":171,"sqlUsage":172,"outputEscaping":174,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":193},[],{"prepared":27,"raw":27,"locations":173},[],{"escaped":27,"rawEcho":175,"locations":176},8,[177,181,183,185,187,188,190,191],{"file":178,"line":179,"context":180},"change_font.php",18,"raw output",{"file":178,"line":182,"context":180},21,{"file":178,"line":184,"context":180},26,{"file":178,"line":186,"context":180},28,{"file":178,"line":32,"context":180},{"file":178,"line":189,"context":180},33,{"file":178,"line":189,"context":180},{"file":152,"line":192,"context":180},43,[],[195],{"entryPoint":196,"graph":197,"unsanitizedCount":226,"severity":227},"\u003Cchange_font> (change_font.php:0)",{"nodes":198,"edges":221},[199,203,209,212,216,219],{"id":200,"type":201,"label":202,"file":178,"line":91},"n0","source","$_POST",{"id":204,"type":205,"label":206,"file":178,"line":207,"wp_function":208},"n1","sink","update_option() [Settings Manipulation]",5,"update_option",{"id":210,"type":201,"label":211,"file":178,"line":91},"n2","$_POST (x4)",{"id":213,"type":205,"label":214,"file":178,"line":179,"wp_function":215},"n3","echo() [XSS]","echo",{"id":217,"type":201,"label":218,"file":178,"line":186},"n4","$_SERVER['REQUEST_URI']",{"id":220,"type":205,"label":214,"file":178,"line":186,"wp_function":215},"n5",[222,224,225],{"from":200,"to":204,"sanitized":223},false,{"from":210,"to":213,"sanitized":223},{"from":217,"to":220,"sanitized":223},6,"low",{"summary":229,"deductions":230},"The rh-devnia-webfonts v1.0 plugin presents a mixed security picture.  On the positive side, the plugin demonstrates good practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, and showing no known past vulnerabilities or active CVEs.  The attack surface appears to be minimal, with no AJAX handlers, REST API routes, shortcodes, or cron events exposed.  However, a significant concern is the complete lack of output escaping, with 100% of detected outputs not being properly escaped.  This could lead to Cross-Site Scripting (XSS) vulnerabilities if the data being output is user-controlled or originates from an untrusted source.  Additionally, the taint analysis revealed one flow with an unsanitized path, which, although not classified as critical or high severity in this specific instance, warrants attention as it indicates potential for path traversal or file inclusion vulnerabilities in the future if not addressed.\n\nWhile the absence of known vulnerabilities and a seemingly small attack surface are strengths, the identified output escaping and taint flow issues represent clear security weaknesses. The fact that 100% of outputs are unescaped is a critical oversight that could easily be exploited. The single unsanitized path flow, even if currently benign, points to a potential weakness in data handling. Therefore, despite the positive indicators, the plugin is not entirely secure due to these specific coding oversights.  Immediate attention should be given to implementing proper output escaping for all dynamic content displayed by the plugin.",[231,233],{"reason":232,"points":175},"0% of outputs properly escaped",{"reason":234,"points":207},"1 flow with unsanitized paths","2026-03-17T01:43:10.915Z",{"wat":237,"direct":245},{"assetPaths":238,"generatorPatterns":241,"scriptPaths":242,"versionParams":244},[239,240],"\u002Fwp-content\u002Fplugins\u002Frh-devnia-webfonts\u002Fbootstrap\u002Fcss\u002Fbootstrap.css","\u002Fwp-content\u002Fplugins\u002Frh-devnia-webfonts\u002Ffonts.js",[],[243,240],"https:\u002F\u002Fajax.googleapis.com\u002Fajax\u002Flibs\u002Fjquery\u002F1.11.2\u002Fjquery.min.js",[],{"cssClasses":246,"htmlComments":247,"htmlAttributes":248,"restEndpoints":249,"jsGlobals":250,"shortcodeOutput":251},[],[],[],[],[],[]]