Does Seed Fonts have any unpatched vulnerabilities?

No. All known vulnerabilities in Seed Fonts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Seed Fonts compatible with WordPress 6.6.5?

According to WordPress.org data, Seed Fonts 2.4.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is Seed Fonts updated?

Seed Fonts was last updated on Aug 6, 2024. Frequent updates are generally a positive security signal.

What is Seed Fonts's security score?

Seed Fonts has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Seed Fonts Security & Risk Analysis

wordpress.org/plugins/seed-fonts

Use web fonts (@font-face) by choosing from Google Fonts, Bundled Thai-English fonts, and your own web fonts.

20K active installs v2.4.2 PHP + WP 4.0+ Updated Aug 6, 2024

font-face-embedtypographyweb-fontswebfont

A · Safe

CVEs total1

Unpatched0

Last CVEJun 16, 2023

Plugin page Download

Safety Verdict

Is Seed Fonts Safe to Use in 2026?

Generally Safe

Score 92/100

Seed Fonts has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 16, 2023Updated 1yr ago

Risk Assessment

The "seed-fonts" plugin v2.4.2 presents a mixed security posture. On the positive side, the static analysis shows a complete lack of discoverable attack surface points like AJAX handlers, REST API routes, shortcodes, and cron events. Furthermore, all SQL queries are correctly using prepared statements, and there are no file operations or external HTTP requests, which are common sources of vulnerabilities. However, a significant concern arises from the output escaping, where only 38% of outputs are properly escaped. This suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities being present in the plugin's output rendering.

The vulnerability history indicates that the plugin has had a total of one known CVE, which was a medium severity Cross-Site Scripting vulnerability, last patched in mid-2023. While there are no currently unpatched CVEs, the past occurrence of XSS, combined with the low percentage of properly escaped outputs in the static analysis, strongly points to XSS as a persistent risk. The taint analysis also shows no critical or high severity flows, but the absence of flows doesn't guarantee safety given the output escaping issue.

In conclusion, while the "seed-fonts" plugin exhibits good practices in avoiding common attack vectors and secure SQL handling, the poor output escaping is a critical weakness. The past XSS vulnerability further reinforces this concern. Users should be aware of the potential for XSS attacks, even though no unpatched vulnerabilities are currently reported.

Key Concerns

Low percentage of properly escaped outputs
Past medium severity XSS vulnerability

Vulnerabilities

Seed Fonts Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-35779medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Seed Fonts 2.3.1 - Authenticated(Administrator+) Stored Cross-Site Scripting

Jun 16, 2023 Patched in 2.4.0 (221d)

Code Analysis

Analyzed Mar 16, 2026

Seed Fonts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

38% escaped34 total outputs

Attack Surface

Seed Fonts Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionwp_enqueue_scriptsseed-fonts.php:30

actionenqueue_block_editor_assetsseed-fonts.php:31

actionadmin_menuseed-fonts.php:170

actionadmin_initseed-fonts.php:648

Maintenance & Trust

Seed Fonts Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedAug 6, 2024

PHP min version

Downloads180K

Community Trust

Rating92/100

Number of ratings16

Active installs20K

Alternatives

Seed Fonts Alternatives

Easy Google Fonts

easy-google-fonts

Adds google fonts to any theme without coding and integrates with the WordPress Customizer automatically for a realtime live preview.

100K No CVEs

Dehkadeh Fonts

dehkadeh-fonts

This plugin help you to set persian fonts and size for different parts of the theme via wordpress customizer as easily. Also you can set the custom fo …

1K No CVEs

Supreme Google Webfonts

supreme-google-webfonts

Description: Adds all Google Webfonts into your visual editor panel when creating posts or pages. Now you have access to almost 700 universal, cross- …

1K No CVEs

Google Webfonts For Woo Framework

google-fonts-for-woo-framework

Give the WooThemes framework access to the full range of current Google Webfonts.

300 No CVEs

Google Web Fonts for WordPress

google-web-fonts-for-wordpress

Select up to 5 fonts from the Google Web Font Directory to make available for use in stylesheets.

90 No CVEs

Developer Profile

Seed Fonts Developer Profile

Seed Webs

3 plugins · 30K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

331 days

View full developer profile

Detection Fingerprints

How We Detect Seed Fonts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/seed-fonts/fonts//wp-content/plugins/seed-fonts/style.css

HTML / DOM Fingerprints

CSS Classes

editor-post-title__blockeditor-post-title__inputeditor-styles-wrapperwp-caption-text

Data Attributes

data-seed-fonts

JS Globals

seed_fonts_is_enabledseed_fonts_is_google_fontsseed_fonts_weightseed_fonts_selectorsseed_fonts_is_importantseed_fonts_google_font_name+11 more

FAQ