WP-Safety

Simple Fonts Loader Security & Risk Analysis

wordpress.org/plugins/simple-fonts-loader

Un simple plugin qui permet d'activer des polices d'écritures de Google Fonts et de mettre les @font-face sur le site.

70 active installs v1.9.1 PHP 7.0+ WP 5.7+ Updated Nov 5, 2025
fontfontsgoogleloadersimple
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Simple Fonts Loader Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Fonts Loader has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The 'simple-fonts-loader' plugin v1.9.1 exhibits a mixed security posture. On the positive side, the code demonstrates good practices by utilizing prepared statements for all SQL queries and a very high percentage of properly escaped output, indicating an effort to prevent common web vulnerabilities like SQL injection and cross-site scripting. Furthermore, there is no known vulnerability history, suggesting a generally secure development process to date.

However, a significant concern arises from the presence of four unprotected AJAX handlers. This exposes a substantial attack surface that could be exploited by unauthenticated users. The absence of nonce and capability checks on these entry points is a critical weakness that could lead to unauthorized actions or data manipulation if a vulnerability is discovered or if an attacker can trigger these handlers. The static analysis did not identify any critical taint flows or dangerous functions, which is reassuring, but the unprotected AJAX endpoints remain a prominent risk.

In conclusion, while the plugin has a clean vulnerability history and employs secure coding practices for data handling, the unprotected AJAX endpoints represent a notable security gap. Addressing these unprotected entry points should be the top priority to improve the plugin's overall security posture.

Key Concerns

  • Unprotected AJAX handlers
  • Missing nonce checks on AJAX
  • Missing capability checks on AJAX
Vulnerabilities
None known

Simple Fonts Loader Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Simple Fonts Loader Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
52 escaped
Nonce Checks
0
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

93% escaped56 total outputs
Attack Surface
4 unprotected

Simple Fonts Loader Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_simple_fonts_loader_activate_fontincludes\admin\admin.php:56
authwp_ajax_simple_fonts_loader_deactivate_fontincludes\admin\admin.php:57
authwp_ajax_simple_fonts_loader_favorite_fontincludes\admin\admin.php:58
authwp_ajax_simple_fonts_loader_unfavorite_fontincludes\admin\admin.php:59
WordPress Hooks 7
actionadmin_menuincludes\admin\admin.php:54
actionadmin_enqueue_scriptsincludes\admin\admin.php:55
actioninitincludes\fonts.php:71
actiontemplate_redirectincludes\fonts.php:72
actionwp_headincludes\front\front.php:48
actionadmin_headincludes\front\front.php:50
actionsend_headersincludes\front\front.php:52
Maintenance & Trust

Simple Fonts Loader Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 5, 2025
PHP min version7.0
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs70
Alternatives

Simple Fonts Loader Alternatives

Use Any Font | Custom Font Uploader

Use Any Font | Custom Font Uploader

use-any-font

A
97

Upload custom fonts with custom font uploader. Auto converts to woff2 for better performance. Self-hosted, GDPR compliant, and easy custom font plugin

200K 4 CVEs
Very Basic Google Fonts

Very Basic Google Fonts

very-basic-google-fonts

A
100

The simple, bare-bones way to include Google Fonts to the wp_head(). It isn’t fancy but it gets the job done.

10 No CVEs
Wyvern Toolkit

Wyvern Toolkit

wyvern-toolkit

A
85

Wyvern Toolkit is a fast, reliable, and affordable professional WordPress plugin that does everything you need to create and manage an amazing website …

0 No CVEs
Custom Fonts – Host Your Fonts Locally

Custom Fonts – Host Your Fonts Locally

custom-fonts

A
98

Custom Fonts is a powerful WordPress plugin that allows you to upload your own custom fonts or choose from a vast collection of Google Fonts, all host …

300K 2 CVEs
OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy.

OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy.

host-webfonts-local

A
96

OMGF automagically caches the Google Fonts used by your theme/plugins locally. No configuration (or brains) required!

300K 4 CVEs
Developer Profile

Simple Fonts Loader Developer Profile

Tom Baumgarten

5 plugins · 160 total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Simple Fonts Loader

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-fonts-loader/fonts/load.php
Script Paths
/wp-content/plugins/simple-fonts-loader/js/admin.js/wp-content/plugins/simple-fonts-loader/js/front.js
Version Parameters
simple-fonts-loader/style.css?ver=simple-fonts-loader/js/admin.js?ver=simple-fonts-loader/js/front.js?ver=

HTML / DOM Fingerprints

CSS Classes
simple-fonts-loader-settingssimple-fonts-loader-filter-allsimple-fonts-loader-filter-activessimple-fonts-loader-cards
Data Attributes
id="simple-fonts-loader-settings"id="simple-fonts-loader-filter-all"id="simple-fonts-loader-filter-actives"id="simple-fonts-loader-cards"
JS Globals
simple_fonts_loader_ajax_object
REST Endpoints
/wp-json/simple-fonts-loader/v1/fonts
FAQ

Frequently Asked Questions about Simple Fonts Loader