TypeSquare Webfonts for ConoHa Security & Risk Analysis

wordpress.org/plugins/ts-webfonts-for-conoha

ConoHa WINGで株式会社モリサワが提供するWebフォントサービス「TypeSquare」を利用できるプラグインです。

10K active installs v2.0.4 PHP + WP 5.2.1+ Updated Mar 22, 2023
fontswebfonts
61
C · Use Caution
CVEs total2
Unpatched1
Last CVEMay 19, 2026
Safety Verdict

Is TypeSquare Webfonts for ConoHa Safe to Use in 2026?

Use With Caution

Score 61/100

TypeSquare Webfonts for ConoHa has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: May 19, 2026Updated 3yr ago
Risk Assessment

The "ts-webfonts-for-conoha" plugin v2.0.4 exhibits a generally good security posture, with no critical or high-severity issues identified in the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly reduces the potential attack surface. The use of prepared statements for all SQL queries and a high percentage of properly escaped output are strong indicators of secure coding practices. Nonce and capability checks are also present, further bolstering security. However, the taint analysis revealed three flows with unsanitized paths. While no critical or high severity issues were reported from these, this warrants attention as it could potentially lead to vulnerabilities if not handled carefully in future updates or under different attack vectors.

The plugin's vulnerability history shows one past medium-severity CVE related to Cross-Site Scripting, which was resolved. The fact that there are no currently unpatched vulnerabilities is a positive sign. However, the single past CVE, even if medium, combined with the identified unsanitized paths, suggests that input sanitization and output escaping, particularly in edge cases not covered by the current taint analysis, could be areas for improvement. The plugin demonstrates strengths in its limited attack surface and good SQL handling, but the presence of unsanitized paths in the taint analysis points to a specific area of potential concern that should be monitored.

Key Concerns

  • Flows with unsanitized paths found
  • Past medium severity CVE reported
Vulnerabilities
2 published

TypeSquare Webfonts for ConoHa Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-8610medium · 4.3Missing Authorization

TypeSquare Webfonts for ConoHa <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via 'fontThemeUseType' Parameter

May 19, 2026Unpatched
CVE-2023-25458medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Feb 23, 2023 Patched in 2.0.4 (1100d)
Version History

TypeSquare Webfonts for ConoHa Release Timeline

Code Analysis
Analyzed Mar 16, 2026

TypeSquare Webfonts for ConoHa Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
138 escaped
Nonce Checks
7
Capability Checks
3
File Operations
2
External Requests
2
Bundled Libraries
0

Output Escaping

87% escaped158 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
<admin-root> (inc\admin-root.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TypeSquare Webfonts for ConoHa Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 12
actionwp_dashboard_setupinc\admin-dashboard.php:16
actionwp_enqueue_scriptsts-webfonts-for-conoha.php:44
actionwp_headts-webfonts-for-conoha.php:45
actionpre_get_poststs-webfonts-for-conoha.php:46
filtermce_buttonsts-webfonts-for-conoha.php:378
actionadmin_menutypesquare-admin.php:23
actionadmin_menutypesquare-admin.php:24
actionadmin_inittypesquare-admin.php:25
actionadmin_noticestypesquare-admin.php:26
actionadmin_noticestypesquare-admin.php:27
actionsave_posttypesquare-admin.php:28
actionadmin_enqueue_scriptstypesquare-admin.php:29
Maintenance & Trust

TypeSquare Webfonts for ConoHa Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedMar 22, 2023
PHP min version
Downloads151K

Community Trust

Rating0/100
Number of ratings0
Active installs10K
Developer Profile

TypeSquare Webfonts for ConoHa Developer Profile

ConoHa by GMO

2 plugins · 10K total installs

65
trust score
Avg Security Score
80/100
Avg Patch Time
604 days
View full developer profile
Detection Fingerprints

How We Detect TypeSquare Webfonts for ConoHa

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ts-webfonts-for-conoha/css/style.css
Script Paths
//code.typesquare.com/static/5b0e3c4aee6847bda5a036abac1e024a/ts307f.js
Version Parameters
ts-webfonts-for-conoha/css/style.css?ver=ts307f.js?ver=

HTML / DOM Fingerprints

Data Attributes
typesquare_std
JS Globals
typesquare_std
FAQ

Frequently Asked Questions about TypeSquare Webfonts for ConoHa