Does Typography Stylist have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Typography Stylist compatible with WordPress 6.9.4?

According to WordPress.org data, Typography Stylist 1.2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Typography Stylist compatible with PHP 7.4+?

Typography Stylist requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Typography Stylist updated?

Typography Stylist was last updated on Feb 27, 2026. Frequent updates are generally a positive security signal.

What is Typography Stylist's security score?

Typography Stylist has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Typography Stylist Security & Risk Analysis

wordpress.org/plugins/typography-stylist

Unlock hidden OpenType features like ligatures, swashes, and stylistic sets in the WordPress block editor with advanced typography controls.

10 active installs v1.2.2 PHP 7.4+ WP 5.8+ Updated Feb 27, 2026

ligaturesopentypestylistic-setstypographywebfonts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Typography Stylist Safe to Use in 2026?

Generally Safe

Score 100/100

Typography Stylist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The typography-stylist v1.2.2 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any known vulnerabilities in its history is a significant positive indicator. Furthermore, the plugin demonstrates good security practices by using prepared statements for all SQL queries, properly escaping all output, and implementing capability checks on a majority of its entry points. The attack surface is entirely protected by permission callbacks, and there are no observed unsanitized taint flows or insecure file operations.

However, there are two areas that warrant attention. The presence of two instances of the `preg_replace(/e)` function, while not immediately indicative of a vulnerability, can be a potential risk if not handled with extreme care, as it has historically been a source of remote code execution vulnerabilities. Although no specific exploit patterns are identified in the taint analysis, its presence suggests a need for vigilance. The plugin also has a relatively moderate number of file operations, which, while not inherently insecure, increases the potential for misconfigurations or unintended side effects if not thoroughly reviewed.

Key Concerns

Use of preg_replace with /e modifier

Vulnerabilities

None known

Typography Stylist Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Typography Stylist Release Timeline

v1.2.2Current

v1.2.1

v1.2.0

v1.1.9

v1.1.8

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

Code Analysis

Analyzed Apr 16, 2026

Typography Stylist Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

813 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace('/etypography-stylist.php:2230

preg_replace(/e)preg_replace('/etypography-stylist.php:4192

SQL Query Safety

100% prepared26 total queries

Output Escaping

100% escaped813 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

render_admin_page (typography-stylist.php:4637)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Typography Stylist Attack Surface

Entry Points23

Unprotected0

REST API Routes 23

GET/wp-json/typost/v1/presetstypography-stylist.php:1174

POST/wp-json/typost/v1/presetstypography-stylist.php:1180

DELETE/wp-json/typost/v1/presets/(?P<id>[a-zA-Z0-9_-]+)typography-stylist.php:1186

GET/wp-json/typost/v1/featurestypography-stylist.php:1193

GET/wp-json/typost/v1/fontstypography-stylist.php:1199

POST/wp-json/typost/v1/fontstypography-stylist.php:1205

DELETE/wp-json/typost/v1/fonts/(?P<id>[a-zA-Z0-9_-]+)typography-stylist.php:1213

GET/wp-json/typost/v1/adobe-fontstypography-stylist.php:1222

POST/wp-json/typost/v1/adobe-fontstypography-stylist.php:1228

DELETE/wp-json/typost/v1/adobe-fonts/(?P<id>[a-zA-Z0-9_-]+)typography-stylist.php:1236

PATCH/wp-json/typost/v1/adobe-fonts/(?P<id>[a-zA-Z0-9_-]+)/fallbacktypography-stylist.php:1244

PATCH/wp-json/typost/v1/adobe-fonts/(?P<id>[a-zA-Z0-9_-]+)/load-on-all-pagestypography-stylist.php:1252

GET/wp-json/typost/v1/manual-fontstypography-stylist.php:1261

POST/wp-json/typost/v1/manual-fontstypography-stylist.php:1267

DELETE/wp-json/typost/v1/manual-fonts/(?P<id>[a-zA-Z0-9_-]+)typography-stylist.php:1275

PATCH/wp-json/typost/v1/manual-fonts/(?P<id>[a-zA-Z0-9_-]+)typography-stylist.php:1283

PATCH/wp-json/typost/v1/fonts/(?P<id>[a-zA-Z0-9_-]+)/fallbacktypography-stylist.php:1292

PATCH/wp-json/typost/v1/fonts/(?P<id>[a-zA-Z0-9_-]+)/load-on-all-pagestypography-stylist.php:1301

GET/wp-json/typost/v1/font-replacementstypography-stylist.php:1310

POST/wp-json/typost/v1/font-replacementstypography-stylist.php:1316

PATCH/wp-json/typost/v1/font-replacements/(?P<id>\d+)typography-stylist.php:1324

DELETE/wp-json/typost/v1/font-replacements/(?P<id>\d+)typography-stylist.php:1332

GET/wp-json/typost/v1/font-replacements/orphanstypography-stylist.php:1340

WordPress Hooks 14

actionenqueue_block_editor_assetstypography-stylist.php:85

actionenqueue_block_assetstypography-stylist.php:88

actiontemplate_redirecttypography-stylist.php:91

actionwp_enqueue_scriptstypography-stylist.php:94

actionsave_posttypography-stylist.php:97

actionbefore_delete_posttypography-stylist.php:98

actionwp_headtypography-stylist.php:101

actionadmin_headtypography-stylist.php:102

actionadmin_menutypography-stylist.php:105

actionadmin_inittypography-stylist.php:108

actionadmin_inittypography-stylist.php:111

actionrest_api_inittypography-stylist.php:114

actioninittypography-stylist.php:117

actionplugins_loadedtypography-stylist.php:4757

Maintenance & Trust

Typography Stylist Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 27, 2026

PHP min version7.4

Downloads478

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Typography Stylist Alternatives

Easy Google Fonts

easy-google-fonts

Adds google fonts to any theme without coding and integrates with the WordPress Customizer automatically for a realtime live preview.

100K No CVEs

Dehkadeh Fonts

dehkadeh-fonts

This plugin help you to set persian fonts and size for different parts of the theme via wordpress customizer as easily. Also you can set the custom fo …

900 No CVEs

Google Webfonts For Woo Framework

google-fonts-for-woo-framework

Give the WooThemes framework access to the full range of current Google Webfonts.

300 No CVEs

Advanced Typekit

advanced-typekit

Allows you to add Typekit fonts to your site, by targetting them to specific elements using css selectors from the admin panel.

60 1 unpatched

JS Ligature Replacement

js-ligature-replacement

Ligature replacement using Wyatt Allen's ligature.js library and provides an interface for applying to a specific set of CSS selectors.

10 No CVEs

Developer Profile

Typography Stylist Developer Profile

matthewneilcowan

2 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Typography Stylist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/typography-stylist/assets/css/block-editor.css/wp-content/plugins/typography-stylist/assets/css/block-editor.min.css/wp-content/plugins/typography-stylist/assets/js/block-editor.js/wp-content/plugins/typography-stylist/assets/js/block-editor.min.js/wp-content/plugins/typography-stylist/assets/css/frontend.css/wp-content/plugins/typography-stylist/assets/css/frontend.min.css/wp-content/plugins/typography-stylist/assets/js/frontend.js/wp-content/plugins/typography-stylist/assets/js/frontend.min.js

Script Paths

/wp-content/plugins/typography-stylist/assets/js/block-editor.js/wp-content/plugins/typography-stylist/assets/js/block-editor.min.js/wp-content/plugins/typography-stylist/assets/js/frontend.js/wp-content/plugins/typography-stylist/assets/js/frontend.min.js

Version Parameters

typography-stylist/assets/css/block-editor.css?ver=typography-stylist/assets/css/block-editor.min.css?ver=typography-stylist/assets/js/block-editor.js?ver=typography-stylist/assets/js/block-editor.min.js?ver=typography-stylist/assets/css/frontend.css?ver=typography-stylist/assets/css/frontend.min.css?ver=typography-stylist/assets/js/frontend.js?ver=typography-stylist/assets/js/frontend.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

typost-block-editor

Data Attributes

data-typost-editor

JS Globals

window.typost

REST Endpoints

/typost/v1/

FAQ