Does Ultimate Google Fonts have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultimate Google Fonts compatible with WordPress 3.3.2?

According to WordPress.org data, Ultimate Google Fonts 1.2 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is Ultimate Google Fonts updated?

Ultimate Google Fonts was last updated on Feb 5, 2012. Frequent updates are generally a positive security signal.

What is Ultimate Google Fonts's security score?

Ultimate Google Fonts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultimate Google Fonts Security & Risk Analysis

wordpress.org/plugins/ultimate-google-fonts

With this Google fonts plugin you have more than awesame 90 open source fonts at your disposal! Choose and customize Google fonts directly from your W …

30 active installs v1.2 PHP + WP 2.9+ Updated Feb 5, 2012

cufonfontfontsgoogle-fontsgoogle-webfonts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ultimate Google Fonts Safe to Use in 2026?

Generally Safe

Score 85/100

Ultimate Google Fonts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The 'ultimate-google-fonts' plugin v1.2 presents a mixed security posture. While it boasts a clean vulnerability history with no recorded CVEs and uses prepared statements for all SQL queries, critical code analysis signals raise concerns. The presence of the `create_function` function, a known source of potential vulnerabilities due to its ability to execute arbitrary code, is a significant red flag. Furthermore, the complete absence of output escaping for all identified outputs is a serious deficiency, leaving the plugin susceptible to cross-site scripting (XSS) attacks if any user-supplied data is displayed without proper sanitization. The lack of any recorded vulnerabilities in its history might suggest good development practices in the past or a lack of exposure, but the current static analysis indicates areas that require immediate attention to mitigate significant risks.

Key Concerns

Dangerous function `create_function` used
100% of outputs unescaped
No nonce checks detected

Vulnerabilities

None known

Ultimate Google Fonts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Ultimate Google Fonts Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Ultimate Google Fonts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('plugins_loaded', create_function('','global $ugfonts; $ugfonts = new ugfonts();'));ugfonts.php:244

Output Escaping

0% escaped5 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

display_page (ugfonts.php:68)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Ultimate Google Fonts Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_headugfonts.php:15

actionadmin_initugfonts.php:16

actionadmin_menuugfonts.php:17

actionwp_headugfonts.php:21

actionplugins_loadedugfonts.php:244

Maintenance & Trust

Ultimate Google Fonts Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedFeb 5, 2012

PHP min version

Downloads18K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Ultimate Google Fonts Alternatives

Easy Google Fonts

easy-google-fonts

Adds google fonts to any theme without coding and integrates with the WordPress Customizer automatically for a realtime live preview.

100K No CVEs

Google Web Fonts Customizer (GWFC)

google-web-fonts-customizer-gwfc

This plugin integrates WordPress Customizer with Google Web Fonts, to add and use google fonts to any themes, no coding needed.

1K No CVEs

Ultimate Fonts

ultimate-fonts

Adds Google Fonts to your WordPress website without coding. Customize any element with support for live preview in the Customizer.

500 No CVEs

Custom Fonts – Host Your Fonts Locally

custom-fonts

Custom Fonts is a powerful WordPress plugin that allows you to upload your own custom fonts or choose from a vast collection of Google Fonts, all host …

400K 2 CVEs

Fonts Plugin | Google Fonts, Adobe Fonts & Upload Fonts

olympus-google-fonts

Instantly change your entire website's typography with Google Fonts, Adobe Fonts, or custom fonts — no coding required. Live preview your changes.

200K 3 CVEs

Developer Profile

Ultimate Google Fonts Developer Profile

wptom

3 plugins · 140 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ultimate Google Fonts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultimate-google-fonts/ugfonts-js.js

Script Paths

http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

HTML / DOM Fingerprints

CSS Classes

ug-simpleshadowug-fireug-whiteug-embossug-blurryug-strokedug-threedee

JS Globals

currentFonts

FAQ