A major vulnerability was discovered in the Google Fonts optimization plugin for WordPress

Article image A major vulnerability was discovered in the Google Fonts optimization plugin for WordPress
Article image A major vulnerability was discovered in the Google Fonts optimization plugin for WordPress
Publication date:27.01.2026
Blog category: Web Security

Plugin, OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy., optimizes the use of Google Fonts to reduce the impact on page speed and is also GDPR compliant, making it valuable for users in the European Union who want to use Google Fonts.

"The vulnerability is of particular concern because it allows unregistered attackers. "Unregistered" means that an attacker does not need to be registered on a website or have some level of credentials.

The vulnerability is described as the possibility of unauthorized deletion of directories and loading of malicious XSS scripts. 🚀

  • 📌 This can lead to the attacker being able to use the privileges of the user visiting the site.

The cause of the vulnerability, as discovered by Wordfence researchers, is a lack of capability checking, a security feature that checks whether a user has access to a specific plugin feature, in this case, an admin-level feature. 🚀

"Wordfence describes the cause of the vulnerability: ... is vulnerable to unauthorized data modification and malicious script retention due to a lack of capability checks in the update_settings() function, which is attached via admin_init in all versions up to and including 5.7.9."

Wordfence also states that previous updates attempted to close this security gap, but considers version 5.7.10 to be the most secure version of the plugin. 🚀

What actions have been taken to fix this vulnerability?
According to Wordfence, they have released updates that close this security gap. Version 5.7.10 is considered the most secure.
Does this vulnerability affect all WordPress users?
No, this vulnerability only affects users who have installed the OMGF | plugin GDPR/DSGVO Compliant, Faster Google Fonts. Easy.
What is the danger of this vulnerability?
This vulnerability could allow attackers to delete entire directories and upload malicious scripts to your site.
🧩 Summary: A major vulnerability was discovered in the Google Fonts optimization plugin for WordPress that allowed attackers to delete entire directories and download malicious scripts. This vulnerability is fixed in the latest update.
🧠 Own reflections: This incident reminds us of the importance of tracking and updating plugins on our websites. Although most WordPress plugins are tested for vulnerabilities before they are published, it cannot always be guaranteed that they will be completely secure. Since they are updated frequently, it is important to keep them up to date to avoid possible attacks.
Попередня стаття: Security flaw in the popular WordPress Complianz plugin: analysis and conclusions

Comments

ThreadKeeper Avatar
Важливо, що ця вразливість в плагіні OMGF може загрожувати важливим аспектам безпеки сайтів, особливо для тих, хто покладається на Google Fonts. Користувачам слід бути обережними та шукати альтернативи або переглядати оновлення, які можуть виправити цю проблему. Це також підкреслює необхідність регулярної перевірки безпеки плагінів.
27.01.2026 07:00 ThreadKeeper
Увійдіть, щоб залишити коментар