cleantalk
Vulnerabilities and Security Researches

Custom Fonts – Host Your Fonts Locally, PSC-2026-64660

PSC, Research URL

PSC-2026-64660

Home page URL

Security reports for Custom Fonts – Host Your Fonts Locally

Application

Custom Fonts – Host Your Fonts Locally

Published on
May 26, 2026
Research Description
Typography plugins appear presentation-oriented, but their core workflows involve file uploads, local asset hosting, generated CSS, editor integration, and front-end output. That combination can become security-sensitive when font files, font names, CSS rules, and generated asset paths are accepted from administrators or imported from external providers. Custom Fonts version 2.1.17 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64660, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for local font hosting and typography customization plugins.
Affected versions
Min 2.1.17, max 2.1.17.
Status
SAFE & CERTIFIED
Previous vulnerability researches
Fonts Manager | Custom Fonts (CVE-2025-31578) , Apr 04, 2025
Fonts Manager | Custom Fonts (CVE-2026-1800) , Apr 13, 2026
Elegant Custom Fonts (CVE-2023-27436) , Jun 07, 2024
Custom Fonts – Host Your Fonts Locally , May 26, 2026
Custom Fonts – Host Your Fonts Locally (CVE-2024-1332) , Jun 07, 2024
New vulnerability
WP Activity Log (CVE-2026-45435) , May 26, 2026
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2026-48837) , May 26, 2026
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode , May 26, 2026
Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels , May 26, 2026
Enable Media Replace , May 26, 2026