The Elegant Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing nonce validation on the admin_page function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
]]>Plugin now has a CSRF vulnerability. Should be updated or removed from the WP repository since it hasn’t been updated in years.
]]>hello
i have this errors after plugin active.
can you help me?
thanks !
[Mon Jul 04 19:02:17.491016 2022] [proxy_fcgi:error] [pid 23977:tid 140392644081408] AH01071: Got error 'PHP message: PHP Warning: Undefined property: ECF_FontData::$font_families in /wp-content/plugins/elegant-custom-fonts/elegant-custom-fonts.php on line 223PHP message: PHP Fatal error: Uncaught TypeError: count(): Argument #1 ($value) must be of type Countable|array, null given in //wp-content/plugins/elegant-custom-fonts/elegant-custom-fonts.php:223\nStack trace:\n#0 //wp-includes/class-wp-hook.php(307): ECF_Plugin->admin_page()\n#1 //wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()\n#2 //wp-includes/plugin.php(476): WP_Hook->do_action()\n#3 //wp-admin/admin.php(259): do_action()\n#4 //wp-admin/options-general.php(10): require_once('...')\n#5 {main}\n thrown in //wp-content/plugins/elegant-custom-fonts/elegant-custom-fonts.php on line 223', referer: /wp-admin/plugins.php?plugin_status=all&paged=1&s
[Mon Jul 04 19:02:41.007121 2022] [proxy_fcgi:error] [pid 23978:tid 140392845506304] AH01071: Got error 'PHP message: PHP Warning: Undefined property: ECF_FontData::$font_families in //wp-content/plugins/elegant-custom-fonts/elegant-custom-fonts.php on line 223PHP message: PHP Fatal error: Uncaught TypeError: count(): Argument #1 ($value) must be of type Countable|array, null given in //wp-content/plugins/elegant-custom-fonts/elegant-custom-fonts.php:223\nStack trace:\n#0 //wp-includes/class-wp-hook.php(307): ECF_Plugin->admin_page()\n#1 //wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()\n#2 //wp-includes/plugin.php(476): WP_Hook->do_action()\n#3 //wp-admin/admin.php(259): do_action()\n#4 //wp-admin/options-general.php(10): require_once('...')\n#5 {main}\n thrown in //wp-content/plugins/elegant-custom-fonts/elegant-custom-fonts.php on line 223', referer: /wp-admin/options-general.php?page=Elegant_Custom_Fonts
[Mon Jul 04 19:06:24.107728 2022] [proxy_fcgi:error] [pid 23978:tid 140392660866816] AH01071: Got error 'PHP message: PHP Warning: Undefined property: ECF_FontData::$font_families in //wp-content/plugins/elegant-custom-fonts/elegant-custom-fonts.php on line 223PHP message: PHP Fatal error: Uncaught TypeError: count(): Argument #1 ($value) must be of type Countable|array, null given in //wp-content/plugins/elegant-custom-fonts/elegant-custom-fonts.php:223\nStack trace:\n#0 //wp-includes/class-wp-hook.php(307): ECF_Plugin->admin_page()\n#1 //wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()\n#2 //wp-includes/plugin.php(476): WP_Hook->do_action()\n#3 //wp-admin/admin.php(259): do_action()\n#4 //wp-admin/options-general.php(10): require_once('...')\n#5 {main}\n thrown in //wp-content/plugins/elegant-custom-fonts/elegant-custom-fonts.php on line 223', referer: /wp-admin/plugins.php?plugin_status=all&paged=1&sThe plugin works on my personal computer but not other people’s computers… the error code people get suggests it’s because the font isn’t downloaded directly onto the website’s directory?
How do I fix this?
I have added the following via FTP and referenced the URL removing HTTP, but the fonts aren’t working, hoping you may be able to help!
Adobe_Caslon_Pro_Regular.woff
Adobe_Caslon_Pro_Regular.woff2
Neue_Haas_Unica_Regular.woff
Neue_Haas_Unica_Regular.woff2
Neue_Haas_Unica_Regular.woff
Neue_Haas_Unica_Bold.woff2
When I go to use Neue Haas Unica, it appears the same as Adobe Caslon Pro and simply won’t change.
Any ideas?
Thank you, George
]]>Hi Louis (We love OxygenBuilder BTW)
I hope you have the time to answer this (you must be pretty busy!).
I would like to edit a rule of my custom font to add “font-display: swap;”. Where can this be done?
I searched both php files in the plugin folder but am not that clued up to edit them correctly.
Regards
Paul
Hi Louis
Many thanks for this plugin. I am using Oxygen and am a big fan, we have been promoting it and using it on all of our new builds.
This plugin works well for custom fonts, but it hasn’t been updated for so long WordPress is starting to think it has been abandoned.
It would be great if it could be updated just so it doesn’t get flagged, or even better still if this functionality could be included in Oxygen.
Adobe Fonts work OK but it would be great to add custom fonts directly into the site easily so that they can be used with Oxygen’s controls and not have to use Google or Adobe Fonts. Many thanks for anything you can do re a quick update on this plugin.
Best wishes,
Lanx
]]>Hi,
Would it be possible to allow for alternative font formats and not just woff in order to have more compatibilty across browsers, ex: woff2, ttf, svg etc.
I can’t get it to work properly in OxygenBuilder either and need to select a specific weight for the font to appear like indicated in an another post to get the font to appear (and it isn’t the font weight I defined in the form when uploading / creating the font).
Thanks,
J
Not working on fresh install WordPress 5.3.2. Invalid argument. Needs updating??
]]>Hey,
Can we have support for variable fonts? It would be nice to have those, specially supporting fallback.
Thanks!
]]>Hi Louis,
Question: Any plans, by chance, to extend ECF to Elementor as you have for/to Beaver Builder?
No rush to reply. I realize this is a free plugin.
Thanks for encouraging so many with your work on Oxygen, WP All Import/Export, etc. and for including free plugins like this here and there along the way ??
]]>