Does AM-Avatar have any unpatched vulnerabilities?

No. All known vulnerabilities in AM-Avatar have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AM-Avatar compatible with WordPress 6.9.4?

According to WordPress.org data, AM-Avatar 1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is AM-Avatar compatible with PHP 7.4+?

AM-Avatar requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AM-Avatar updated?

AM-Avatar was last updated on Unknown. Frequent updates are generally a positive security signal.

What is AM-Avatar's security score?

AM-Avatar has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AM-Avatar Security & Risk Analysis

wordpress.org/plugins/am-avatar

High-performance avatar management with automatic WebP conversion and custom directory integration.

10 active installs v1.0 PHP 7.4+ WP 5.8+ Updated Unknown

avatarprofile-pictureuploaduser-profilewebp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is AM-Avatar Safe to Use in 2026?

Generally Safe

Score 100/100

AM-Avatar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

Based on the static analysis and vulnerability history, the "am-avatar" v1.0 plugin exhibits a strong security posture. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code signals indicate good development practices, with 100% of SQL queries utilizing prepared statements, a high percentage of output being properly escaped, and the presence of nonce and capability checks. The taint analysis showing zero flows with unsanitized paths further strengthens this assessment.

The vulnerability history is also extremely positive, with no known CVEs, unpatched vulnerabilities, or common vulnerability types recorded. This suggests a history of secure development and maintenance. The single file operation is not inherently a concern without further context, but it's the only potential area to monitor if more detailed analysis were possible. Overall, this plugin appears to be developed with security in mind, showing a commitment to robust coding practices and a clean security track record.

Vulnerabilities

None known

AM-Avatar Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

AM-Avatar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped11 total outputs

Attack Surface

AM-Avatar Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionuser_edit_form_tagam-avatar.php:17

actionadmin_enqueue_scriptsam-avatar.php:22

actionadmin_menuam-avatar.php:45

actionadmin_initam-avatar.php:75

actionshow_user_profileam-avatar.php:109

actionedit_user_profileam-avatar.php:110

actionpersonal_options_updateam-avatar.php:143

actionedit_user_profile_updateam-avatar.php:144

filterupload_diram-avatar.php:199

filterget_avataram-avatar.php:238

Maintenance & Trust

AM-Avatar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads115

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

AM-Avatar Alternatives

CodeablePress: Simple Frontend Profile Picture Upload

codeablepress-simple-frontend-profile-picture-upload

A simple, lightweight, and secure way for users to upload profile pictures directly from the WooCommerce My Account page or via shortcode.

100 1 unpatched

Custom Profile Picture – Replace Gravatar with Your Own Images

custom-profile-picture

100

Replace default Gravatars with custom profile pictures! Upload from media library or device. Bulk manage all users from one beautiful admin page.

70 No CVEs

GITST CUSTOM AVATAR

gitst-custom-avatar-user-profile-pictures-manager

Set custom AVATAR (User Profile Image) and store avatars into Database as base64 string.

60 No CVEs

author_avatar

author-avatar

Add an upload field in the user profile admin to add a custom profile picture into usermeta table.

30 No CVEs

ChargeWP – Front End Avatar Upload

chargewp-front-end-avatar-upload

100

Change your profile picture instantly from the front end. Simple, fast, and built to feel like part of WordPress.

20 No CVEs

Developer Profile

AM-Avatar Developer Profile

amdevbro

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect AM-Avatar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/am-avatar/

HTML / DOM Fingerprints

CSS Classes

am-avatar-rowam-avatar_clean_on_uninstall_field

Data Attributes

name="am_avatar_delete"id="am_avatar_file"name="am_avatar_file"id="am-avatar-row"name="am_avatar_clean_on_uninstall"name="am_avatar_nonce"+1 more

JS Globals

window.jQuery

FAQ