[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4xWpZCP9ouYkoehTrIU_0-LXRxHQ5P1nlk50gXvYt7Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":137,"fingerprints":210},"avatarplus","AvatarPlus","0.4","Ralf Albert","https:\u002F\u002Fprofiles.wordpress.org\u002Fralf-albert\u002F","\u003Cp>AvatarPlus allows users to use the avatar from a social service of their choice (supports: Google+, Twitter and Facebook) as their comments avatar instead of the default from the Gravatar service or your WordPress installation. More and more users avoid typing in their mail address and instead just want to hand out their social profile URL. AvatarPlus adds this feature to WordPress comments, thus making the mail address field not required anymore for displaying an avatar image.\u003C\u002Fp>\n\u003Cp>Flexibility for a maximum number of use cases: The plugin allows to either add a new field to the comments section or just use the homepage URL field for the social profile URL. AvatarPlus also recognizes redirects and is able to work with most URL-shortening services like bit.ly or goo.gl.\u003C\u002Fp>\n\u003Cp>Environment friendly: AvatarPlus cares about your resources and uses a simple caching mechanism to save the avatar links directly and therefore reducing the number of HTTP requests to a minimum and serving your sites comments section as fast as possible.\u003C\u002Fp>\n\u003Cp>Maximum code quality: Every single line of code is written with WordPress “Best Practice” in mind to serve you only the highest quality product.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>AvatarPlus uses a simple caching mechanism. In some countries, webmaster have to declare if the webpage stores personal data about the user. AvatarPlus stores the following data:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The URL which the users entered into the comment form.\u003C\u002Fli>\n\u003Cli>The profile URL to their social network profile, if the URL (which the user entered) redirects to their respective profile URL.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The URL of the profile image they use on the social network.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This data will be stored until an expiration is set in the backend\u002Fadministration interface.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>The expiration can divert (depending on your settings).\u003C\u002Fli>\n\u003Cli>The check whether the plugin needs to delete. any data will be run once a day. For further details see the internal mechanisms of the plugin in its source code.\u003C\u002Fli>\n\u003C\u002Ful>\n","AvatarPlus allows users to use their profile image from Google+, Facebook or Twitter as avatar for their comment(s). AvatarPlus requires PHP v5.3+",10,2238,0,"2013-02-24T10:25:00.000Z","3.5.2","3.5","",[19,20],"avatar","comments","http:\u002F\u002Fyoda.neun12.de","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Favatarplus.0.4.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"ralf-albert",3,120,30,84,"2026-04-05T15:31:35.474Z",[35,56,77,99,119],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":29,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"gravatar-enhanced","Gravatar Enhanced – Avatars, Profiles, and Privacy","0.13.0","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>Elevate your WordPress site with Gravatar Enhanced – the plugin that simplifies digital identity and improves user engagement.\u003C\u002Fp>\n\u003Cp>Seven Ways Gravatar Enhanced Improves WordPress:\u003C\u002Fp>\n\u003Cp>✓ Privacy Protection – Automatic referrer blocking and optional IP address proxy\u003Cbr \u002F>\n✓ Accessibility Improvements – Alt-text for all avatars to support screen readers\u003Cbr \u002F>\n✓ One-Click Profile Updates – Edit Gravatar directly from the WordPress dashboard\u003Cbr \u002F>\n✓ Versatile Profile Block & Patterns – Showcase authors and team members anywhere\u003Cbr \u002F>\n✓ Comment Engagement Tools – Remind users to create avatars for better discussions\u003Cbr \u002F>\n✓ Comment Form Integration – Show Gravatar directly in the comment form\u003Cbr \u002F>\n✓ WooCommerce Integration – Personalized account pages for customers\u003C\u002Fp>\n\u003Ch3>Privacy Protection\u003C\u002Fh3>\n\u003Cp>Just by enabling the plugin, the plugin ensures that no referrer information is sent to Gravatar. The opt-in proxy service also keeps IP addresses from being exposed or logged.\u003C\u002Fp>\n\u003Ch3>Accessibility Improvements\u003C\u002Fh3>\n\u003Cp>All avatars now include alt-text, enhancing the experience for users with screen readers. Alt-text can be edited in the Gravatar Profile editor.\u003C\u002Fp>\n\u003Ch3>One-Click Profile Updates\u003C\u002Fh3>\n\u003Cp>Visit Users > Your Profile to edit your Gravatar profile directly from WordPress. Preview your hovercard and make updates with ease.\u003C\u002Fp>\n\u003Ch3>Gravatar Profile Block & Patterns\u003C\u002Fh3>\n\u003Cp>Enhance your website with our custom Gravatar profile block and patterns. Seamlessly integrate Gravatar profiles into posts, pages, or biographies to elegantly showcase team members, guest contributors, speakers, event attendees, authors, and more.\u003C\u002Fp>\n\u003Ch3>Comment Engagement Tools\u003C\u002Fh3>\n\u003Cp>Automatically remind commenters without avatars to create a Gravatar, increasing visual engagement on your blog.\u003C\u002Fp>\n\u003Ch3>Comment Form Integration\u003C\u002Fh3>\n\u003Cp>When the plugin is enabled we will show a Gravatar profile directly in the comment form, and allow the profile to be updated, so users can feel confident their details are correct, and the site shows richer comments.\u003C\u002Fp>\n\u003Ch3>WooCommerce Integration\u003C\u002Fh3>\n\u003Cp>Enhance your WooCommerce store by displaying user Gravatar avatars on the My Account page. Customers can view and update their avatars directly from their account dashboard, improving personalization and user engagement.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Seamless Integration: Automatically works if WooCommerce is installed and activated.\u003C\u002Fli>\n\u003Cli>Direct Avatar Management: Users can change their Gravatar avatars without leaving your site.\u003C\u002Fli>\n\u003Cli>Improved Personalization: Adds a personal touch to the shopping experience, fostering customer loyalty.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Automatic Installation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Click ‘Add New Plugin’ from your WordPress plugins page and search for ‘Gravatar Enhanced’\u003C\u002Fli>\n\u003Cli>Press the ‘Install Now’ button\u003C\u002Fli>\n\u003Cli>Activate the plugin\u003C\u002Fli>\n\u003Cli>Go to the “Discussion” Settings page to enable the new features.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manual Installation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgravatar-enhanced\u002F\u003C\u002Fli>\n\u003Cli>Upload and extract the plugin to your \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Go to the “Discussion” Settings page to enable the new features.\u003C\u002Fli>\n\u003C\u002Fol>\n","The official Gravatar plugin, featuring privacy-focused settings, easy profile updates, and customizable Gravatar Profile blocks.",90000,31841,100,"2025-10-07T09:31:00.000Z","6.8.5","6.6","7.4",[19,20,51,52,53],"privacy","profile","profile-picture","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fgravatar-enhanced\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravatar-enhanced.0.13.0.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":49,"tags":71,"homepage":75,"download_link":76,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"better-recent-comments","Better Recent Comments","1.2.0","Kestrel","https:\u002F\u002Fprofiles.wordpress.org\u002Fkestrelwp\u002F","\u003Cp>The default Recent Comments widget is somewhat limited. Better Recent Comments improves on this by providing a more flexible widget with options to show the user’s actual comment, as well as show avatars and the ability to show or hide the comment date.\u003C\u002Fp>\n\u003Cp>As well as the widget, there’s a handy shortcode you can use to display your recent comments. This is useful if you need to display comments somewhere other than your sidebar or footer, such as on your homepage. Simply add the shortcode \u003Ccode>[better_recent_comments]\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>That’s not all! The plugin is also WPML compatible, which means that the comments will be restricted to those in the current language. The default WordPress widget will list all recent comments, regardless of language, so you might end up with comments for German-language posts in the sidebar of your English site. Better Recent Comments solves this and makes sure the comments are for the current language only.\u003C\u002Fp>\n\u003Cp>Translations currently provided in Spanish, French and Italian.\u003C\u002Fp>\n\u003Cp>View the full \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002Fkb-categories\u002Fbetter-recent-comments-kb\u002F\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa> in our Knowledge Base.\u003C\u002Fp>\n\u003Cp>Options available with the shortcode:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>format\u003C\u002Fcode> – the format of each recent comment. This option uses ‘placeholders’ which are substituted with the actual data when the comments are displayed. See the FAQs for details.\u003C\u002Fli>\n\u003Cli>\u003Ccode>number\u003C\u002Fcode> – the number of comments to display. Default: 5 comments\u003C\u002Fli>\n\u003Cli>\u003Ccode>date_format\u003C\u002Fcode> – the date and time format to use. Like WordPress, this uses a PHP date format. It defaults to ‘M j, H:i’. See \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002FPHP-Date-Format.pdf\" rel=\"nofollow ugc\">this cheat sheet\u003C\u002Fa> for a full list of date and time options.\u003C\u002Fli>\n\u003Cli>\u003Ccode>avatar_size\u003C\u002Fcode> – the size of the avatar in pixels. Only used if you have included {avatar} in your comment format (see ‘format’ option). Default: 50\u003C\u002Fli>\n\u003Cli>\u003Ccode>post_status\u003C\u002Fcode> – the status of posts to retrieve comments for. Defaults to ‘publish’. Can be a single status or a comma-separated list, or ‘any’ to show comments for all post statuses.\u003C\u002Fli>\n\u003Cli>\u003Ccode>post_type\u003C\u002Fcode> – the post type to retrieve comments for. Accepts a single or multiple post types (e.g. ‘post’ or ‘post, dlp_document’) or ‘any’ to show comments for all post types. Default: ‘any’\u003C\u002Fli>\n\u003Cli>\u003Ccode>excerpts\u003C\u002Fcode> – set to ‘true’ to show an excerpt of the comment (limited to 20 words), or ‘false’ to show the full comment. Default: true\u003C\u002Fli>\n\u003Cli>\u003Ccode>replies\u003C\u002Fcode> – set to ‘true’ to also show responses to comments, or ‘false’ to only see the top level comments. Default: true\u003C\u002Fli>\n\u003C\u002Ful>\n","Provides an improved Recent Comments widget and a shortcode to display your recent comments on any post or page.",3000,66663,92,17,"2024-03-28T02:06:00.000Z","6.5.8","6.0",[19,20,72,73,74],"shortcode","widget","wpml","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetter-recent-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-recent-comments.1.2.0.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":97,"download_link":98,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"comments-widget-plus","Recent Comments Widget Plus","1.3","Ga Satrya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatrya\u002F","\u003Cp>This plugin will enable a custom and advanced \u003Cstrong>recent comments widget\u003C\u002Fstrong>. Allows you to display a list of the most recent comments with avatar and excerpt, you can also choose which to show newer comments first or older comments first and choose comments from any post type.\u003C\u002Fp>\n\u003Ch4>Support this project\u003C\u002Fh4>\n\u003Cp>If you are enjoying this plugin. I would appreciate a cup of coffee to help me keep coding and supporting the project! \u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fsatrya\" rel=\"nofollow ugc\">Support & donate\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display avatar with customizable size.\u003C\u002Fli>\n\u003Cli>Display comment excerpt with customizable length.\u003C\u002Fli>\n\u003Cli>Exclude pingback & trackback\u003C\u002Fli>\n\u003Cli>Post type option.\u003C\u002Fli>\n\u003Cli>Offset option.\u003C\u002Fli>\n\u003Cli>Option to choose the comments order.\u003C\u002Fli>\n\u003Cli>Allows you to set title url.\u003C\u002Fli>\n\u003Cli>Custom CSS class.\u003C\u002Fli>\n\u003Cli>Multiple widgets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fcomments-widget-plus\u002F\" rel=\"nofollow ugc\">Translate to your language\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Contribute or submit issues on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsatrya\u002Fcomments-widget-plus\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Provides custom recent comments widget with extra features such as display avatar, comment excerpt and much more!",2000,49264,94,20,"2022-10-26T16:06:00.000Z","6.1.10","5.8","7.2",[19,94,95,96,73],"excerpt","recent-comments","recent-comments-widget","https:\u002F\u002Fidenovasi.com\u002Fprojects\u002Fcomments-widget-plus\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-widget-plus.1.3.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":85,"downloaded":107,"rating":87,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":17,"tags":112,"homepage":117,"download_link":118,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"wp-first-letter-avatar","WP First Letter Avatar","2.2.8","DanielAGW","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielagw\u002F","\u003Cp>WP First Letter Avatar \u003Cstrong>sets custom avatars for users without Gravatar\u003C\u002Fstrong>. The avatar will be a first letter of the user’s name. You can also configure the plugin to use any other letter to set custom avatar.\u003C\u002Fp>\n\u003Cp>WP First Letter Avatar includes a set of \u003Cstrong>beautiful, colorful letter avatars\u003C\u002Fstrong> in many sizes. Optimal size will be chosen by the plugin in order to display high quality avatar and not download, for example, big 512px avatars when only 48px is needed… \u003Cstrong>PSD template\u003C\u002Fstrong> for avatar is also included.\u003C\u002Fp>\n\u003Cp>You can also create your own avatar set by creating new directory next to \u003Cem>‘default’\u003C\u002Fem> folder and following the naming convention from \u003Cem>‘default’\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>By default, custom avatar will be set only to users without Gravatars, but you can change that in settings and not use Gravatar at all.\u003C\u002Fp>\n\u003Cp>WP First Letter Avatar helps you \u003Cstrong>bring more colors\u003C\u002Fstrong> into your blog. Plus, your readers will be more \u003Cstrong>willing to comment on your posts\u003C\u002Fstrong>, since they can actually relate to these avatars much better than to Mystery Person.\u003C\u002Fp>\n\u003Cp>All images were compressed using the fantastic \u003Ca href=\"https:\u002F\u002Ftinypng.com\u002F\" rel=\"nofollow ugc\">TinyPNG\u003C\u002Fa>, so avatars are \u003Cstrong>incredibly light and ultra-high quality\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>WP First Letter Avatar is also available \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDev49net\u002Fwp-first-letter-avatar\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Compatibility with other plugins\u003C\u002Fh4>\n\u003Cp>WP First Letter Avatar is fully compatible with \u003Ca href=\"https:\u002F\u002Fbbpress.org\u002F\" rel=\"nofollow ugc\">bbPress\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.gvectors.com\u002Fwpdiscuz\u002F\" rel=\"nofollow ugc\">wpDiscuz\u003C\u002Fa>. For \u003Ca href=\"https:\u002F\u002Fbuddypress.org\u002F\" rel=\"nofollow ugc\">BuddyPress\u003C\u002Fa> compatibility please use my other plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress-first-letter-avatar\u002F\" rel=\"ugc\">BuddyPress First Letter Avatar\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>WP First Letter Avatar requires at least PHP 5.4. It \u003Cstrong>does not work properly\u003C\u002Fstrong> on PHP 5.3.x and earlier.\u003C\u002Fp>\n","Set custom avatars for users with no Gravatar. The avatar will be the first (or any other) letter of user's name on a colorful background.",67403,33,"2017-03-11T22:26:00.000Z","4.7.32","4.6",[113,114,20,115,116],"avatars","change-avatar","custom-avatar","discussion","http:\u002F\u002Fdev49.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-first-letter-avatar.zip",{"slug":120,"name":121,"version":80,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":45,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":17,"tags":132,"homepage":135,"download_link":136,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"easygravatars","Easy Gravatars","Dougal Campbell","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougal\u002F","\u003Cp>This plugin allows you to automatically add Gravatars for commenters to your\u003Cbr \u002F>\ntheme, if your theme does not already support them.\u003C\u002Fp>\n\u003Cp>According to the Gravatar.com website, Gravatars are Globally Recognized\u003Cbr \u002F>\nAvatars, or an “avatar image that follows you from weblog to weblog\u003Cbr \u002F>\nappearing beside your name when you comment on gravatar enabled sites.”\u003Cbr \u002F>\nYou register with the Gravatar server, and upload an image which you will\u003Cbr \u002F>\nuse as your avatar. The gravatar image is keyed to your email address, so\u003Cbr \u002F>\nthat it is unique to you.\u003C\u002Fp>\n\u003Cp>This plugin will display gravatars for the people who comment on your posts.\u003Cbr \u002F>\nYou do not need to modify any of your template files — just activate the\u003Cbr \u002F>\nplugin, and it will add gravatars to your comments template automatically.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Based on a code snippet from Matt Mullenweg:\u003Cbr \u002F>\n  http:\u002F\u002Fphotomatt.net\u002F2007\u002F10\u002F20\u002Fgravatar-enabled\u002F\u003Cbr \u002F>\n  http:\u002F\u002Fpastebin.ca\u002F743979\u003C\u002Fp>\n\u003Cp>Props to David Potter for pointing out that Gravatar normalizes email\u003Cbr \u002F>\naddresses to lowercase before hashing with MD5:\u003Cbr \u002F>\n  http:\u002F\u002Fdpotter.net\u002FTechnical\u002Findex.php\u002F2007\u002F10\u002F22\u002Fintegrating-gravatar-support\u002F\u003C\u002Fp>\n","Add Gravatars to your comments without modifying any template files. Just activate, and you're done!",200,64590,1,"2010-01-14T15:36:00.000Z","3.0.5","2.0.4",[19,113,20,133,134],"gravatar","gravatars","http:\u002F\u002Fdougal.gunters.org\u002Fplugins\u002Feasy-gravatars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasygravatars.1.3.zip",{"attackSurface":138,"codeSignals":179,"taintFlows":198,"riskAssessment":199,"analyzedAt":209},{"hooks":139,"ajaxHandlers":173,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":13,"unprotectedCount":13},[140,146,150,155,159,162,165,168,171],{"type":141,"name":142,"callback":143,"priority":128,"file":144,"line":145},"action","admin_init","settings_api_init","avatarplus\\backend\\backend.php",73,{"type":141,"name":147,"callback":148,"priority":11,"file":144,"line":149},"admin_menu","add_menu_page",74,{"type":141,"name":151,"callback":152,"priority":11,"file":153,"line":154},"plugins_loaded","anonymous","avatarplus.php",40,{"type":156,"name":157,"callback":152,"file":153,"line":158},"filter","comment_form_defaults",157,{"type":141,"name":160,"callback":152,"priority":11,"file":153,"line":161},"comment_post",163,{"type":156,"name":163,"callback":152,"priority":11,"file":153,"line":164},"get_avatar",173,{"type":141,"name":166,"callback":152,"file":153,"line":167},"wp",187,{"type":141,"name":169,"callback":152,"file":153,"line":170},"avatarplus_cleanup_cache",193,{"type":141,"name":172,"callback":152,"priority":11,"file":153,"line":126},"wp_footer",[],[],[],[177],{"hook":169,"callback":169,"file":153,"line":178},413,{"dangerousFunctions":180,"sqlUsage":181,"outputEscaping":184,"fileOperations":128,"externalRequests":185,"nonceChecks":13,"capabilityChecks":185,"bundledLibraries":197},[],{"prepared":182,"raw":13,"locations":183},8,[],{"escaped":185,"rawEcho":186,"locations":187},2,4,[188,191,193,195],{"file":144,"line":189,"context":190},287,"raw output",{"file":144,"line":192,"context":190},309,{"file":144,"line":194,"context":190},387,{"file":196,"line":88,"context":190},"wordpress\\tools.php",[],[],{"summary":200,"deductions":201},"The \"avatarplus\" v0.4 plugin exhibits a generally strong security posture based on the static analysis.  The absence of AJAX handlers, REST API routes, and shortcodes significantly limits the plugin's attack surface.  Furthermore, all SQL queries utilize prepared statements, which is an excellent practice for preventing SQL injection vulnerabilities.  The plugin also demonstrates some awareness of output escaping, although the coverage is not comprehensive.\n\nHowever, there are a few areas for concern. The plugin lacks any nonce checks, which is a critical omission for any WordPress plugin, especially those that might interact with user input or perform actions.  The limited capability checks (only 2) suggest that access control might not be robust enough in certain areas.  The 33% output escaping rate also indicates that some sensitive data might be exposed to cross-site scripting (XSS) attacks.  The single file operation and external HTTP requests, while not inherently risky, warrant careful review to ensure they are handled securely.\n\nThe vulnerability history of zero known CVEs is a positive indicator. This suggests either the plugin has been well-developed and tested, or it has not been a target of widespread security research.  However, the absence of vulnerabilities in the past does not guarantee future security, especially given the identified areas of potential weakness in the current static analysis.",[202,204,207],{"reason":203,"points":11},"Missing nonce checks",{"reason":205,"points":206},"Low output escaping coverage (33%)",5,{"reason":208,"points":29},"Limited capability checks (2)","2026-03-17T01:00:13.350Z",{"wat":211,"direct":220},{"assetPaths":212,"generatorPatterns":215,"scriptPaths":216,"versionParams":217},[213,214],"\u002Fwp-content\u002Fplugins\u002Favatarplus\u002Fassets\u002Fcss\u002Favatarplus.css","\u002Fwp-content\u002Fplugins\u002Favatarplus\u002Fassets\u002Fjs\u002Favatarplus.js",[],[214],[218,219],"avatarplus\u002Fassets\u002Fcss\u002Favatarplus.css?ver=","avatarplus\u002Fassets\u002Fjs\u002Favatarplus.js?ver=",{"cssClasses":221,"htmlComments":223,"htmlAttributes":224,"restEndpoints":228,"jsGlobals":229,"shortcodeOutput":230},[222],"avatarplus_labeltext",[],[225,226,227],"for=\"avatarplus_profile_url\"","name=\"avatarplus_profile_url\"","id=\"avatarplus_profile_url\"",[],[],[]]