[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjcSROmmEm2urkyGBQRaBb5G_PkkNH2Mx2evItrBAOJI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":133,"fingerprints":219},"buddypress-first-letter-avatar","BuddyPress First Letter Avatar","2.2.8","DanielAGW","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielagw\u002F","\u003Cp>BuddyPress First Letter Avatar \u003Cstrong>sets custom avatars for users without profile picture or Gravatar\u003C\u002Fstrong>. The avatar will be a first letter of user’s name. You can also configure plugin to use any other letter to set custom avatar.\u003C\u002Fp>\n\u003Cp>BuddyPress First Letter Avatar is based on my other plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-first-letter-avatar\u002F\" rel=\"ugc\">WP First Letter Avatar\u003C\u002Fa>. BuddyPress First Letter Avatar is basically the same thing, but programmed to work with BuddyPress.\u003C\u002Fp>\n\u003Cp>BuddyPress First Letter Avatar includes a set of \u003Cstrong>beautiful, colorful letter avatars\u003C\u002Fstrong> in many sizes. Optimal size will be chosen by the plugin in order to display high quality avatar and not download, for example, big 512px avatars when only 48px is needed… \u003Cstrong>PSD template\u003C\u002Fstrong> for avatar is also included.\u003C\u002Fp>\n\u003Cp>You can also create your own avatar set by creating new directory next to \u003Cem>‘default’\u003C\u002Fem> folder and following the naming convention from \u003Cem>‘default’\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>By default, custom avatar will be set only to users without profile pictures and Gravatars, but you can change that in settings and not use Gravatar\u002Fprofile pictures at all.\u003C\u002Fp>\n\u003Cp>BuddyPress First Letter Avatar helps you \u003Cstrong>bring more colors into your BuddyPress site\u003C\u002Fstrong>. Plus, your users will be more \u003Cstrong>willing to actively participate in your site\u003C\u002Fstrong> since they can actually relate to these avatars much better than to the Mystery Person.\u003C\u002Fp>\n\u003Cp>All images were compressed using the fantastic \u003Ca href=\"https:\u002F\u002Ftinypng.com\u002F\" rel=\"nofollow ugc\">TinyPNG\u003C\u002Fa>, so avatars are \u003Cstrong>incredibly light and ultra-high quality\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Plugin is also available \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDev49net\u002Fbuddypress-first-letter-avatar\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>BuddyPress First Letter Avatar requires at least PHP 5.4. It \u003Cstrong>does not work properly\u003C\u002Fstrong> on PHP 5.3.x and earlier.\u003C\u002Fp>\n","A WordPress-BuddyPress plugin to set fancy custom avatars for users with no Gravatar and no profile picture.",100,29807,98,16,"2017-03-11T22:26:00.000Z","4.7.32","4.6","",[20,21,22,23,24],"avatars","buddypress","comments","custom-avatar","discussion","http:\u002F\u002Fdev49.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-first-letter-avatar.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"danielagw",2,2100,30,84,"2026-04-03T21:08:24.249Z",[40,52,72,94,112],{"slug":41,"name":42,"version":6,"author":7,"author_profile":8,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":49,"homepage":25,"download_link":51,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-first-letter-avatar","WP First Letter Avatar","\u003Cp>WP First Letter Avatar \u003Cstrong>sets custom avatars for users without Gravatar\u003C\u002Fstrong>. The avatar will be a first letter of the user’s name. You can also configure the plugin to use any other letter to set custom avatar.\u003C\u002Fp>\n\u003Cp>WP First Letter Avatar includes a set of \u003Cstrong>beautiful, colorful letter avatars\u003C\u002Fstrong> in many sizes. Optimal size will be chosen by the plugin in order to display high quality avatar and not download, for example, big 512px avatars when only 48px is needed… \u003Cstrong>PSD template\u003C\u002Fstrong> for avatar is also included.\u003C\u002Fp>\n\u003Cp>You can also create your own avatar set by creating new directory next to \u003Cem>‘default’\u003C\u002Fem> folder and following the naming convention from \u003Cem>‘default’\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>By default, custom avatar will be set only to users without Gravatars, but you can change that in settings and not use Gravatar at all.\u003C\u002Fp>\n\u003Cp>WP First Letter Avatar helps you \u003Cstrong>bring more colors\u003C\u002Fstrong> into your blog. Plus, your readers will be more \u003Cstrong>willing to comment on your posts\u003C\u002Fstrong>, since they can actually relate to these avatars much better than to Mystery Person.\u003C\u002Fp>\n\u003Cp>All images were compressed using the fantastic \u003Ca href=\"https:\u002F\u002Ftinypng.com\u002F\" rel=\"nofollow ugc\">TinyPNG\u003C\u002Fa>, so avatars are \u003Cstrong>incredibly light and ultra-high quality\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>WP First Letter Avatar is also available \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDev49net\u002Fwp-first-letter-avatar\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Compatibility with other plugins\u003C\u002Fh4>\n\u003Cp>WP First Letter Avatar is fully compatible with \u003Ca href=\"https:\u002F\u002Fbbpress.org\u002F\" rel=\"nofollow ugc\">bbPress\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.gvectors.com\u002Fwpdiscuz\u002F\" rel=\"nofollow ugc\">wpDiscuz\u003C\u002Fa>. For \u003Ca href=\"https:\u002F\u002Fbuddypress.org\u002F\" rel=\"nofollow ugc\">BuddyPress\u003C\u002Fa> compatibility please use my other plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress-first-letter-avatar\u002F\" rel=\"ugc\">BuddyPress First Letter Avatar\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>WP First Letter Avatar requires at least PHP 5.4. It \u003Cstrong>does not work properly\u003C\u002Fstrong> on PHP 5.3.x and earlier.\u003C\u002Fp>\n","Set custom avatars for users with no Gravatar. The avatar will be the first (or any other) letter of user's name on a colorful background.",2000,67403,94,33,[20,50,22,23,24],"change-avatar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-first-letter-avatar.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":11,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":70,"download_link":71,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"jennystudio-identicons","JennyStudio Identicons","1.3","Brain1981@JennyStudio","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrain1981\u002F","\u003Cp>\u003Cstrong>JennyStudio Identicons\u003C\u002Fstrong> Is a lightweight plug-in that generates Material Design-style avatars based on user names. It automatically replaces WordPress’s default “mystery man” avatars, BuddyPress user avatars, and bbPress forum avatars without relying on Gravatar.\u003C\u002Fp>\n\u003Cp>Main functions:\u003Cbr \u002F>\n– \u003Cstrong>Material Design Styles\u003C\u002Fstrong> – Generates beautiful, consistent vector avatars.\u003Cbr \u002F>\n– \u003Cstrong>Color configurable\u003C\u002Fstrong> – Avatar colors are configurable.\u003Cbr \u002F>\n– \u003Cstrong>Seamless integration\u003C\u002Fstrong> – Compatible with WordPress Core, BuddyPress and bbPress.\u003Cbr \u002F>\n– \u003Cstrong>Disable Gravatar\u003C\u002Fstrong> – Avoid privacy issues and improve loading speed, especially for users in the mainland of China to avoid page jams caused by Gravatar loading.\u003Cbr \u002F>\n– \u003Cstrong>Base64 inline image\u003C\u002Fstrong> – Without additional HTTP requests, avatars are directly embedded in HTML.\u003C\u002Fp>\n","Replace the default Gravatar avatars on WordPress, BuddyPress, and bbPress with Material Design-style Identicons avatars.",20,478,1,"2025-07-05T07:46:00.000Z","6.8.5","5.2","7.2",[20,68,21,23,69],"bbpress","identicons","https:\u002F\u002Fwww.becomingjenny.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjennystudio-identicons.1.3.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":64,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":18,"download_link":91,"security_score":92,"vuln_count":34,"unpatched_count":28,"last_vuln_date":93,"fetched_at":30},"no-page-comment","No Page Comment","1.3.1","Seth Alling","https:\u002F\u002Fprofiles.wordpress.org\u002Fsethta\u002F","\u003Cp>Up until recently, WordPress gave two options: You could either disable comments and trackbacks by default for all pages and posts, or you could have them active by default. In WordPress version 4.3, this finally changed so comments are always disabled on new pages.\u003C\u002Fp>\n\u003Cp>While the new change makes it easier for many of the sites, it make it harder for people who need to get the reverse and enable comments on all pages, or if they need to change the default for a custom post type. This plugin allows you to choose whether comments are enabled or disabled by default on all new posts, pages and custom post types, while still giving the ability to individually enable comments on posts or pages.\u003C\u002Fp>\n\u003Cp>Also, this plugin provides a way to quickly disable all comments or pingbacks for a specific custom post type. It directly interacts with your database to modify the status, so it is highly recommended that you backup your database first. There shouldn’t be any issues using this feature, but it’s always good to play it safe.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsethta\u002Fno-page-comment\" title=\"No Page Comment Development on Github\" rel=\"nofollow ugc\">View No Page Comment Development on Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsethta\u002Fno-page-comment\u002Fissues\" title=\"Report an Issue about No Page Comment on Github\" rel=\"nofollow ugc\">Please Report any Issues about No Page Comment on Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=5WWP2EDSCAJR4\" title=\"Donate to support the No Page Comment Plugin development\" rel=\"nofollow ugc\">Donate to Support No Page Comment Development\u003C\u002Fa>\u003C\u002Fp>\n","An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.",10000,250545,96,23,"2025-11-17T15:09:00.000Z","6.2","7.4",[22,88,24,89,90],"custom-post-types","pages","posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-page-comment.zip",99,"2022-09-21 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":80,"downloaded":102,"rating":11,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":18,"download_link":111,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wpsimpletools-disable-comments","Disable Comments","1.0.4","wordpresssimpletools","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpresssimpletools\u002F","\u003Cp>Completely disables comments functionality from backend and frontend:\u003Cbr \u002F>\n* Hides existing comments\u003Cbr \u002F>\n* Close comments on the front-end\u003Cbr \u002F>\n* Disable support for comments, trackbacks and ping\u003Cbr \u002F>\n* Redirects any user trying to access comments page\u003Cbr \u002F>\n* Removes comments metabox from dashboard\u003Cbr \u002F>\n* Removes comments links from admin bar\u003Cbr \u002F>\n* Removes comments page in menu\u003Cbr \u002F>\n* Completely disables comments API\u003C\u002Fp>\n","Completely disables comments functionality from backend and frontend. Just install it, nothing to configure!",25834,4,"2021-04-14T12:52:00.000Z","5.7.15","4.0","5.0.0",[22,109,24,110],"disable-comments","remove-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpsimpletools-disable-comments.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":122,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":18,"tags":127,"homepage":131,"download_link":132,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"spam-destroyer","Spam Destroyer","2.1.6","Ryan Hellyer","https:\u002F\u002Fprofiles.wordpress.org\u002Fryanhellyer\u002F","\u003Cp>Stops automated spam while remaining as unobtrusive as possible to regular commenters. \u003Ca href=\"https:\u002F\u002Fgeek.hellyer.kiwi\u002Fproducts\u002Fspam-destroyer\u002F\" rel=\"nofollow ugc\">The Spam Destroyer plugin\u003C\u002Fa> is intended to be effortless to use. Simply install, and enjoy a spam free website 🙂\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fusers\u002Fomahoung\u002F\" rel=\"ugc\">omahoung\u003C\u002Fa> – Bug reporting\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fstromhalm\" rel=\"ugc\">Stromhalm\u003C\u002Fa> – Bug reporting\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002F\" rel=\"nofollow ugc\">Donncha O Caoimh\u003C\u002Fa> – Developer of Cookies for Comments, functionality of which is incorporated into Spam Destroyer\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Felliottback.com\u002F\" rel=\"nofollow ugc\">Elliot Back\u003C\u002Fa> – Developer of WP Hashcash, functionality of which is incorporated into Spam Destroyer\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fnettsett.no\u002F\" rel=\"nofollow ugc\">Marte Sollund and Ingvild Evje\u003C\u002Fa> – Bug reporting\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002FeHermitsInc.com\u002F\" rel=\"nofollow ugc\">Brian Layman\u003C\u002Fa> – Code advice\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fronalfy.com\u002F\" rel=\"nofollow ugc\">Ronald Huereca\u003C\u002Fa> – JS advice\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fshawngaffney\" rel=\"nofollow ugc\">Shawn Gaffney\u003C\u002Fa> – Bug reporting\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fkonstruktors.com\u002F\" rel=\"nofollow ugc\">Kaspars Dambis\u003C\u002Fa> – Bug reporting\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.wanderingjon.com\u002F\" rel=\"nofollow ugc\">Jon Brown\u003C\u002Fa> – Added error message filter\u003C\u002Fbr \u002F>\u003C\u002Fli>\n\u003C\u002Ful>\n","Kills spam dead in it's tracks. Be gone evil demon spam!",6000,98562,92,53,"2025-05-01T20:53:00.000Z","6.9.4","5.0",[128,129,21,22,130],"anti-spam","antispam","spam","https:\u002F\u002Fgeek.hellyer.kiwi\u002Fproducts\u002Fspam-destroyer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-destroyer.2.1.6.zip",{"attackSurface":134,"codeSignals":175,"taintFlows":206,"riskAssessment":207,"analyzedAt":218},{"hooks":135,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":28,"unprotectedCount":28},[136,142,146,150,154,159,163,167],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","admin_menu","add_admin_menu","buddypress-first-letter-avatar-config.php",24,{"type":137,"name":143,"callback":144,"file":140,"line":145},"admin_init","settings_init",25,{"type":137,"name":147,"callback":147,"file":148,"line":149},"plugins_loaded","buddypress-first-letter-avatar.php",127,{"type":137,"name":151,"callback":152,"file":148,"line":153},"wp_enqueue_scripts","enqueue_scripts",136,{"type":155,"name":156,"callback":157,"file":148,"line":158},"filter","get_avatar","set_comment_avatar",139,{"type":155,"name":160,"callback":161,"file":148,"line":162},"bp_core_fetch_avatar","set_buddypress_avatar",142,{"type":155,"name":164,"callback":165,"file":148,"line":166},"bp_core_fetch_avatar_url","set_buddypress_avatar_url",145,{"type":155,"name":168,"callback":169,"file":148,"line":170},"wpdiscuz_author_avatar_field","set_wpdiscuz_avatar",148,[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":205},[],{"prepared":28,"raw":28,"locations":178},[],{"escaped":28,"rawEcho":180,"locations":181},11,[182,185,187,189,191,193,195,197,199,201,203],{"file":140,"line":183,"context":184},130,"raw output",{"file":140,"line":186,"context":184},137,{"file":140,"line":188,"context":184},144,{"file":140,"line":190,"context":184},151,{"file":140,"line":192,"context":184},179,{"file":140,"line":194,"context":184},218,{"file":140,"line":196,"context":184},223,{"file":140,"line":198,"context":184},236,{"file":140,"line":200,"context":184},241,{"file":140,"line":202,"context":184},246,{"file":140,"line":204,"context":184},261,[],[],{"summary":208,"deductions":209},"The \"buddypress-first-letter-avatar\" plugin v2.2.8 exhibits a strong security posture in terms of its attack surface and reliance on prepared statements for SQL queries. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits potential entry points for attackers. Furthermore, the plugin's vulnerability history is clean, with no recorded CVEs, which suggests a history of secure development or timely patching.\n\nHowever, a significant concern arises from the complete lack of output escaping (0% properly escaped). This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where user-supplied data could be injected and executed in the browser of other users. The absence of nonce checks and capability checks, while not directly posing a risk in the current static analysis (due to zero entry points), means that if any entry points were added in the future without proper security measures, they would be immediately exploitable. The lack of taint analysis results is likely due to the limited attack surface, but the unescaped output remains a clear and present danger.\n\nIn conclusion, while the plugin has a clean vulnerability history and a minimal attack surface, the critical failure in output escaping presents a significant security weakness. The development team should prioritize implementing proper sanitization and escaping mechanisms for all output to mitigate XSS risks. The lack of checks also highlights a potential area for improvement in future development to ensure robustness against evolving threats.",[210,213,216],{"reason":211,"points":212},"All output is unescaped",15,{"reason":214,"points":215},"No nonce checks implemented",5,{"reason":217,"points":215},"No capability checks implemented","2026-03-16T20:46:31.258Z",{"wat":220,"direct":227},{"assetPaths":221,"generatorPatterns":223,"scriptPaths":224,"versionParams":225},[222],"\u002Fwp-content\u002Fplugins\u002Fbuddypress-first-letter-avatar\u002Fcss\u002Fstyle.css",[],[],[226],"buddypress-first-letter-avatar\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":228,"htmlComments":230,"htmlAttributes":231,"restEndpoints":232,"jsGlobals":233,"shortcodeOutput":234},[229],"wpfla-style-handle",[],[],[],[],[]]