[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fo09oR_0n1FMFY0FEsuvshi0NJtn7RABXJJQ4oPODGeo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":49,"analysis":131,"fingerprints":234},"codeablepress-simple-frontend-profile-picture-upload","CodeablePress: Simple Frontend Profile Picture Upload","1.0.2","codeablepress","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodeablepress\u002F","\u003Cp>⚠️ \u003Cstrong>This plugin has been retired.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We’ve rebuilt this plugin from the ground up as a brand new, modern WordPress.org plugin:\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fchargewp-front-end-avatar-upload\u002F\" rel=\"ugc\">ChargeWP – Front-End Avatar Upload\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please install and activate the new plugin\u003C\u002Fstrong> to continue receiving updates and support.\u003C\u002Fp>\n\u003Cp>This version (1.0.1) now displays a migration notice and version 1.0.2 will \u003Cstrong>not\u003C\u002Fstrong> run the upload functionality anymore — it’s safe to keep active temporarily while switching.\u003C\u002Fp>\n\u003Ch3>Why the Change?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The new plugin offers improved performance and security\u003C\u002Fli>\n\u003Cli>Better WooCommerce and \u003Cstrong>new\u003C\u002Fstrong> block editor support\u003C\u002Fli>\n\u003Cli>Ongoing updates and future enhancements on WordPress.org\u003C\u002Fli>\n\u003Cli>Easier support and automatic updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What Happens After Updating?\u003C\u002Fh3>\n\u003Cp>After updating to version 1.0.1, you’ll see a notice in your WordPress Dashboard with a one-click option to \u003Cstrong>Install & Activate ChargeWP – Front-End Avatar Upload\u003C\u002Fstrong>.\u003Cbr \u002F>\nAll existing data (user profile pictures) remain after switching plugins but will not work if you go back to the old plugin.\u003C\u002Fp>\n","A simple, lightweight, and secure way for users to upload profile pictures directly from the WooCommerce My Account page or via shortcode.",100,892,0,"2025-12-18T02:07:00.000Z","6.9.4","5.0","",[19,20,21,22,23],"avatar","frontend","upload","user-profile","woocommerce","https:\u002F\u002Fchargewp.com\u002Fplugin\u002Ffront-end-avatar-upload\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcodeablepress-simple-frontend-profile-picture-upload.1.0.2.zip",78,1,"2025-08-14 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-53221","codeablepress-missing-authorization","CodeablePress \u003C= 1.0.0 - Missing Authorization","The CodeablePress: Simple Frontend Profile Picture Upload plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.",null,"\u003C=1.0.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-08-18 18:29:10",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0089bbd3-d3e4-4a13-b1f8-bb10bf18200c?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},30,79,"2026-04-04T19:17:16.361Z",[50,68,82,99,117],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":11,"num_ratings":27,"last_updated":60,"tested_up_to":15,"requires_at_least":61,"requires_php":62,"tags":63,"homepage":24,"download_link":67,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"chargewp-front-end-avatar-upload","ChargeWP – Front End Avatar Upload","2.0.2","ChargeWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fchargewp\u002F","\u003Cp>\u003Cstrong>It just works.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>ChargeWP Avatar Upload gives users a clean, intuitive way to update their profile photo without opening the dashboard.\u003Cbr \u002F>\nIt’s built for modern WordPress sites: secure, lightweight, and theme-friendly.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Instant front-end upload\u003C\u002Fstrong> — update your avatar right on the page or in WooCommerce “My Account.”  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SmartCrop.js built in\u003C\u002Fstrong> — automatically centers faces for perfect, professional results.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gutenberg Block and Shortcode\u003C\u002Fstrong> — add the avatar uploader anywhere you want.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravatar friendly\u003C\u002Fstrong> — keeps existing Gravatars in place and simply takes priority when a custom image is uploaded.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic cleanup\u003C\u002Fstrong> — replaces old avatars so your media library stays tidy.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and native\u003C\u002Fstrong> — no complex settings, no setup screens, and no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why You’ll Love It\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works straight out of the box.  \u003C\u002Fli>\n\u003Cli>Looks and feels like part of WordPress and WooCommerce.  \u003C\u002Fli>\n\u003Cli>Secure uploads with smart cropping and optimized JPEG output.  \u003C\u002Fli>\n\u003Cli>Supports all image types WordPress allows (JPG, PNG, WebP, and more).  \u003C\u002Fli>\n\u003Cli>Translation ready and developer friendly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Shortcode example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[chargewp_avatar type=\"0\" check_page_author=\"false\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Attributes:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ccode>type\u003C\u002Fcode> — 0 = avatar only, 1 = avatar + name + ID, 2 = avatar + name + ID + profile link. Default: 0\u003Cbr \u002F>\n– \u003Ccode>check_page_author\u003C\u002Fcode> — true or false. When true, shows the page or post author’s avatar instead of the current user. Default: false\u003Cbr \u002F>\n– \u003Ccode>classes\u003C\u002Fcode> — Optional extra CSS classes for custom styling.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Insert the \u003Cstrong>ChargeWP Avatar\u003C\u002Fstrong> block in the editor.\u003Cbr \u002F>\n– Adjust display type and author options from the block sidebar.\u003C\u002Fp>\n\u003Ch3>Developer Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Template overrides are supported. Copy files from\u003Cbr \u002F>\n  plugins\u002Fchargewp-avatar\u002Ftemplates\u002F to \u003Ccode>yourtheme\u002Ftemplates\u002Fcwpa\u002F\u003C\u002Fcode>.  \u003C\u002Fli>\n\u003Cli>Filters to disable automatic placement:\n\u003Cul>\n\u003Cli>\u003Ccode>add_filter('cwpa_auto_inject_wc_account', '__return_false');\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Ccode>add_filter('cwpa_auto_inject_cwpd_sidebar', '__return_false');\u003C\u002Fcode>  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Filters to change display type:\n\u003Cul>\n\u003Cli>\u003Ccode>cwpa_avatar_type_wc_account\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Ccode>cwpa_avatar_type_cwpd_sidebar\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Change your profile picture instantly from the front end.   Simple, fast, and built to feel like part of WordPress.",20,234,"2025-12-03T17:28:00.000Z","5.8","7.4",[19,64,65,66,23],"frontend-upload","gravatar","profile-picture","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchargewp-front-end-avatar-upload.2.0.2.zip",{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":15,"requires_at_least":61,"requires_php":62,"tags":78,"homepage":17,"download_link":80,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":81},"am-avatar","AM-Avatar","1.0","amdevbro","https:\u002F\u002Fprofiles.wordpress.org\u002Famdevbro\u002F","\u003Cp>AM-Avatar is a lightweight and efficient WordPress plugin that allows users to upload custom profile pictures directly from their user profile page.\u003C\u002Fp>\n\u003Cp>Key features:\u003Cbr \u002F>\n* \u003Cstrong>Automatic WebP Conversion:\u003C\u002Fstrong> All uploaded images are automatically converted to WebP format for superior performance and smaller file sizes.\u003Cbr \u002F>\n* \u003Cstrong>Smart Integration:\u003C\u002Fstrong> Seamlessly replaces the default Gravatar section on the profile page using a native-looking interface.\u003Cbr \u002F>\n* \u003Cstrong>Organized Storage:\u003C\u002Fstrong> Keeps your uploads folder clean by storing all avatars in a dedicated \u003Ccode>\u002Fuploads\u002Fam-avatar\u002F\u003C\u002Fcode> directory.\u003Cbr \u002F>\n* \u003Cstrong>Settings Page:\u003C\u002Fstrong> Includes a dedicated settings menu to manage plugin preferences.\u003Cbr \u002F>\n* \u003Cstrong>Cleanup Option:\u003C\u002Fstrong> Choose whether to permanently delete all uploaded data and settings when the plugin is uninstalled.\u003Cbr \u002F>\n* \u003Cstrong>Security First:\u003C\u002Fstrong> Includes Nonce verification, strict sanitization, and WP_Filesystem API integration.\u003Cbr \u002F>\n* \u003Cstrong>Performance:\u003C\u002Fstrong> Automatically resizes images to 150x150px to ensure fast loading times.\u003Cbr \u002F>\n* \u003Cstrong>Privacy Friendly:\u003C\u002Fstrong> No external calls to Gravatar servers when a custom avatar is set.\u003C\u002Fp>\n","High-performance avatar management with automatic WebP conversion and custom directory integration.",10,115,[19,66,21,22,79],"webp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fam-avatar.1.0.zip","2026-03-15T10:48:56.248Z",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":76,"downloaded":90,"rating":13,"num_ratings":13,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":62,"tags":94,"homepage":17,"download_link":97,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":98},"frontenduseravatar","Frontend User Avatar","1.1.0","Albert Tarres","https:\u002F\u002Fprofiles.wordpress.org\u002Falberttarress\u002F","\u003Cp>Effortlessly manage and display your user profile avatar from the frontend.\u003C\u002Fp>\n\u003Cp>Use the [frontend-user-avatar] shortcode to allow users to upload or update their avatar directly on your site.\u003Cbr \u002F>\nAdditionally, the [frontend-avatar-preview] shortcode provides a real-time preview of the current avatar, enhancing the user experience with a visual confirmation before any changes are made.\u003C\u002Fp>\n","Effortlessly manage and display your user profile avatar from the frontend",1190,"2025-09-09T14:54:00.000Z","6.8.5","6.2",[19,20,95,21,96],"shortcodes","user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffrontenduseravatar.1.1.0.zip","2026-03-15T14:54:45.397Z",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":76,"downloaded":107,"rating":13,"num_ratings":13,"last_updated":108,"tested_up_to":109,"requires_at_least":16,"requires_php":110,"tags":111,"homepage":114,"download_link":115,"security_score":116,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"user-avatar-generator","User Avatar Generator","2.0","N-Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fnmedia\u002F","\u003Cp>User Avatar Generator is a powerful WordPress plugin that lets users design their own avatars right on your website. Ideal for privacy-conscious users, this plugin offers customizable options for face shape, hairstyle, facial features, and background colors. Great for social, community, and membership sites, User Avatar Generator enhances user engagement by providing a personalized experience.\u003C\u002Fp>\n\u003Ch4>How It Works?\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FBQxSqacZnsk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Customizable facial features, including nose, ears, mouth, glasses, and more.\u003Cbr \u002F>\n* Wide variety of face and hair styles.\u003Cbr \u002F>\n* Choose background colors and high-contrast palettes.\u003Cbr \u002F>\n* Privacy-focused design for users who prefer avatars over real photos.\u003Cbr \u002F>\n* Lightweight and optimized for performance.\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fnajeebmedia.com\u002Fuser-avatar-generator\" rel=\"nofollow ugc\">Learn More\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>PRO Version\u003C\u002Fh3>\n\u003Cp>Upgrade to \u003Cstrong>User Avatar Generator PRO\u003C\u002Fstrong> to unlock even more customization options and premium features!\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fnajeebmedia.com\u002Fuser-avatar-generator\" rel=\"nofollow ugc\">Get the PRO Version\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PRO Features Include:\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ Unlock additional face, hair, and accessory options\u003Cbr \u002F>\n✅ Choose from \u003Cstrong>premium avatars\u003C\u002Fstrong> and unique styles\u003Cbr \u002F>\n✅ Advanced background customization with gradients\u003Cbr \u002F>\n✅ Save and manage multiple avatar presets\u003Cbr \u002F>\n✅ Priority support and updates\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fnajeebmedia.com\u002Fuser-avatar-generator\" rel=\"nofollow ugc\">Upgrade to PRO Now\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>The uncompiled source code for this plugin is available in the public GitHub repository:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdapi-labs\u002Freact-nice-avatar\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>\u003Cbr \u002F>\nThis repository includes the React components, JavaScript, and SCSS files used to build the plugin assets.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses the following third-party services to provide avatar generation and font loading functionalities:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Aliyun CDN\u003C\u002Fstrong> (via \u003Ccode>https:\u002F\u002Fat.alicdn.com\u002F\u003C\u002Fcode>):\n\u003Cul>\n\u003Cli>\u003Cstrong>What it is\u003C\u002Fstrong>: A Content Delivery Network (CDN) for hosting web fonts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>What it is used for\u003C\u002Fstrong>: Loads icon fonts used within the avatar generator interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent\u003C\u002Fstrong>: No personal data is sent. The plugin requests static font files from the CDN when the plugin interface is loaded.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwww.aliyun.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.aliyun.com\u002Fterms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fwww.aliyun.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.aliyun.com\u002Fprivacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Attribution\u003C\u002Fh3>\n\u003Cp>This plugin is based on avatar generation code originally created by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdapi-labs\" rel=\"nofollow ugc\">@dapi-labs\u003C\u002Fa> and released under the \u003Ca href=\"https:\u002F\u002Fopensource.org\u002Flicenses\u002FMIT\" rel=\"nofollow ugc\">MIT License\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the MIT License.\u003C\u002Fp>\n","Create customizable avatars for your WordPress site with various facial features, styles, and background colors.",757,"2025-02-13T08:29:00.000Z","6.7.5","7.2",[19,112,22,23,113],"customization","wordpress","https:\u002F\u002Fnajeebmedia.com\u002Fuser-avatar-generator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-avatar-generator.2.0.zip",92,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":13,"downloaded":125,"rating":13,"num_ratings":13,"last_updated":126,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":127,"homepage":129,"download_link":130,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"simple-frontend-avatar-uploader","Simple Frontend Avatar Uploader","1.0.0","revaithub","https:\u002F\u002Fprofiles.wordpress.org\u002Frevaithub\u002F","\u003Cp>Simple Frontend Avatar Uploader is a lightweight plugin that allows users to update their profile picture directly from the frontend. It uses the native WordPress media uploader for a seamless experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n*   Frontend profile picture upload.\u003Cbr \u002F>\n*   Uses WordPress Media Library.\u003Cbr \u002F>\n*   Shortcode \u003Ccode>[simple_frontend_avatar_upload]\u003C\u002Fcode> to display the upload button.\u003Cbr \u002F>\n*   AJAX-based upload for instant feedback.\u003Cbr \u002F>\n*   Restrict uploads to specific user roles.\u003Cbr \u002F>\n*   Customize image size and shape (Circle\u002FSquare).\u003Cbr \u002F>\n*   Modern Admin Settings page.\u003C\u002Fp>\n","Allow users to upload their profile picture from the frontend using a shortcode.",101,"2026-02-07T07:20:00.000Z",[19,20,128,21,96],"profile","https:\u002F\u002Frevaitsolutions.tech\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-frontend-avatar-uploader.zip",{"attackSurface":132,"codeSignals":202,"taintFlows":223,"riskAssessment":224,"analyzedAt":233},{"hooks":133,"ajaxHandlers":181,"restRoutes":193,"shortcodes":194,"cronEvents":199,"entryPointCount":200,"unprotectedCount":201},[134,140,142,147,149,152,155,160,163,167,170,172,176],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","user_profile_picture_description","closure","admin\\profile.php",12,{"type":135,"name":141,"callback":137,"file":138,"line":47},"profile_update",{"type":135,"name":143,"callback":144,"file":145,"line":146},"plugins_loaded","csfpp_load_textdomain","bootstrap.php",24,{"type":135,"name":143,"callback":137,"file":145,"line":148},27,{"type":135,"name":150,"callback":137,"file":145,"line":151},"woocommerce_before_account_navigation",29,{"type":135,"name":153,"callback":137,"file":145,"line":154},"cwpd_dashboard_sidebar_before",36,{"type":135,"name":156,"callback":157,"file":158,"line":159},"admin_notices","csfpp_admin_notice","codeablepress-simple-frontend-profile-picture-upload.php",111,{"type":135,"name":161,"callback":157,"file":158,"line":162},"network_admin_notices",112,{"type":135,"name":164,"callback":165,"file":158,"line":166},"admin_post_csfpp_migrate","csfpp_handle_migration",199,{"type":135,"name":156,"callback":168,"file":158,"line":169},"csfpp_result_notice",328,{"type":135,"name":161,"callback":168,"file":158,"line":171},329,{"type":135,"name":173,"callback":137,"file":174,"line":175},"admin_enqueue_scripts","includes\\enqueue.php",31,{"type":177,"name":178,"callback":137,"priority":179,"file":180,"line":139},"filter","get_avatar_url",15,"includes\\filters.php",[182,186,190],{"action":183,"nopriv":184,"callback":137,"hasNonce":184,"hasCapCheck":184,"file":138,"line":185},"csfpp_delete_profile_picture",false,57,{"action":187,"nopriv":184,"callback":137,"hasNonce":184,"hasCapCheck":184,"file":188,"line":189},"csfpp_upload_profile_picture","includes\\upload.php",8,{"action":187,"nopriv":191,"callback":137,"hasNonce":184,"hasCapCheck":184,"file":188,"line":192},true,130,[],[195],{"tag":196,"callback":137,"file":197,"line":198},"csfpp_avatar","includes\\shortcodes.php",17,[],4,3,{"dangerousFunctions":203,"sqlUsage":204,"outputEscaping":206,"fileOperations":13,"externalRequests":13,"nonceChecks":200,"capabilityChecks":200,"bundledLibraries":222},[],{"prepared":13,"raw":13,"locations":205},[],{"escaped":207,"rawEcho":208,"locations":209},54,6,[210,212,214,216,218,220],{"file":145,"line":46,"context":211},"raw output",{"file":145,"line":213,"context":211},38,{"file":158,"line":215,"context":211},175,{"file":158,"line":217,"context":211},176,{"file":158,"line":219,"context":211},178,{"file":221,"line":198,"context":211},"templates\\avatar.php",[],[],{"summary":225,"deductions":226},"The \"codeablepress-simple-frontend-profile-picture-upload\" plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in its handling of SQL queries, exclusively using prepared statements, and a high percentage of its output is properly escaped. It also includes nonce and capability checks for all identified entry points. However, a significant concern arises from the presence of three AJAX handlers that lack authentication checks, creating a substantial attack surface for unauthorized actions. The plugin also has a history of known vulnerabilities, with one unpatched medium severity CVE related to missing authorization, indicating a recurring issue in securing its entry points. While the taint analysis shows no immediate critical or high-severity flaws, the combination of unprotected AJAX endpoints and a pattern of authorization vulnerabilities suggests potential risks if attackers can exploit these entry points.",[227,229,231],{"reason":228,"points":76},"Unprotected AJAX handlers",{"reason":230,"points":179},"Unpatched medium severity CVE",{"reason":232,"points":189},"History of missing authorization","2026-03-16T21:03:21.722Z",{"wat":235,"direct":240},{"assetPaths":236,"generatorPatterns":237,"scriptPaths":238,"versionParams":239},[],[],[],[],{"cssClasses":241,"htmlComments":244,"htmlAttributes":245,"restEndpoints":247,"jsGlobals":248,"shortcodeOutput":249},[242,243],"notice-warning","is-dismissible",[],[246],"rel=\"noopener noreferrer\"",[],[],[]]