[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIlXMe9HS_XS2Kb4Jofgjsgsg5CD83yc3R4DD8tTgTk0":3,"$fTGh8an4JvZ6jY7Ve68O-Xk-WX4rmutmPai7FhuB4qgA":248,"$fQO0J3jRKV5riL6V8ObAEEpgmWfMaVvi2O6JgIDMLxUs":252},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":40,"analysis":136,"fingerprints":231},"easygravatars","Easy Gravatars","1.3","Dougal Campbell","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougal\u002F","\u003Cp>This plugin allows you to automatically add Gravatars for commenters to your\u003Cbr \u002F>\ntheme, if your theme does not already support them.\u003C\u002Fp>\n\u003Cp>According to the Gravatar.com website, Gravatars are Globally Recognized\u003Cbr \u002F>\nAvatars, or an “avatar image that follows you from weblog to weblog\u003Cbr \u002F>\nappearing beside your name when you comment on gravatar enabled sites.”\u003Cbr \u002F>\nYou register with the Gravatar server, and upload an image which you will\u003Cbr \u002F>\nuse as your avatar. The gravatar image is keyed to your email address, so\u003Cbr \u002F>\nthat it is unique to you.\u003C\u002Fp>\n\u003Cp>This plugin will display gravatars for the people who comment on your posts.\u003Cbr \u002F>\nYou do not need to modify any of your template files — just activate the\u003Cbr \u002F>\nplugin, and it will add gravatars to your comments template automatically.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Based on a code snippet from Matt Mullenweg:\u003Cbr \u002F>\n  http:\u002F\u002Fphotomatt.net\u002F2007\u002F10\u002F20\u002Fgravatar-enabled\u002F\u003Cbr \u002F>\n  http:\u002F\u002Fpastebin.ca\u002F743979\u003C\u002Fp>\n\u003Cp>Props to David Potter for pointing out that Gravatar normalizes email\u003Cbr \u002F>\naddresses to lowercase before hashing with MD5:\u003Cbr \u002F>\n  http:\u002F\u002Fdpotter.net\u002FTechnical\u002Findex.php\u002F2007\u002F10\u002F22\u002Fintegrating-gravatar-support\u002F\u003C\u002Fp>\n","Add Gravatars to your comments without modifying any template files. Just activate, and you're done!",200,64656,100,1,"2010-01-14T15:36:00.000Z","3.0.5","2.0.4","",[20,21,22,23,24],"avatar","avatars","comments","gravatar","gravatars","http:\u002F\u002Fdougal.gunters.org\u002Fplugins\u002Feasy-gravatars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasygravatars.1.3.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":34,"display_name":7,"profile_url":8,"plugin_count":35,"total_installs":36,"avg_security_score":27,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"dougal",5,1040,30,84,"2026-05-19T21:17:47.818Z",[41,64,83,101,118],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":18,"tags":56,"homepage":62,"download_link":63,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-disable","Reduce HTTP Requests, Disable Emojis & Disable Embeds, Speedup WooCommerce","1.6.1","hosting.io","https:\u002F\u002Fprofiles.wordpress.org\u002Fpigeonhut\u002F","\u003Cp>\u003Cstrong>Reduce HTTP requests\u003C\u002Fstrong> – Disable Emojis, Disable Gravatars, Disable Embeds and Remove Querystrings. SpeedUp WooCommerce, Added support to disable pingbacks, disable trackbacks, close comments after 28 days, Added the ability to force pagingation after 20 posts,\u003Cbr \u002F>\nDisable WooCommerce scripts and CSS on non WooCommerce Pages, Disable RSS, Disable XML-RPC, Disable Autosave, Remove Windows Live Writer tag, Remove Shortlink Tag, Remove WP API from header and\u003Cbr \u002F>\n many more features to help speed and SEO gains.  Now includes \u003Cstrong>Disable Comments, Heartbeat Control, Selective Disable\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003C\u002Fstrong>\u003Cstrong>NEW Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n Better Stats on Dashboard\u003Cbr \u002F>\n Disable loading dashicons on front end if admin bar disabled\u003Cbr \u002F>\n Disable Author Pages\u003C\u002Fp>\n\u003Cp>Disabling Emojis does not disable emoticons, it disables the support for Emojis added since WP 4.2 and removes 1 HTTP request.\u003C\u002Fp>\n\u003Cp>Disabling Embeds  – script that auto formats pasted content in the visual editor, eg videos, etc. Big issue with this script is it loads on every\u003Cbr \u002F>\nsingle page. You can still use the default embed code from YouTube, Twitter etc to included content.\u003C\u002Fp>\n\u003Cp>Remove Query Strings: If you look at the waterfall view of your page load, you will see your query strings end in something like ver=1.12.4.\u003Cbr \u002F>\nThese are called query strings and help determine the version of the script. The problem with query strings like these is that it isn’t very efficient for caching purposes and sometimes prevents caching those assets altogether.  If you are using a CDN already, you can ignore this.\u003C\u002Fp>\n\u003Cp>Disabling Gravatars is completely optional, advise, if you don’t use them, disable as it gets rid of one more useless HTTP request.\u003C\u002Fp>\n\u003Cp>General Performance improvements: Added support for : disable ping\u002Ftrackbacks, close comments after 28 days, force pagingation after 20 posts, Disable WooCommerce scripts and CSS on non WooCommerce Pages.\u003C\u002Fp>\n\u003Cp>Have an idea ?\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhosting-io\u002Fwp-disable\" rel=\"nofollow ugc\">Public repo on GitHub\u003C\u002Fa> if you would like to contribute or have any ideas to add.\u003C\u002Fp>\n\u003Cp>Docs & Support\u003Cbr \u002F>\nThe \u003Ca href=\"https:\u002F\u002Foptimisation.io\u002Ffaq\u002F\" rel=\"nofollow ugc\">documentation is an on-going project\u003C\u002Fa>, so please bare with us as we update.  If you would like to help with the documentation, please get in touch.\u003C\u002Fp>\n","Reduce HTTP requests - Disable Emojis, Disable Gravatars, Disable Embeds and Remove Querystrings. SpeedUp WooCommerce, Added support to disable pingba …",10000,310133,82,45,"2020-08-09T07:42:00.000Z","5.3.21","4.5",[57,58,59,60,61],"disable-embeds","disable-emoji","disable-gravatars","reduce-http-requests","remove-querystrings","https:\u002F\u002Foptimisation.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-disable.1.6.1.zip",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":13,"downloaded":72,"rating":51,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":18,"tags":77,"homepage":18,"download_link":81,"security_score":82,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bp-local-avatars","BP Local Avatars","3.0","shanebp","https:\u002F\u002Fprofiles.wordpress.org\u002Fshanebp\u002F","\u003Cp>BP Local Avatars is a BuddyPress plugin.\u003C\u002Fp>\n\u003Cp>Do you have members or groups on your BuddyPress site who do not have an Avatar?\u003Cbr \u002F>\nAnd you do not want to show the generic default avatar?\u003Cbr \u002F>\nOr maybe you do not want each page view to include a lot of calls to gravatar.com to load avatars?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin will create a Gravatar Identicon avatar, thumb and full versions, for any user who does not already have an Avatar, and save it locally.\u003C\u002Fli>\n\u003Cli>Supports user creation, user registration, user login, and Bulk Generation for user and groups.\u003C\u002Fli>\n\u003Cli>Uses the existing BuddyPress avatar directory structure.\u003C\u002Fli>\n\u003Cli>Conforms to the defined sizes for BuddyPress thumb and full avatars.\u003C\u002Fli>\n\u003Cli>Users can still upload an avatar via their profile.\u003C\u002Fli>\n\u003Cli>Groups can still upload an avatar via Group > Manage > Photo.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Provides an option in wp-admin under:\u003Cbr \u002F>\nSettings -> Discussion > Default Avatar > BuddyPress Identicon (Generated and Stored Locally).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select and Save. Otherwise this plugin will not do anything.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After saving, you will see a link to ‘Bulk Generate’ avatars for all users and groups who do not have a local avatar. If a user already has their own Gravatar, it will save it locally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more BuddyPress plugins, please visit \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002F\" rel=\"nofollow ugc\">PhiloPress\u003C\u002Fa>\u003C\u002Fp>\n","A BuddyPress plugin that creates Gravatar avatars for any user or group without one, and stores them locally.",10656,7,"2025-04-19T17:32:00.000Z","6.8.5","4.0",[21,78,24,79,80],"buddypress","groups","members","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-local-avatars.3.0.zip",92,{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":18,"tags":98,"homepage":99,"download_link":100,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"gravatar-signup-encouragement","Gravatar Signup Encouragement","3.1","Milan Dinić","https:\u002F\u002Fprofiles.wordpress.org\u002Fdimadin\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fblog.milandinic.com\u002Fwordpress\u002Fplugins\u002Fgravatar-signup-encouragement\u002F\" rel=\"nofollow ugc\">Plugin homepage\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fblog.milandinic.com\u002F\" rel=\"nofollow ugc\">Plugin author\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fblog.milandinic.com\u002Fdonate\u002F\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin shows a message with link to signup page of Gravatar (pre-filled with e-mail address) to commenters and\u002For users who don’t have gravatar.\u003C\u002Fp>\n\u003Cp>Message can be shown to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>unregistered commenters when they leave text input field for e-mail address\u003C\u002Fli>\n\u003Cli>registered commenters to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>unregistered commenters after they post a comment in a dialog, to whom their entered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered commenters after they post a comment in a dialog, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered users in administration notices, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered users in admin bar, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered users on their profile page, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>users who fill registration form when they leave text input field for e-mail address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Options are fully customizable. See FAQ for more information.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, it adds only one field in database which is deleted if you uninstall plugin using WordPress’ built-in feature for deletion of plugins. Also it will only load jQuery file to head of your page if it wasn’t already loaded by theme or other plugin(s). Checks for gravatar are done via simple AJAX.\u003Cbr \u002F>\nIf you want to speed up your web site and save on bandwidth and server resources, it is recommended that you also install plugin \u003Ca href=\"http:\u002F\u002Fjasonpenney.net\u002Fwordpress-plugins\u002Fuse-google-libraries\u002F\" rel=\"nofollow ugc\">Use Google Libraries\u003C\u002Fa> which will load jQuery file from \u003Ca href=\"http:\u002F\u002Fcode.google.com\u002Fapis\u002Fajaxlibs\u002F\" rel=\"nofollow ugc\">Google AJAX Libraries\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>In order to plugin works, it needs to be on server with PHP 5 and on WordPress 2.8 or above.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FeIvm4rBkxPk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&cc_load_policy=1&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Shows a message with link to Gravatar's signup page to commenters and\u002For users without gravatar.",60,15226,90,2,"2012-07-11T15:42:00.000Z","3.4.2","2.8",[20,21,23,24],"http:\u002F\u002Fblog.milandinic.com\u002Fwordpress\u002Fplugins\u002Fgravatar-signup-encouragement\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravatar-signup-encouragement.3.1.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":13,"num_ratings":94,"last_updated":111,"tested_up_to":112,"requires_at_least":86,"requires_php":18,"tags":113,"homepage":116,"download_link":117,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"hidpi-gravatars","HiDPI Gravatars","1.5.1","Robert Chapin","https:\u002F\u002Fprofiles.wordpress.org\u002Fmiqrogroove\u002F","\u003Cp>Automatically replaces the standard resolution Gravatars with HiDPI (Retina) Gravatars using HTML (when supported) or Javascript (as needed).\u003C\u002Fp>\n\u003Cp>You need this plugin if you want blog comments to look crisp and clear on Retina, HD, and similar devices!\u003C\u002Fp>\n\u003Cp>You need this plugin if you want compatibility with all web browsers.  The HiDPI features added in WordPress 4.2 are not compatible with older browsers, unless you have this plugin activated.  The included Javascript helps make your website look the same in new and old browsers.\u003C\u002Fp>\n\u003Ch3>Theme Requirements\u003C\u002Fh3>\n\u003Cp>You may not omit the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_head\" rel=\"nofollow ugc\">wp_head\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_footer\" rel=\"nofollow ugc\">wp_footer\u003C\u002Fa> template tags for this plugin to work correctly.\u003C\u002Fp>\n\u003Ch3>Cache Compatibility\u003C\u002Fh3>\n\u003Cp>HiDPI Gravatars is designed to be fully compatible with page caching plugins such as WP Super Cache.\u003C\u002Fp>\n\u003Cp>Pages that were cached prior to activating HiDPI Gravatars will need to be refreshed.  Empty the cache to make sure the new Gravatars will appear.\u003C\u002Fp>\n\u003Cp>HiDPI Gravatars is \u003Cem>not\u003C\u002Fem> compatible with any Gravatar caching plugins.\u003C\u002Fp>\n\u003Ch3>Other Gravatar Plugins\u003C\u002Fh3>\n\u003Cp>HiDPI Gravatars might not detect customized Gravatar functions in other plugins.  As of version 1.4, HiDPI Gravatars relies on the WordPress \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fget_avatar\" rel=\"nofollow ugc\">get_avatar\u003C\u002Fa> filter.  Custom avatar generators that avoid or disable this filter will be ignored by HiDPI Gravatars.\u003C\u002Fp>\n","Enables high resolution Gravatar images on any browser that supports them.",50,13472,"2015-08-08T16:24:00.000Z","4.3.34",[20,23,24,114,115],"hidpi","retina","http:\u002F\u002Fwww.miqrogroove.com\u002Fpro\u002Fsoftware\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhidpi-gravatars.1.5.1.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":37,"downloaded":126,"rating":13,"num_ratings":14,"last_updated":127,"tested_up_to":128,"requires_at_least":97,"requires_php":18,"tags":129,"homepage":134,"download_link":135,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"top-contributors","Top Contributors","1.4.1","blueinstyle","https:\u002F\u002Fprofiles.wordpress.org\u002Fblueinstyle\u002F","\u003Cp>Display your top commenters or authors in a widget, or you can display anywhere on your blog by pasting this code into your theme: \u003Ccode>\u003C?php if(function_exists('jme_top_contributors')) { jme_top_contributors(); } ?>\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Version 1.4 includes many user requested features. Check \u003Ca href=\"http:\u002F\u002Fjustmyecho.com\u002F2010\u002F07\u002Ftop-contributors-plugin-wordpress\u002F\" rel=\"nofollow ugc\">plugin webpage\u003C\u002Fa> for details on the update.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>List your top commenters or authors with the option to display their Gravatar, and several other options.\u003C\u002Fli>\n\u003Cli>Choose from 2 formats of the widget, with complete control of styles via css.\u003C\u002Fli>\n\u003Cli>Exclude users from the list by email address.\u003C\u002Fli>\n\u003Cli>The list uses a cache system for improved performance. List updates only when a post or comment is added, or options updated.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Extra Feature\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add a special Icon next to each of your Top Commenter’s name in their comments to give them a little special recognition for being a regular contributor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Support and Feature request forum at http:\u002F\u002Fjustmyecho.com\u002Fforums\u002F\u003C\u002Fp>\n","Display your top commenters or authors in a widget.",11563,"2011-04-10T16:46:00.000Z","3.1.4",[130,24,131,132,133],"commenters","plugins","top-commenters","widgets","http:\u002F\u002Fjustmyecho.com\u002F2010\u002F07\u002Ftop-contributors-plugin-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-contributors.1.4.1.zip",{"attackSurface":137,"codeSignals":157,"taintFlows":185,"riskAssessment":224,"analyzedAt":230},{"hooks":138,"ajaxHandlers":153,"restRoutes":154,"shortcodes":155,"cronEvents":156,"entryPointCount":28,"unprotectedCount":28},[139,145,149],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_menu","eg_opt_menu","easygravatars.php",28,{"type":140,"name":146,"callback":147,"file":143,"line":148},"admin_head","eg_admin_css",35,{"type":140,"name":150,"callback":151,"file":143,"line":152},"init","eg_set_filter",47,[],[],[],[],{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":161,"fileOperations":28,"externalRequests":28,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":184},[],{"prepared":28,"raw":28,"locations":160},[],{"escaped":28,"rawEcho":162,"locations":163},11,[164,167,169,171,173,175,176,177,178,180,182],{"file":143,"line":165,"context":166},41,"raw output",{"file":143,"line":168,"context":166},202,{"file":143,"line":170,"context":166},214,{"file":143,"line":172,"context":166},223,{"file":143,"line":174,"context":166},230,{"file":143,"line":174,"context":166},{"file":143,"line":174,"context":166},{"file":143,"line":174,"context":166},{"file":143,"line":179,"context":166},232,{"file":143,"line":181,"context":166},240,{"file":143,"line":183,"context":166},249,[],[186,213],{"entryPoint":187,"graph":188,"unsanitizedCount":28,"severity":212},"eg_options_page (easygravatars.php:141)",{"nodes":189,"edges":208},[190,195,201,204],{"id":191,"type":192,"label":193,"file":143,"line":194},"n0","source","$_POST (x5)",160,{"id":196,"type":197,"label":198,"file":143,"line":199,"wp_function":200},"n1","sink","update_option() [Settings Manipulation]",175,"update_option",{"id":202,"type":192,"label":203,"file":143,"line":168},"n2","$_SERVER['REQUEST_URI']",{"id":205,"type":197,"label":206,"file":143,"line":168,"wp_function":207},"n3","echo() [XSS]","echo",[209,211],{"from":191,"to":196,"sanitized":210},true,{"from":202,"to":205,"sanitized":210},"low",{"entryPoint":214,"graph":215,"unsanitizedCount":28,"severity":212},"\u003Ceasygravatars> (easygravatars.php:0)",{"nodes":216,"edges":221},[217,218,219,220],{"id":191,"type":192,"label":193,"file":143,"line":194},{"id":196,"type":197,"label":198,"file":143,"line":199,"wp_function":200},{"id":202,"type":192,"label":203,"file":143,"line":168},{"id":205,"type":197,"label":206,"file":143,"line":168,"wp_function":207},[222,223],{"from":191,"to":196,"sanitized":210},{"from":202,"to":205,"sanitized":210},{"summary":225,"deductions":226},"The \"easygravatars\" v1.3 plugin exhibits a generally strong security posture based on the static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the analysis reveals a complete absence of dangerous functions and SQL queries that are not properly prepared, which are critical security best practices.  The presence of nonce and capability checks, even with a limited attack surface, is also a positive indicator.\n\nHowever, a significant concern arises from the output escaping. With 11 total outputs and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed by the plugin, if not sanitized by WordPress itself before rendering, could be exploited. While the taint analysis found no unsanitized paths, this is likely due to the limited attack surface and could be overshadowed by the unescaped output issues.\n\nThe plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the strong code signals regarding SQL and dangerous functions, suggests that past vulnerabilities, if any, were likely addressed or that the plugin has historically been developed with security in mind. Nevertheless, the pervasive lack of output escaping is a glaring weakness that needs immediate attention to mitigate potential XSS risks.",[227],{"reason":228,"points":229},"0% output escaping on 11 outputs",8,"2026-03-16T20:28:26.937Z",{"wat":232,"direct":238},{"assetPaths":233,"generatorPatterns":235,"scriptPaths":236,"versionParams":237},[234],"\u002Fwp-content\u002Fplugins\u002Feasygravatars\u002Feasygravatars.css",[],[],[],{"cssClasses":239,"htmlComments":242,"htmlAttributes":243,"restEndpoints":245,"jsGlobals":246,"shortcodeOutput":247},[240,241],"easygravatar","eg-image",[],[244],"data-gravatar-id",[],[],[],{"error":210,"url":249,"statusCode":250,"statusMessage":251,"message":251},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Feasygravatars\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":253,"versions":254},4,[255,261,268,275],{"version":6,"download_url":26,"svn_tag_url":256,"released_at":29,"has_diff":257,"diff_files_changed":258,"diff_lines":29,"trac_diff_url":259,"vulnerabilities":260,"is_current":210},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasygravatars\u002Ftags\u002F1.3\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasygravatars%2Ftags%2F1.2&new_path=%2Feasygravatars%2Ftags%2F1.3",[],{"version":262,"download_url":263,"svn_tag_url":264,"released_at":29,"has_diff":257,"diff_files_changed":265,"diff_lines":29,"trac_diff_url":266,"vulnerabilities":267,"is_current":257},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasygravatars.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasygravatars\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasygravatars%2Ftags%2F1.1&new_path=%2Feasygravatars%2Ftags%2F1.2",[],{"version":269,"download_url":270,"svn_tag_url":271,"released_at":29,"has_diff":257,"diff_files_changed":272,"diff_lines":29,"trac_diff_url":273,"vulnerabilities":274,"is_current":257},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasygravatars.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasygravatars\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasygravatars%2Ftags%2F1.0&new_path=%2Feasygravatars%2Ftags%2F1.1",[],{"version":276,"download_url":277,"svn_tag_url":278,"released_at":29,"has_diff":257,"diff_files_changed":279,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":280,"is_current":257},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasygravatars.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasygravatars\u002Ftags\u002F1.0\u002F",[],[]]