[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXlmM1eufWSEWEkWYG_KFYIGH1q3JaPcjZgCLlLkGMdA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":14,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":132,"fingerprints":232},"extended-gravatar","Extended Gravatar","0.6","moallemi","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoallemi\u002F","\u003Cp>This plugin brings Hovercard popups for your commenters and adds some cool fetures using gravatar.\u003C\u002Fp>\n","This plugin brings Hovercard popups for your commenters via Gravatar",10,2391,0,"","3.2.1","3.1",[18,19,20,7,21],"avatar","gravatar","hovercards","%da%a9%d8%a7%d9%88%d8%b4%da%af%d8%b1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextended-gravatar.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},6,90,88,30,86,"2026-04-05T17:26:22.367Z",[35,50,65,89,109],{"slug":36,"name":37,"version":38,"author":7,"author_profile":8,"description":39,"short_description":40,"active_installs":11,"downloaded":41,"rating":13,"num_ratings":13,"last_updated":42,"tested_up_to":15,"requires_at_least":43,"requires_php":14,"tags":44,"homepage":46,"download_link":47,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":49},"gravatar-like","Gravatar Like","0.1.0.1","\u003Cp>A  WordPress.com Like plugin for self hosted wordpress sites\u003C\u002Fp>\n","A  Wordpress.com Like plugin for self hosted wordpress sites",3270,"2011-10-05T19:32:00.000Z","3.0",[19,36,45,7,21],"like","http:\u002F\u002Fwww.moallemi.ir","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravatar-like.zip",85,"2026-03-15T15:16:48.613Z",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":31,"downloaded":58,"rating":13,"num_ratings":13,"last_updated":59,"tested_up_to":60,"requires_at_least":43,"requires_php":14,"tags":61,"homepage":63,"download_link":64,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":49},"gravatar-wordpress-plugin","Gravatar Hovercards","1.1","Abhik","https:\u002F\u002Fprofiles.wordpress.org\u002Fdreamstrikes\u002F","\u003Cp>This plugin enables Gravatar Hovercards in Self Hosted WordPress Blogs. Code by Ottopress, Pluginized By \u003Ca href=\"http:\u002F\u002Fwww.w7b.org\" rel=\"nofollow ugc\">Abhik\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin enables Gravatar Hovercards in Self Hosted Wordpress Blogs. Code by Ottopress, Pluginized By Abhik.",6097,"2010-10-26T10:37:00.000Z","3.0.5",[19,62,20],"gravatar-hovercards","http:\u002F\u002Fwww.w7b.org\u002Fwp-plugins\u002Fgravatar-hovercards-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravatar-wordpress-plugin.zip",{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":75,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":14,"tags":80,"homepage":84,"download_link":85,"security_score":86,"vuln_count":87,"unpatched_count":13,"last_vuln_date":88,"fetched_at":49},"one-user-avatar","One User Avatar | User Profile Picture","2.5.4","One Designs","https:\u002F\u002Fprofiles.wordpress.org\u002Fonedesigns\u002F","\u003Cp>WordPress currently only allows you to use custom avatars that are uploaded through \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa>. \u003Cstrong>One User Avatar\u003C\u002Fstrong> enables you to use any photo uploaded into your Media Library as an avatar. This means you use the same uploader and library as your posts. No extra folders or image editing functions are necessary. This plugin is a fork of WP User Avatar v2.2.16.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>One User Avatar\u003C\u002Fstrong> also lets you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Upload your own Default Avatar in your One User Avatar settings.\u003C\u002Fli>\n\u003Cli>Show the user’s \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa> avatar or Default Avatar if the user doesn’t have a One User Avatar image.\u003C\u002Fli>\n\u003Cli>Disable \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa> avatars and use only local avatars.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[avatar_upload]\u003C\u002Fcode> shortcode to add a standalone uploader to a front page or widget. This uploader is only visible to logged-in users.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[avatar]\u003C\u002Fcode> shortcode in your posts. These shortcodes will work with any theme, whether it has avatar support or not.\u003C\u002Fli>\n\u003Cli>Allow Contributors and Subscribers to upload their own avatars.\u003C\u002Fli>\n\u003Cli>Limit upload file size and image dimensions for Contributors and Subscribers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>One User Avatar\u003Cbr \u002F>\nCopyright (c) 2023 One Designs https:\u002F\u002Fonedesigns.com\u002F\u003Cbr \u002F>\nLicense: GPLv2\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002Fonedesigns\u002Fone-user-avatar\u003C\u002Fp>\n\u003Cp>One User Avatar is based on WP User Avatar v2.2.16\u003Cbr \u002F>\nCopyright (c) 2020-2021 ProfilePress https:\u002F\u002Fprofilepress.net\u002F\u003Cbr \u002F>\nCopyright (c) 2014-2020 Flippercode https:\u002F\u002Fwww.flippercode.com\u002F\u003Cbr \u002F>\nCopyright (c) 2013-2014 Bangbay Siboliban http:\u002F\u002Fbangbay.com\u002F\u003Cbr \u002F>\nLicense: GPLv2\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002Fprofilepress\u002Fwp-user-avatar\u003C\u002Fp>\n\u003Cp>One User Avatar is distributed under the terms of the GNU GPL\u003C\u002Fp>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation, either version 2 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Ch3>Advanced Settings\u003C\u002Fh3>\n\u003Ch4>Add One User Avatar to your own profile edit page\u003C\u002Fh4>\n\u003Cp>You can use the [avatar_upload] shortcode to add a standalone uploader to any page. It’s best to use this uploader by itself and without other profile fields.\u003C\u002Fp>\n\u003Cp>If you’re building your own profile edit page with other fields, One User Avatar is automatically added to the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\u002FAction_Reference\u002Fshow_user_profile\" rel=\"nofollow ugc\">show_user_profile\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\u002FAction_Reference\u002Fshow_user_profile\" rel=\"nofollow ugc\">edit_user_profile\u003C\u002Fa> hooks. If you’d rather have One User Avatar in its own section, you could add another hook:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>do_action( 'edit_user_avatar', $current_user );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Then, to add One User Avatar to that hook and remove it from the other hooks outside of the administration panel, you would add this code to the \u003Ccode>functions.php\u003C\u002Fcode> file of your theme:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_avatar_filter() {\n    \u002F\u002F Remove from show_user_profile hook\n    remove_action( 'show_user_profile', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    remove_action( 'show_user_profile', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n\n    \u002F\u002F Remove from edit_user_profile hook\n    remove_action( 'edit_user_profile', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    remove_action( 'edit_user_profile', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n\n    \u002F\u002F Add to edit_user_avatar hook\n    add_action( 'edit_user_avatar', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    add_action( 'edit_user_avatar', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n}\n\n\u002F\u002F Loads only outside of administration panel\nif ( ! is_admin() ) {\n    add_action( 'init','my_avatar_filter' );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>HTML Wrapper\u003C\u002Fh4>\n\u003Cp>You can change the HTML wrapper of the One User Avatar section by using the functions \u003Ccode>wpua_before_avatar\u003C\u002Fcode> and \u003Ccode>wpua_after_avatar\u003C\u002Fcode>. By default, the avatar code is structured like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cdiv class=\"wpua-edit-container\">\n    \u003Ch3>Avatar\u003C\u002Fh3>\n    \u003Cinput type=\"hidden\" name=\"wp-user-avatar\" id=\"wp-user-avatar\" value=\"{attachmentID}\" \u002F>\n    \u003Cp id=\"wpua-add-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-add\" name=\"wpua-add\">Edit Image\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-preview\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        Original Size\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-thumbnail\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        Thumbnail\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-remove-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-remove\" name=\"wpua-remove\">Default Avatar\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-undo-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-undo\" name=\"wpua-undo\">Undo\u003C\u002Fbutton>\n    \u003C\u002Fp>\n\u003C\u002Fdiv>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To strip out the div container and h3 heading, you would add the following filters to the \u003Ccode>functions.php\u003C\u002Fcode> file in your theme:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>remove_action( 'wpua_before_avatar', 'wpua_do_before_avatar' );\nremove_action( 'wpua_after_avatar', 'wpua_do_after_avatar' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To add your own wrapper, you could create something like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_before_avatar() {\n    echo '\u003Cdiv id=\"my-avatar\">';\n}\nadd_action( 'wpua_before_avatar', 'my_before_avatar' );\n\nfunction my_after_avatar() {\n    echo '\u003C\u002Fdiv>';\n}\nadd_action( 'wpua_after_avatar', 'my_after_avatar' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This would output:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cdiv id=\"my-avatar\">\n    \u003Cinput type=\"hidden\" name=\"wp-user-avatar\" id=\"wp-user-avatar\" value=\"{attachmentID}\" \u002F>\n    \u003Cp id=\"wpua-add-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-add\" name=\"wpua-add\">Edit Image\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-preview\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        \u003Cspan class=\"description\">Original Size\u003C\u002Fspan>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-thumbnail\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        \u003Cspan class=\"description\">Thumbnail\u003C\u002Fspan>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-remove-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-remove\" name=\"wpua-remove\">Default Avatar\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-undo-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-undo\" name=\"wpua-undo\">Undo\u003C\u002Fbutton>\n    \u003C\u002Fp>\n\u003C\u002Fdiv>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.",100000,490816,94,41,"2026-01-12T00:58:00.000Z","6.9.4","4.0",[18,81,19,82,83],"bbpress","profile","users","https:\u002F\u002Fonedesigns.com\u002Fplugins\u002Fone-user-avatar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-user-avatar.2.5.4.zip",99,2,"2021-09-20 00:00:00",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":73,"downloaded":97,"rating":98,"num_ratings":99,"last_updated":100,"tested_up_to":78,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":105,"download_link":106,"security_score":107,"vuln_count":28,"unpatched_count":13,"last_vuln_date":108,"fetched_at":49},"simple-local-avatars","Simple Local Avatars","2.8.6","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Adds an avatar upload field to user profiles if the current user has media permissions. Generates requested sizes on demand just like Gravatar! Simple and lightweight.\u003C\u002Fp>\n\u003Cp>Just edit a user profile, and scroll down to the new “Avatar” field. The plug-in will take care of cropping and sizing!\u003C\u002Fp>\n\u003Col>\n\u003Cli>Stores avatars in the “uploads” folder where all of your other media is kept.\u003C\u002Fli>\n\u003Cli>Has a simple, native interface.\u003C\u002Fli>\n\u003Cli>Fully supports Gravatar and default avatars if no local avatar is set for the user – but also allows you turn off Gravatar.\u003C\u002Fli>\n\u003Cli>Generates the requested avatar size on demand (and stores the new size for efficiency), so it looks great, just like Gravatar!\u003C\u002Fli>\n\u003Cli>Lets you decide whether lower privilege users (subscribers, contributors) can upload their own avatar.\u003C\u002Fli>\n\u003Cli>Enables rating of local avatars, just like Gravatar.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support Level\u003C\u002Fh3>\n\u003Cp>Simple Local Avatars’ support level is marked as \u003Ccode>stable\u003C\u002Fcode>.  10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns.  We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes.  We otherwise intend to keep this tested up to the most recent version of WordPress.\u003C\u002Fp>\n","Adds an avatar upload field to user profiles. Generates requested sizes on demand just like Gravatar!",2395990,92,89,"2026-02-17T19:34:00.000Z","6.6","7.4",[18,19,82,104,83],"user-photos","https:\u002F\u002F10up.com\u002Fplugins\u002Fsimple-local-avatars-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-local-avatars.2.8.6.zip",93,"2025-08-11 18:20:29",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":98,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":127,"download_link":128,"security_score":129,"vuln_count":130,"unpatched_count":13,"last_vuln_date":131,"fetched_at":49},"metronet-profile-picture","User Profile Picture","2.6.3","Cozmoslabs","https:\u002F\u002Fprofiles.wordpress.org\u002Fcozmoslabs\u002F","\u003Cp>\u003Cstrong>User Profile Picture is no longer under active development, but will continue to work as is. We have integrated the current functionality in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprofile-builder\u002F\" rel=\"ugc\">Profile Builder\u003C\u002Fa> where it will actively be maintained, and we recommend migrating to it.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Set or remove a custom profile image for a user using the standard WordPress media upload tool.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cozmoslabs.com\u002Fuser-profile-picture\u002F\" rel=\"nofollow ugc\">View Documentation and Examples\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F9icnOWWZUpA?version=3&rel=0&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Users must have the ability to upload images (typically author role or greater). You can use the plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprofile-builder\u002F\" rel=\"ugc\">Profile Builder\u003C\u002Fa> to allow other roles (e.g. subscribers) the ability to upload images.\u003C\u002Fp>\n\u003Cp>A template tag is supplied for outputting to a theme and the option to override a user’s default avatar is also available.\u003C\u002Fp>\n\u003Ch3>Documentation and Feedback\u003C\u002Fh3>\n\u003Cp>See the documentation on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmadalinungureanu\u002Fuser-profile-picture\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmetronet-profile-picture\u002Freviews\u002F#new-post\" rel=\"ugc\">Rate the Plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Set a custom profile image (avatar) for a user using the standard WordPress media upload tool.",40000,1023099,59,"2024-07-18T13:11:00.000Z","6.6.5","4.6","5.6",[18,125,19,126,83],"blocks","user-profile","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmetronet-profile-picture\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetronet-profile-picture.2.6.3.zip",91,1,"2024-06-20 00:00:00",{"attackSurface":133,"codeSignals":161,"taintFlows":180,"riskAssessment":220,"analyzedAt":231},{"hooks":134,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":13,"unprotectedCount":13},[135,141,145,149,153],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","wp_head","extended_gravatar_head","extended-gravatar.php",53,{"type":136,"name":142,"callback":143,"file":139,"line":144},"wp_enqueue_scripts","extended_gravatar_scripts",54,{"type":136,"name":146,"callback":147,"file":139,"line":148},"admin_menu","extended_gravatar_admin_menu",155,{"type":136,"name":150,"callback":151,"priority":11,"file":139,"line":152},"wp_insert_comment","extended_gravatar_insert_comment",176,{"type":136,"name":154,"callback":155,"priority":11,"file":139,"line":156},"transition_comment_status","extended_gravatar_transition_comment",202,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":130,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":179},[],{"prepared":87,"raw":13,"locations":164},[],{"escaped":87,"rawEcho":166,"locations":167},5,[168,171,173,174,176],{"file":139,"line":169,"context":170},38,"raw output",{"file":139,"line":172,"context":170},39,{"file":139,"line":76,"context":170},{"file":139,"line":175,"context":170},87,{"file":177,"line":178,"context":170},"gravatar-fetch.php",8,[],[181,198,211],{"entryPoint":182,"graph":183,"unsanitizedCount":130,"severity":197},"extended_gravatar_options (extended-gravatar.php:61)",{"nodes":184,"edges":194},[185,189],{"id":186,"type":187,"label":188,"file":139,"line":175},"n0","source","$_SERVER['REQUEST_URI']",{"id":190,"type":191,"label":192,"file":139,"line":175,"wp_function":193},"n1","sink","echo() [XSS]","echo",[195],{"from":186,"to":190,"sanitized":196},false,"medium",{"entryPoint":199,"graph":200,"unsanitizedCount":130,"severity":197},"\u003Cgravatar-fetch> (gravatar-fetch.php:0)",{"nodes":201,"edges":209},[202,205],{"id":186,"type":187,"label":203,"file":177,"line":204},"$_GET",3,{"id":190,"type":191,"label":206,"file":177,"line":207,"wp_function":208},"file_get_contents() [SSRF\u002FLFI]",4,"file_get_contents",[210],{"from":186,"to":190,"sanitized":196},{"entryPoint":212,"graph":213,"unsanitizedCount":130,"severity":219},"\u003Cextended-gravatar> (extended-gravatar.php:0)",{"nodes":214,"edges":217},[215,216],{"id":186,"type":187,"label":188,"file":139,"line":175},{"id":190,"type":191,"label":192,"file":139,"line":175,"wp_function":193},[218],{"from":186,"to":190,"sanitized":196},"low",{"summary":221,"deductions":222},"The extended-gravatar plugin version 0.6 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices regarding SQL queries by exclusively using prepared statements and has no recorded vulnerabilities, including CVEs. The lack of external HTTP requests and bundled libraries is also a good sign. However, the analysis reveals significant concerns in other areas. Notably, the plugin has a low percentage of properly escaped output, indicating a potential for cross-site scripting (XSS) vulnerabilities where user-supplied data might be rendered directly in the browser without proper sanitization. Furthermore, the taint analysis shows that all analyzed flows have unsanitized paths, though thankfully, these did not escalate to critical or high severity issues in this specific scan. The absence of nonce checks and capability checks across its entry points (though currently zero) points to a lack of built-in security mechanisms that could be exploited if new entry points are introduced or if existing ones are misconfigured. While the current attack surface is reported as zero, this plugin's architecture seems to lack robust security fundamentals.",[223,225,227,229],{"reason":224,"points":178},"Low percentage of properly escaped output",{"reason":226,"points":166},"All analyzed taint flows have unsanitized paths",{"reason":228,"points":166},"No nonce checks",{"reason":230,"points":166},"No capability checks","2026-03-16T23:22:15.015Z",{"wat":233,"direct":244},{"assetPaths":234,"generatorPatterns":237,"scriptPaths":238,"versionParams":240},[235,236],"\u002Fwp-content\u002Fplugins\u002Fextended-gravatar\u002Fcss\u002Fhovercard.css","\u002Fwp-content\u002Fplugins\u002Fextended-gravatar\u002Fcss\u002Fservices.css",[],[239],"\u002Fwp-content\u002Fplugins\u002Fextended-gravatar\u002Fjs\u002Fgprofiles.js",[241,242,243],"extended-gravatar\u002Fcss\u002Fhovercard.css?ver=","extended-gravatar\u002Fcss\u002Fservices.css?ver=","extended-gravatar\u002Fjs\u002Fgprofiles.js?ver=",{"cssClasses":245,"htmlComments":246,"htmlAttributes":247,"restEndpoints":251,"jsGlobals":252,"shortcodeOutput":254},[],[],[248,249,250],"id=\"gravatar-card-css\"","id=\"gravatar-card-services-css\"","name=\"extended_gravatar_url\"",[],[253],"var extended_gravatar_url = ",[]]