[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCJbkHmW7BFx_W9TxdbaNyqQNNT5mDi7uTjBd_v_34s4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":122,"fingerprints":224},"frontenduseravatar","Frontend User Avatar","1.1.0","Albert Tarres","https:\u002F\u002Fprofiles.wordpress.org\u002Falberttarress\u002F","\u003Cp>Effortlessly manage and display your user profile avatar from the frontend.\u003C\u002Fp>\n\u003Cp>Use the [frontend-user-avatar] shortcode to allow users to upload or update their avatar directly on your site.\u003Cbr \u002F>\nAdditionally, the [frontend-avatar-preview] shortcode provides a real-time preview of the current avatar, enhancing the user experience with a visual confirmation before any changes are made.\u003C\u002Fp>\n","Effortlessly manage and display your user profile avatar from the frontend",10,1190,0,"2025-09-09T14:54:00.000Z","6.8.5","6.2","7.4",[19,20,21,22,23],"avatar","frontend","shortcodes","upload","user","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffrontenduseravatar.1.1.0.zip",100,null,"2026-03-15T14:54:45.397Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"alberttarress",1,30,94,"2026-04-04T09:06:41.708Z",[37,57,71,88,101],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":26,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":24,"tags":49,"homepage":52,"download_link":53,"security_score":54,"vuln_count":32,"unpatched_count":32,"last_vuln_date":55,"fetched_at":56},"codeablepress-simple-frontend-profile-picture-upload","CodeablePress: Simple Frontend Profile Picture Upload","1.0.2","codeablepress","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodeablepress\u002F","\u003Cp>⚠️ \u003Cstrong>This plugin has been retired.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We’ve rebuilt this plugin from the ground up as a brand new, modern WordPress.org plugin:\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fchargewp-front-end-avatar-upload\u002F\" rel=\"ugc\">ChargeWP – Front-End Avatar Upload\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please install and activate the new plugin\u003C\u002Fstrong> to continue receiving updates and support.\u003C\u002Fp>\n\u003Cp>This version (1.0.1) now displays a migration notice and version 1.0.2 will \u003Cstrong>not\u003C\u002Fstrong> run the upload functionality anymore — it’s safe to keep active temporarily while switching.\u003C\u002Fp>\n\u003Ch3>Why the Change?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The new plugin offers improved performance and security\u003C\u002Fli>\n\u003Cli>Better WooCommerce and \u003Cstrong>new\u003C\u002Fstrong> block editor support\u003C\u002Fli>\n\u003Cli>Ongoing updates and future enhancements on WordPress.org\u003C\u002Fli>\n\u003Cli>Easier support and automatic updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What Happens After Updating?\u003C\u002Fh3>\n\u003Cp>After updating to version 1.0.1, you’ll see a notice in your WordPress Dashboard with a one-click option to \u003Cstrong>Install & Activate ChargeWP – Front-End Avatar Upload\u003C\u002Fstrong>.\u003Cbr \u002F>\nAll existing data (user profile pictures) remain after switching plugins but will not work if you go back to the old plugin.\u003C\u002Fp>\n","A simple, lightweight, and secure way for users to upload profile pictures directly from the WooCommerce My Account page or via shortcode.",892,"2025-12-18T02:07:00.000Z","6.9.4","5.0",[19,20,22,50,51],"user-profile","woocommerce","https:\u002F\u002Fchargewp.com\u002Fplugin\u002Ffront-end-avatar-upload\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcodeablepress-simple-frontend-profile-picture-upload.1.0.2.zip",78,"2025-08-14 00:00:00","2026-03-15T15:16:48.613Z",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":13,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":47,"requires_at_least":48,"requires_php":24,"tags":67,"homepage":69,"download_link":70,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":56},"simple-frontend-avatar-uploader","Simple Frontend Avatar Uploader","1.0.0","revaithub","https:\u002F\u002Fprofiles.wordpress.org\u002Frevaithub\u002F","\u003Cp>Simple Frontend Avatar Uploader is a lightweight plugin that allows users to update their profile picture directly from the frontend. It uses the native WordPress media uploader for a seamless experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n*   Frontend profile picture upload.\u003Cbr \u002F>\n*   Uses WordPress Media Library.\u003Cbr \u002F>\n*   Shortcode \u003Ccode>[simple_frontend_avatar_upload]\u003C\u002Fcode> to display the upload button.\u003Cbr \u002F>\n*   AJAX-based upload for instant feedback.\u003Cbr \u002F>\n*   Restrict uploads to specific user roles.\u003Cbr \u002F>\n*   Customize image size and shape (Circle\u002FSquare).\u003Cbr \u002F>\n*   Modern Admin Settings page.\u003C\u002Fp>\n","Allow users to upload their profile picture from the frontend using a shortcode.",101,"2026-02-07T07:20:00.000Z",[19,20,68,22,23],"profile","https:\u002F\u002Frevaitsolutions.tech\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-frontend-avatar-uploader.zip",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":26,"num_ratings":32,"last_updated":81,"tested_up_to":47,"requires_at_least":82,"requires_php":17,"tags":83,"homepage":52,"download_link":87,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":56},"chargewp-front-end-avatar-upload","ChargeWP – Front End Avatar Upload","2.0.2","ChargeWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fchargewp\u002F","\u003Cp>\u003Cstrong>It just works.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>ChargeWP Avatar Upload gives users a clean, intuitive way to update their profile photo without opening the dashboard.\u003Cbr \u002F>\nIt’s built for modern WordPress sites: secure, lightweight, and theme-friendly.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Instant front-end upload\u003C\u002Fstrong> — update your avatar right on the page or in WooCommerce “My Account.”  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SmartCrop.js built in\u003C\u002Fstrong> — automatically centers faces for perfect, professional results.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gutenberg Block and Shortcode\u003C\u002Fstrong> — add the avatar uploader anywhere you want.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravatar friendly\u003C\u002Fstrong> — keeps existing Gravatars in place and simply takes priority when a custom image is uploaded.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic cleanup\u003C\u002Fstrong> — replaces old avatars so your media library stays tidy.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and native\u003C\u002Fstrong> — no complex settings, no setup screens, and no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why You’ll Love It\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Works straight out of the box.  \u003C\u002Fli>\n\u003Cli>Looks and feels like part of WordPress and WooCommerce.  \u003C\u002Fli>\n\u003Cli>Secure uploads with smart cropping and optimized JPEG output.  \u003C\u002Fli>\n\u003Cli>Supports all image types WordPress allows (JPG, PNG, WebP, and more).  \u003C\u002Fli>\n\u003Cli>Translation ready and developer friendly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Shortcode example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[chargewp_avatar type=\"0\" check_page_author=\"false\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Attributes:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ccode>type\u003C\u002Fcode> — 0 = avatar only, 1 = avatar + name + ID, 2 = avatar + name + ID + profile link. Default: 0\u003Cbr \u002F>\n– \u003Ccode>check_page_author\u003C\u002Fcode> — true or false. When true, shows the page or post author’s avatar instead of the current user. Default: false\u003Cbr \u002F>\n– \u003Ccode>classes\u003C\u002Fcode> — Optional extra CSS classes for custom styling.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Insert the \u003Cstrong>ChargeWP Avatar\u003C\u002Fstrong> block in the editor.\u003Cbr \u002F>\n– Adjust display type and author options from the block sidebar.\u003C\u002Fp>\n\u003Ch3>Developer Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Template overrides are supported. Copy files from\u003Cbr \u002F>\n  plugins\u002Fchargewp-avatar\u002Ftemplates\u002F to \u003Ccode>yourtheme\u002Ftemplates\u002Fcwpa\u002F\u003C\u002Fcode>.  \u003C\u002Fli>\n\u003Cli>Filters to disable automatic placement:\n\u003Cul>\n\u003Cli>\u003Ccode>add_filter('cwpa_auto_inject_wc_account', '__return_false');\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Ccode>add_filter('cwpa_auto_inject_cwpd_sidebar', '__return_false');\u003C\u002Fcode>  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Filters to change display type:\n\u003Cul>\n\u003Cli>\u003Ccode>cwpa_avatar_type_wc_account\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>\u003Ccode>cwpa_avatar_type_cwpd_sidebar\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Change your profile picture instantly from the front end.   Simple, fast, and built to feel like part of WordPress.",20,234,"2025-12-03T17:28:00.000Z","5.8",[19,84,85,86,51],"frontend-upload","gravatar","profile-picture","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchargewp-front-end-avatar-upload.2.0.2.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":11,"downloaded":96,"rating":13,"num_ratings":13,"last_updated":24,"tested_up_to":47,"requires_at_least":82,"requires_php":17,"tags":97,"homepage":24,"download_link":99,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":100},"am-avatar","AM-Avatar","1.0","amdevbro","https:\u002F\u002Fprofiles.wordpress.org\u002Famdevbro\u002F","\u003Cp>AM-Avatar is a lightweight and efficient WordPress plugin that allows users to upload custom profile pictures directly from their user profile page.\u003C\u002Fp>\n\u003Cp>Key features:\u003Cbr \u002F>\n* \u003Cstrong>Automatic WebP Conversion:\u003C\u002Fstrong> All uploaded images are automatically converted to WebP format for superior performance and smaller file sizes.\u003Cbr \u002F>\n* \u003Cstrong>Smart Integration:\u003C\u002Fstrong> Seamlessly replaces the default Gravatar section on the profile page using a native-looking interface.\u003Cbr \u002F>\n* \u003Cstrong>Organized Storage:\u003C\u002Fstrong> Keeps your uploads folder clean by storing all avatars in a dedicated \u003Ccode>\u002Fuploads\u002Fam-avatar\u002F\u003C\u002Fcode> directory.\u003Cbr \u002F>\n* \u003Cstrong>Settings Page:\u003C\u002Fstrong> Includes a dedicated settings menu to manage plugin preferences.\u003Cbr \u002F>\n* \u003Cstrong>Cleanup Option:\u003C\u002Fstrong> Choose whether to permanently delete all uploaded data and settings when the plugin is uninstalled.\u003Cbr \u002F>\n* \u003Cstrong>Security First:\u003C\u002Fstrong> Includes Nonce verification, strict sanitization, and WP_Filesystem API integration.\u003Cbr \u002F>\n* \u003Cstrong>Performance:\u003C\u002Fstrong> Automatically resizes images to 150x150px to ensure fast loading times.\u003Cbr \u002F>\n* \u003Cstrong>Privacy Friendly:\u003C\u002Fstrong> No external calls to Gravatar servers when a custom avatar is set.\u003C\u002Fp>\n","High-performance avatar management with automatic WebP conversion and custom directory integration.",115,[19,86,22,50,98],"webp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fam-avatar.1.0.zip","2026-03-15T10:48:56.248Z",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":34,"num_ratings":111,"last_updated":112,"tested_up_to":47,"requires_at_least":113,"requires_php":24,"tags":114,"homepage":117,"download_link":118,"security_score":119,"vuln_count":120,"unpatched_count":13,"last_vuln_date":121,"fetched_at":56},"one-user-avatar","One User Avatar | User Profile Picture","2.5.4","One Designs","https:\u002F\u002Fprofiles.wordpress.org\u002Fonedesigns\u002F","\u003Cp>WordPress currently only allows you to use custom avatars that are uploaded through \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa>. \u003Cstrong>One User Avatar\u003C\u002Fstrong> enables you to use any photo uploaded into your Media Library as an avatar. This means you use the same uploader and library as your posts. No extra folders or image editing functions are necessary. This plugin is a fork of WP User Avatar v2.2.16.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>One User Avatar\u003C\u002Fstrong> also lets you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Upload your own Default Avatar in your One User Avatar settings.\u003C\u002Fli>\n\u003Cli>Show the user’s \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa> avatar or Default Avatar if the user doesn’t have a One User Avatar image.\u003C\u002Fli>\n\u003Cli>Disable \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa> avatars and use only local avatars.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[avatar_upload]\u003C\u002Fcode> shortcode to add a standalone uploader to a front page or widget. This uploader is only visible to logged-in users.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[avatar]\u003C\u002Fcode> shortcode in your posts. These shortcodes will work with any theme, whether it has avatar support or not.\u003C\u002Fli>\n\u003Cli>Allow Contributors and Subscribers to upload their own avatars.\u003C\u002Fli>\n\u003Cli>Limit upload file size and image dimensions for Contributors and Subscribers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>One User Avatar\u003Cbr \u002F>\nCopyright (c) 2023 One Designs https:\u002F\u002Fonedesigns.com\u002F\u003Cbr \u002F>\nLicense: GPLv2\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002Fonedesigns\u002Fone-user-avatar\u003C\u002Fp>\n\u003Cp>One User Avatar is based on WP User Avatar v2.2.16\u003Cbr \u002F>\nCopyright (c) 2020-2021 ProfilePress https:\u002F\u002Fprofilepress.net\u002F\u003Cbr \u002F>\nCopyright (c) 2014-2020 Flippercode https:\u002F\u002Fwww.flippercode.com\u002F\u003Cbr \u002F>\nCopyright (c) 2013-2014 Bangbay Siboliban http:\u002F\u002Fbangbay.com\u002F\u003Cbr \u002F>\nLicense: GPLv2\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002Fprofilepress\u002Fwp-user-avatar\u003C\u002Fp>\n\u003Cp>One User Avatar is distributed under the terms of the GNU GPL\u003C\u002Fp>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation, either version 2 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Ch3>Advanced Settings\u003C\u002Fh3>\n\u003Ch4>Add One User Avatar to your own profile edit page\u003C\u002Fh4>\n\u003Cp>You can use the [avatar_upload] shortcode to add a standalone uploader to any page. It’s best to use this uploader by itself and without other profile fields.\u003C\u002Fp>\n\u003Cp>If you’re building your own profile edit page with other fields, One User Avatar is automatically added to the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\u002FAction_Reference\u002Fshow_user_profile\" rel=\"nofollow ugc\">show_user_profile\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\u002FAction_Reference\u002Fshow_user_profile\" rel=\"nofollow ugc\">edit_user_profile\u003C\u002Fa> hooks. If you’d rather have One User Avatar in its own section, you could add another hook:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>do_action( 'edit_user_avatar', $current_user );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Then, to add One User Avatar to that hook and remove it from the other hooks outside of the administration panel, you would add this code to the \u003Ccode>functions.php\u003C\u002Fcode> file of your theme:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_avatar_filter() {\n    \u002F\u002F Remove from show_user_profile hook\n    remove_action( 'show_user_profile', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    remove_action( 'show_user_profile', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n\n    \u002F\u002F Remove from edit_user_profile hook\n    remove_action( 'edit_user_profile', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    remove_action( 'edit_user_profile', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n\n    \u002F\u002F Add to edit_user_avatar hook\n    add_action( 'edit_user_avatar', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    add_action( 'edit_user_avatar', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n}\n\n\u002F\u002F Loads only outside of administration panel\nif ( ! is_admin() ) {\n    add_action( 'init','my_avatar_filter' );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>HTML Wrapper\u003C\u002Fh4>\n\u003Cp>You can change the HTML wrapper of the One User Avatar section by using the functions \u003Ccode>wpua_before_avatar\u003C\u002Fcode> and \u003Ccode>wpua_after_avatar\u003C\u002Fcode>. By default, the avatar code is structured like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cdiv class=\"wpua-edit-container\">\n    \u003Ch3>Avatar\u003C\u002Fh3>\n    \u003Cinput type=\"hidden\" name=\"wp-user-avatar\" id=\"wp-user-avatar\" value=\"{attachmentID}\" \u002F>\n    \u003Cp id=\"wpua-add-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-add\" name=\"wpua-add\">Edit Image\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-preview\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        Original Size\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-thumbnail\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        Thumbnail\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-remove-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-remove\" name=\"wpua-remove\">Default Avatar\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-undo-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-undo\" name=\"wpua-undo\">Undo\u003C\u002Fbutton>\n    \u003C\u002Fp>\n\u003C\u002Fdiv>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To strip out the div container and h3 heading, you would add the following filters to the \u003Ccode>functions.php\u003C\u002Fcode> file in your theme:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>remove_action( 'wpua_before_avatar', 'wpua_do_before_avatar' );\nremove_action( 'wpua_after_avatar', 'wpua_do_after_avatar' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To add your own wrapper, you could create something like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_before_avatar() {\n    echo '\u003Cdiv id=\"my-avatar\">';\n}\nadd_action( 'wpua_before_avatar', 'my_before_avatar' );\n\nfunction my_after_avatar() {\n    echo '\u003C\u002Fdiv>';\n}\nadd_action( 'wpua_after_avatar', 'my_after_avatar' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This would output:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cdiv id=\"my-avatar\">\n    \u003Cinput type=\"hidden\" name=\"wp-user-avatar\" id=\"wp-user-avatar\" value=\"{attachmentID}\" \u002F>\n    \u003Cp id=\"wpua-add-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-add\" name=\"wpua-add\">Edit Image\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-preview\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        \u003Cspan class=\"description\">Original Size\u003C\u002Fspan>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-thumbnail\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        \u003Cspan class=\"description\">Thumbnail\u003C\u002Fspan>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-remove-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-remove\" name=\"wpua-remove\">Default Avatar\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-undo-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-undo\" name=\"wpua-undo\">Undo\u003C\u002Fbutton>\n    \u003C\u002Fp>\n\u003C\u002Fdiv>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.",100000,490816,41,"2026-01-12T00:58:00.000Z","4.0",[19,115,85,68,116],"bbpress","users","https:\u002F\u002Fonedesigns.com\u002Fplugins\u002Fone-user-avatar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-user-avatar.2.5.4.zip",99,2,"2021-09-20 00:00:00",{"attackSurface":123,"codeSignals":172,"taintFlows":209,"riskAssessment":210,"analyzedAt":223},{"hooks":124,"ajaxHandlers":160,"restRoutes":161,"shortcodes":162,"cronEvents":171,"entryPointCount":120,"unprotectedCount":13},[125,131,137,139,143,146,150,155],{"type":126,"name":127,"callback":128,"priority":11,"file":129,"line":130},"filter","get_avatar_data","filter_avatar","Functionality\\Avatar.php",14,{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","show_user_profile","edit_user_profile","Functionality\\Profile.php",19,{"type":132,"name":134,"callback":134,"file":135,"line":138},22,{"type":132,"name":140,"callback":141,"file":135,"line":142},"personal_options_update","update_avatar",25,{"type":132,"name":144,"callback":141,"file":135,"line":145},"edit_user_profile_update",28,{"type":132,"name":147,"callback":148,"file":135,"line":149},"admin_enqueue_scripts","enqueue_admin_script",31,{"type":132,"name":151,"callback":152,"file":153,"line":154},"wp_enqueue_scripts","frontend_user_avatar_shortcode_scripts","Functionality\\Shortcodes.php",18,{"type":132,"name":156,"callback":157,"file":158,"line":159},"plugins_loaded","loadPluginTextdomain","Includes\\Loader.php",11,[],[],[163,167],{"tag":164,"callback":165,"file":153,"line":166},"frontend-user-avatar","frontend_user_avatar_shortcode",16,{"tag":168,"callback":169,"file":153,"line":170},"frontend-avatar-preview","frontend_user_avatar_preview_shortcode",17,[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":176,"fileOperations":32,"externalRequests":13,"nonceChecks":32,"capabilityChecks":13,"bundledLibraries":208},[],{"prepared":13,"raw":13,"locations":175},[],{"escaped":177,"rawEcho":154,"locations":178},5,[179,182,184,185,187,189,191,193,195,196,197,198,200,202,203,205,206,207],{"file":135,"line":180,"context":181},39,"raw output",{"file":135,"line":183,"context":181},44,{"file":135,"line":183,"context":181},{"file":135,"line":186,"context":181},50,{"file":135,"line":188,"context":181},51,{"file":135,"line":190,"context":181},56,{"file":153,"line":192,"context":181},46,{"file":153,"line":194,"context":181},47,{"file":153,"line":194,"context":181},{"file":153,"line":194,"context":181},{"file":153,"line":194,"context":181},{"file":153,"line":199,"context":181},54,{"file":153,"line":201,"context":181},55,{"file":153,"line":190,"context":181},{"file":153,"line":204,"context":181},82,{"file":153,"line":204,"context":181},{"file":153,"line":204,"context":181},{"file":153,"line":204,"context":181},[],[],{"summary":211,"deductions":212},"The 'frontenduseravatar' plugin v1.1.0 presents a generally good security posture with several positive indicators. The absence of known CVEs and a clean vulnerability history are strong points, suggesting the developers have a history of addressing security issues or the plugin has not been a significant target. The code analysis shows a complete lack of dangerous functions and external HTTP requests, and all SQL queries are properly prepared. Furthermore, the plugin correctly utilizes nonces and has a limited attack surface with only two shortcodes and no unprotected entry points.\n\nHowever, there are notable areas for concern. The most significant is the extremely low rate of output escaping (22%), indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis did not reveal any flows, this is likely due to a lack of flows being analyzed or the absence of complex data manipulation that would trigger the analysis. The plugin also lacks capability checks, meaning that potentially sensitive operations could be accessed by users without appropriate permissions, further amplifying the XSS risk. The presence of file operations without any clear indication of sanitization or permission checks also warrants attention.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and good practices in areas like SQL and nonces, the poor output escaping and lack of capability checks represent significant security weaknesses. The limited taint analysis and file operations also suggest potential blind spots. Users should proceed with caution until these critical issues are addressed, particularly the output escaping.",[213,216,218,220],{"reason":214,"points":215},"Low output escaping rate (22%)",15,{"reason":217,"points":11},"Missing capability checks",{"reason":219,"points":177},"Presence of file operations without evident sanitization",{"reason":221,"points":222},"Limited taint analysis (0 flows analyzed)",3,"2026-03-16T23:34:28.427Z",{"wat":225,"direct":234},{"assetPaths":226,"generatorPatterns":229,"scriptPaths":230,"versionParams":231},[227,228],"\u002Fwp-content\u002Fplugins\u002Ffrontenduseravatar\u002Fdist\u002Fapp.js","\u002Fwp-content\u002Fplugins\u002Ffrontenduseravatar\u002Fdist\u002Fapp.css",[],[],[232,233],"frontenduseravatar\u002Fdist\u002Fapp.js?ver=","frontenduseravatar\u002Fdist\u002Fapp.css?ver=",{"cssClasses":235,"htmlComments":246,"htmlAttributes":247,"restEndpoints":253,"jsGlobals":254,"shortcodeOutput":255},[236,237,238,239,240,241,242,243,244,245,168],"fua_admin_page_title","fua_avatar_switch_button","fua_avatar_preview","fua_avatar_input","fua_delete_avatar_button","fua_helper_text","fua_shortcode_form","fua_button","fua_input_submit","fua_button_primary",[],[248,249,250,251,252],"id=\"fua_avatar_switch_button\"","id=\"fua_avatar_preview\"","id=\"fua_avatar_input\"","id=\"fua_avatar_delete\"","id=\"fua_avatar_submit\"",[],[],[256,257,258,259,260,261],"\u003Cform class=\"fua_shortcode_form\" method=\"POST\" enctype=\"multipart\u002Fform-data\" action=\"","\u003Cimg id=\"fua_avatar_preview\" src=\"","\u003Cinput id=\"fua_avatar_input\" class=\"hidden\" type=\"file\" accept=\"image\u002F*\" name=\"frontend-user-avatar\">","\u003Cinput id=\"fua_avatar_submit\" disabled class=\"fua_input_submit fua_button fua_button_primary\" type=\"submit\" value=\"Save avatar\"","\u003Cinput id=\"fua_avatar_delete\" class=\"fua_delete_avatar_button fua_button\" type=\"submit\" name=\"delete_avatar\" value=\"Delete avatar\"","\u003Cimg class=\"frontend-avatar-preview\" src=\""]