WP-Safety

Gravatar Enhanced – Avatars, Profiles, and Privacy Security & Risk Analysis

wordpress.org/plugins/gravatar-enhanced

The official Gravatar plugin, featuring privacy-focused settings, easy profile updates, and customizable Gravatar Profile blocks.

90K active installs v0.13.0 PHP 7.4+ WP 6.6+ Updated Oct 7, 2025
avatarcommentsprivacyprofileprofile-picture
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gravatar Enhanced – Avatars, Profiles, and Privacy Safe to Use in 2026?

Generally Safe

Score 100/100

Gravatar Enhanced – Avatars, Profiles, and Privacy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The Gravatar Enhanced plugin, version 0.13.0, exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of any recorded CVEs, critical taint flows, or significant code signals like dangerous functions, raw SQL queries without prepared statements, or unescaped output, suggests that the development team has been diligent in addressing security concerns.

While the plugin has a minimal attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication, a notable area of concern is the complete lack of capability checks. This means that any functionality within the plugin, however limited, could potentially be accessed by any logged-in user, regardless of their role or permissions. Coupled with two file operations and one external HTTP request, this presents a minor potential risk if these operations or requests were to be exploited in conjunction with a weakness in how user input is handled for them, though the taint analysis shows no flows of concern.

Overall, the plugin appears secure due to its limited scope and lack of known vulnerabilities. However, the absence of capability checks is a weakness that could be exploited in specific scenarios. Strengthening access control would further enhance its security. The history of no vulnerabilities further bolsters confidence in its current security.

Key Concerns

  • No capability checks present
Vulnerabilities
None known

Gravatar Enhanced – Avatars, Profiles, and Privacy Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Gravatar Enhanced – Avatars, Profiles, and Privacy Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
2 prepared
Unescaped Output
7
30 escaped
Nonce Checks
2
Capability Checks
0
File Operations
2
External Requests
1
Bundled Libraries
0

SQL Query Safety

67% prepared3 total queries

Output Escaping

81% escaped37 total outputs
Attack Surface

Gravatar Enhanced – Avatars, Profiles, and Privacy Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 37
actionadmin_head-options-discussion.phpclasses\analytics\class-analytics.php:29
filterget_avatar_urlclasses\avatar\class-avatar.php:35
filterpre_get_avatar_dataclasses\avatar\class-avatar.php:36
filterget_avatarclasses\avatar\class-avatar.php:37
filteravatar_defaultsclasses\avatar\class-avatar.php:38
actioninitclasses\block\class-block.php:16
actioninitclasses\comments\class-comments.php:29
actionwp_enqueue_scriptsclasses\comments\class-comments.php:43
actioncomment_form_field_emailclasses\comments\class-comments.php:44
filtercomment_form_fieldsclasses\comments\class-comments.php:45
actionwp_insert_commentclasses\email\class-email.php:45
actiontransition_comment_statusclasses\email\class-email.php:46
actionwp_insert_commentclasses\email\class-email.php:47
actioninitclasses\hovercards\class-hovercards.php:23
actionadmin_initclasses\hovercards\class-hovercards.php:36
actionwp_enqueue_scriptsclasses\hovercards\class-hovercards.php:37
actionadmin_enqueue_scriptsclasses\hovercards\class-hovercards.php:38
actionadmin_initclasses\options\class-discussions.php:49
actionload-options.phpclasses\options\class-discussions.php:58
actioninitclasses\patterns\class-patterns.php:47
actioninitclasses\patterns\class-patterns.php:48
actionwp_enqueue_scriptsclasses\patterns\class-patterns.php:49
actionwp_enqueue_scriptsclasses\patterns\class-patterns.php:50
actionenqueue_block_assetsclasses\patterns\class-patterns.php:51
actionenqueue_block_assetsclasses\patterns\class-patterns.php:52
actionadmin_initclasses\proxy\class-proxy.php:68
filterget_avatar_urlclasses\proxy\class-proxy.php:71
actionadmin_initclasses\quick-editor\class-quick-editor.php:19
actionadmin_head-profile.phpclasses\quick-editor\class-quick-editor.php:28
actionadmin_footer-profile.phpclasses\quick-editor\class-quick-editor.php:29
actionadmin_head-user-edit.phpclasses\quick-editor\class-quick-editor.php:30
actionadmin_footer-user-edit.phpclasses\quick-editor\class-quick-editor.php:31
filterget_avatar_urlclasses\quick-editor\class-quick-editor.php:33
filteruser_profile_picture_descriptionclasses\quick-editor\class-quick-editor.php:34
actionadmin_enqueue_scriptsclasses\woocommerce\class-admin-customers.php:36
actionwoocommerce_before_account_navigationclasses\woocommerce\class-my-account.php:36
actionwoocommerce_after_account_navigationclasses\woocommerce\class-my-account.php:37
Maintenance & Trust

Gravatar Enhanced – Avatars, Profiles, and Privacy Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 7, 2025
PHP min version7.4
Downloads32K

Community Trust

Rating100/100
Number of ratings3
Active installs90K
Alternatives

Gravatar Enhanced – Avatars, Profiles, and Privacy Alternatives

AP Gravatars

AP Gravatars

ap-gravatars

A
85

A simple plugin that adds the gravatar photo associated with the user's email to their profile page... MultiSite compatable!

200 No CVEs
Advanced User Avatar | Custom Profile Picture Uploader for WordPress, WooCommerce, and BuddyPress

Advanced User Avatar | Custom Profile Picture Uploader for WordPress, WooCommerce, and BuddyPress

wpmake-advance-user-avatar

A
100

Adds an avatar upload field through a simple shortcode or block to let your site users upload a custom profile picture (avatar) directly from their de …

200 No CVEs
Custom Profile Picture – Replace Gravatar with Your Own Images

Custom Profile Picture – Replace Gravatar with Your Own Images

custom-profile-picture

A
100

Replace default Gravatars with custom profile pictures! Upload from media library or device. Bulk manage all users from one beautiful admin page.

70 No CVEs
GITST CUSTOM AVATAR

GITST CUSTOM AVATAR

gitst-custom-avatar-user-profile-pictures-manager

A
85

Set custom AVATAR (User Profile Image) and store avatars into Database as base64 string.

60 No CVEs
Social Profile Frame Generator – Custom Social Media Frames Creator

Social Profile Frame Generator – Custom Social Media Frames Creator

profile-frame-generator

A
100

All-in-one profile picture frame generator. Allows users to upload their photo, apply a frame, customize with zoom/rotate/bokeh, and download.

60 No CVEs
Developer Profile

Gravatar Enhanced – Avatars, Profiles, and Privacy Developer Profile

Automattic

213 plugins · 19.2M total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
1384 days
View full developer profile
Detection Fingerprints

How We Detect Gravatar Enhanced – Avatars, Profiles, and Privacy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravatar-enhanced/build/discussion.asset.php/wp-content/plugins/gravatar-enhanced/build/comments.asset.php/wp-content/plugins/gravatar-enhanced/build/comments.js/wp-content/plugins/gravatar-enhanced/build/style-comments.css/wp-content/plugins/gravatar-enhanced/classes/comments/theme-override/twentyeleven.css
Script Paths
//stats.wp.com/w.js
Version Parameters
gravatar-enhanced-comments?ver=gravatar-enhanced-comments-override?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- BEGIN Gravatar Enhanced --><!-- END Gravatar Enhanced --><!-- BEGIN Gravatar Enhanced for Comments --><!-- END Gravatar Enhanced for Comments -->
JS Globals
window._deferredTracksEventswindow.gravatarwindow.gravatarEnhancedComments
FAQ

Frequently Asked Questions about Gravatar Enhanced – Avatars, Profiles, and Privacy