[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKfUZCw6CEhqiHJ4_NbrSSkrbv9wwXN_x1Ld6HLUzIQI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":133,"fingerprints":437},"gravatar-signup-encouragement","Gravatar Signup Encouragement","3.1","Milan Dinić","https:\u002F\u002Fprofiles.wordpress.org\u002Fdimadin\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fblog.milandinic.com\u002Fwordpress\u002Fplugins\u002Fgravatar-signup-encouragement\u002F\" rel=\"nofollow ugc\">Plugin homepage\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fblog.milandinic.com\u002F\" rel=\"nofollow ugc\">Plugin author\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fblog.milandinic.com\u002Fdonate\u002F\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin shows a message with link to signup page of Gravatar (pre-filled with e-mail address) to commenters and\u002For users who don’t have gravatar.\u003C\u002Fp>\n\u003Cp>Message can be shown to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>unregistered commenters when they leave text input field for e-mail address\u003C\u002Fli>\n\u003Cli>registered commenters to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>unregistered commenters after they post a comment in a dialog, to whom their entered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered commenters after they post a comment in a dialog, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered users in administration notices, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered users in admin bar, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered users on their profile page, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>users who fill registration form when they leave text input field for e-mail address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Options are fully customizable. See FAQ for more information.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, it adds only one field in database which is deleted if you uninstall plugin using WordPress’ built-in feature for deletion of plugins. Also it will only load jQuery file to head of your page if it wasn’t already loaded by theme or other plugin(s). Checks for gravatar are done via simple AJAX.\u003Cbr \u002F>\nIf you want to speed up your web site and save on bandwidth and server resources, it is recommended that you also install plugin \u003Ca href=\"http:\u002F\u002Fjasonpenney.net\u002Fwordpress-plugins\u002Fuse-google-libraries\u002F\" rel=\"nofollow ugc\">Use Google Libraries\u003C\u002Fa> which will load jQuery file from \u003Ca href=\"http:\u002F\u002Fcode.google.com\u002Fapis\u002Fajaxlibs\u002F\" rel=\"nofollow ugc\">Google AJAX Libraries\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>In order to plugin works, it needs to be on server with PHP 5 and on WordPress 2.8 or above.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FeIvm4rBkxPk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&cc_load_policy=1&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Shows a message with link to Gravatar's signup page to commenters and\u002For users without gravatar.",50,15171,90,2,"2012-07-11T15:42:00.000Z","3.4.2","2.8","",[20,21,22,23],"avatar","avatars","gravatar","gravatars","http:\u002F\u002Fblog.milandinic.com\u002Fwordpress\u002Fplugins\u002Fgravatar-signup-encouragement\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravatar-signup-encouragement.3.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":26,"computed_at":37},"dimadin",20,48020,87,30,"2026-04-04T02:31:07.541Z",[39,62,81,99,115],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":60,"download_link":61,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-disable","Reduce HTTP Requests, Disable Emojis & Disable Embeds, Speedup WooCommerce","1.6.1","hosting.io","https:\u002F\u002Fprofiles.wordpress.org\u002Fpigeonhut\u002F","\u003Cp>\u003Cstrong>Reduce HTTP requests\u003C\u002Fstrong> – Disable Emojis, Disable Gravatars, Disable Embeds and Remove Querystrings. SpeedUp WooCommerce, Added support to disable pingbacks, disable trackbacks, close comments after 28 days, Added the ability to force pagingation after 20 posts,\u003Cbr \u002F>\nDisable WooCommerce scripts and CSS on non WooCommerce Pages, Disable RSS, Disable XML-RPC, Disable Autosave, Remove Windows Live Writer tag, Remove Shortlink Tag, Remove WP API from header and\u003Cbr \u002F>\n many more features to help speed and SEO gains.  Now includes \u003Cstrong>Disable Comments, Heartbeat Control, Selective Disable\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003C\u002Fstrong>\u003Cstrong>NEW Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n Better Stats on Dashboard\u003Cbr \u002F>\n Disable loading dashicons on front end if admin bar disabled\u003Cbr \u002F>\n Disable Author Pages\u003C\u002Fp>\n\u003Cp>Disabling Emojis does not disable emoticons, it disables the support for Emojis added since WP 4.2 and removes 1 HTTP request.\u003C\u002Fp>\n\u003Cp>Disabling Embeds  – script that auto formats pasted content in the visual editor, eg videos, etc. Big issue with this script is it loads on every\u003Cbr \u002F>\nsingle page. You can still use the default embed code from YouTube, Twitter etc to included content.\u003C\u002Fp>\n\u003Cp>Remove Query Strings: If you look at the waterfall view of your page load, you will see your query strings end in something like ver=1.12.4.\u003Cbr \u002F>\nThese are called query strings and help determine the version of the script. The problem with query strings like these is that it isn’t very efficient for caching purposes and sometimes prevents caching those assets altogether.  If you are using a CDN already, you can ignore this.\u003C\u002Fp>\n\u003Cp>Disabling Gravatars is completely optional, advise, if you don’t use them, disable as it gets rid of one more useless HTTP request.\u003C\u002Fp>\n\u003Cp>General Performance improvements: Added support for : disable ping\u002Ftrackbacks, close comments after 28 days, force pagingation after 20 posts, Disable WooCommerce scripts and CSS on non WooCommerce Pages.\u003C\u002Fp>\n\u003Cp>Have an idea ?\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhosting-io\u002Fwp-disable\" rel=\"nofollow ugc\">Public repo on GitHub\u003C\u002Fa> if you would like to contribute or have any ideas to add.\u003C\u002Fp>\n\u003Cp>Docs & Support\u003Cbr \u002F>\nThe \u003Ca href=\"https:\u002F\u002Foptimisation.io\u002Ffaq\u002F\" rel=\"nofollow ugc\">documentation is an on-going project\u003C\u002Fa>, so please bare with us as we update.  If you would like to help with the documentation, please get in touch.\u003C\u002Fp>\n","Reduce HTTP requests - Disable Emojis, Disable Gravatars, Disable Embeds and Remove Querystrings. SpeedUp WooCommerce, Added support to disable pingba &hellip;",10000,309866,82,45,"2020-08-09T07:42:00.000Z","5.3.21","4.5",[55,56,57,58,59],"disable-embeds","disable-emoji","disable-gravatars","reduce-http-requests","remove-querystrings","https:\u002F\u002Foptimisation.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-disable.1.6.1.zip",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":18,"tags":77,"homepage":79,"download_link":80,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"easygravatars","Easy Gravatars","1.3","Dougal Campbell","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougal\u002F","\u003Cp>This plugin allows you to automatically add Gravatars for commenters to your\u003Cbr \u002F>\ntheme, if your theme does not already support them.\u003C\u002Fp>\n\u003Cp>According to the Gravatar.com website, Gravatars are Globally Recognized\u003Cbr \u002F>\nAvatars, or an “avatar image that follows you from weblog to weblog\u003Cbr \u002F>\nappearing beside your name when you comment on gravatar enabled sites.”\u003Cbr \u002F>\nYou register with the Gravatar server, and upload an image which you will\u003Cbr \u002F>\nuse as your avatar. The gravatar image is keyed to your email address, so\u003Cbr \u002F>\nthat it is unique to you.\u003C\u002Fp>\n\u003Cp>This plugin will display gravatars for the people who comment on your posts.\u003Cbr \u002F>\nYou do not need to modify any of your template files — just activate the\u003Cbr \u002F>\nplugin, and it will add gravatars to your comments template automatically.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Based on a code snippet from Matt Mullenweg:\u003Cbr \u002F>\n  http:\u002F\u002Fphotomatt.net\u002F2007\u002F10\u002F20\u002Fgravatar-enabled\u002F\u003Cbr \u002F>\n  http:\u002F\u002Fpastebin.ca\u002F743979\u003C\u002Fp>\n\u003Cp>Props to David Potter for pointing out that Gravatar normalizes email\u003Cbr \u002F>\naddresses to lowercase before hashing with MD5:\u003Cbr \u002F>\n  http:\u002F\u002Fdpotter.net\u002FTechnical\u002Findex.php\u002F2007\u002F10\u002F22\u002Fintegrating-gravatar-support\u002F\u003C\u002Fp>\n","Add Gravatars to your comments without modifying any template files. Just activate, and you're done!",200,64590,100,1,"2010-01-14T15:36:00.000Z","3.0.5","2.0.4",[20,21,78,22,23],"comments","http:\u002F\u002Fdougal.gunters.org\u002Fplugins\u002Feasy-gravatars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasygravatars.1.3.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":72,"downloaded":89,"rating":49,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":18,"tags":94,"homepage":18,"download_link":98,"security_score":72,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"bp-local-avatars","BP Local Avatars","3.0","shanebp","https:\u002F\u002Fprofiles.wordpress.org\u002Fshanebp\u002F","\u003Cp>BP Local Avatars is a BuddyPress plugin.\u003C\u002Fp>\n\u003Cp>Do you have members or groups on your BuddyPress site who do not have an Avatar?\u003Cbr \u002F>\nAnd you do not want to show the generic default avatar?\u003Cbr \u002F>\nOr maybe you do not want each page view to include a lot of calls to gravatar.com to load avatars?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin will create a Gravatar Identicon avatar, thumb and full versions, for any user who does not already have an Avatar, and save it locally.\u003C\u002Fli>\n\u003Cli>Supports user creation, user registration, user login, and Bulk Generation for user and groups.\u003C\u002Fli>\n\u003Cli>Uses the existing BuddyPress avatar directory structure.\u003C\u002Fli>\n\u003Cli>Conforms to the defined sizes for BuddyPress thumb and full avatars.\u003C\u002Fli>\n\u003Cli>Users can still upload an avatar via their profile.\u003C\u002Fli>\n\u003Cli>Groups can still upload an avatar via Group > Manage > Photo.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Provides an option in wp-admin under:\u003Cbr \u002F>\nSettings -> Discussion > Default Avatar > BuddyPress Identicon (Generated and Stored Locally).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select and Save. Otherwise this plugin will not do anything.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After saving, you will see a link to ‘Bulk Generate’ avatars for all users and groups who do not have a local avatar. If a user already has their own Gravatar, it will save it locally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more BuddyPress plugins, please visit \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002F\" rel=\"nofollow ugc\">PhiloPress\u003C\u002Fa>\u003C\u002Fp>\n","A BuddyPress plugin that creates Gravatar avatars for any user or group without one, and stores them locally.",10578,7,"2025-04-19T17:32:00.000Z","6.8.5","4.0",[21,95,23,96,97],"buddypress","groups","members","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-local-avatars.3.0.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":11,"downloaded":107,"rating":72,"num_ratings":14,"last_updated":18,"tested_up_to":108,"requires_at_least":6,"requires_php":18,"tags":109,"homepage":112,"download_link":113,"security_score":72,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":114},"hidpi-gravatars","HiDPI Gravatars","1.5.1","Robert Chapin","https:\u002F\u002Fprofiles.wordpress.org\u002Fmiqrogroove\u002F","\u003Cp>Automatically replaces the standard resolution Gravatars with HiDPI (Retina) Gravatars using HTML (when supported) or Javascript (as needed).\u003C\u002Fp>\n\u003Cp>You need this plugin if you want blog comments to look crisp and clear on Retina, HD, and similar devices!\u003C\u002Fp>\n\u003Cp>You need this plugin if you want compatibility with all web browsers.  The HiDPI features added in WordPress 4.2 are not compatible with older browsers, unless you have this plugin activated.  The included Javascript helps make your website look the same in new and old browsers.\u003C\u002Fp>\n\u003Ch3>Theme Requirements\u003C\u002Fh3>\n\u003Cp>You may not omit the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_head\" rel=\"nofollow ugc\">wp_head\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_footer\" rel=\"nofollow ugc\">wp_footer\u003C\u002Fa> template tags for this plugin to work correctly.\u003C\u002Fp>\n\u003Ch3>Cache Compatibility\u003C\u002Fh3>\n\u003Cp>HiDPI Gravatars is designed to be fully compatible with page caching plugins such as WP Super Cache.\u003C\u002Fp>\n\u003Cp>Pages that were cached prior to activating HiDPI Gravatars will need to be refreshed.  Empty the cache to make sure the new Gravatars will appear.\u003C\u002Fp>\n\u003Cp>HiDPI Gravatars is \u003Cem>not\u003C\u002Fem> compatible with any Gravatar caching plugins.\u003C\u002Fp>\n\u003Ch3>Other Gravatar Plugins\u003C\u002Fh3>\n\u003Cp>HiDPI Gravatars might not detect customized Gravatar functions in other plugins.  As of version 1.4, HiDPI Gravatars relies on the WordPress \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fget_avatar\" rel=\"nofollow ugc\">get_avatar\u003C\u002Fa> filter.  Custom avatar generators that avoid or disable this filter will be ignored by HiDPI Gravatars.\u003C\u002Fp>\n","Enables high resolution Gravatar images on any browser that supports them.",13373,"4.3.34",[20,22,23,110,111],"hidpi","retina","http:\u002F\u002Fwww.miqrogroove.com\u002Fpro\u002Fsoftware\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhidpi-gravatars.1.5.1.zip","2026-03-15T10:48:56.248Z",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":36,"downloaded":123,"rating":72,"num_ratings":73,"last_updated":124,"tested_up_to":125,"requires_at_least":17,"requires_php":18,"tags":126,"homepage":131,"download_link":132,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"top-contributors","Top Contributors","1.4.1","blueinstyle","https:\u002F\u002Fprofiles.wordpress.org\u002Fblueinstyle\u002F","\u003Cp>Display your top commenters or authors in a widget, or you can display anywhere on your blog by pasting this code into your theme: \u003Ccode>\u003C?php if(function_exists('jme_top_contributors')) { jme_top_contributors(); } ?>\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Version 1.4 includes many user requested features. Check \u003Ca href=\"http:\u002F\u002Fjustmyecho.com\u002F2010\u002F07\u002Ftop-contributors-plugin-wordpress\u002F\" rel=\"nofollow ugc\">plugin webpage\u003C\u002Fa> for details on the update.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>List your top commenters or authors with the option to display their Gravatar, and several other options.\u003C\u002Fli>\n\u003Cli>Choose from 2 formats of the widget, with complete control of styles via css.\u003C\u002Fli>\n\u003Cli>Exclude users from the list by email address.\u003C\u002Fli>\n\u003Cli>The list uses a cache system for improved performance. List updates only when a post or comment is added, or options updated.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Extra Feature\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add a special Icon next to each of your Top Commenter’s name in their comments to give them a little special recognition for being a regular contributor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Support and Feature request forum at http:\u002F\u002Fjustmyecho.com\u002Fforums\u002F\u003C\u002Fp>\n","Display your top commenters or authors in a widget.",11508,"2011-04-10T16:46:00.000Z","3.1.4",[127,23,128,129,130],"commenters","plugins","top-commenters","widgets","http:\u002F\u002Fjustmyecho.com\u002F2010\u002F07\u002Ftop-contributors-plugin-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-contributors.1.4.1.zip",{"attackSurface":134,"codeSignals":247,"taintFlows":390,"riskAssessment":424,"analyzedAt":436},{"hooks":135,"ajaxHandlers":235,"restRoutes":244,"shortcodes":245,"cronEvents":246,"entryPointCount":14,"unprotectedCount":14},[136,142,146,150,154,158,161,165,169,173,177,180,184,188,191,195,198,201,207,211,215,219,223,227,231],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","template_redirect","show_gravatar_signup_encouragement_after_commenting_modal","gravatar-signup-encouragment.php",60,{"type":137,"name":143,"callback":144,"file":140,"line":145},"show_user_profile","show_gravatar_signup_encouragement_profile",65,{"type":137,"name":147,"callback":148,"file":140,"line":149},"login_head","gravatar_signup_encouragement_enqueing_registration",70,{"type":137,"name":147,"callback":151,"priority":152,"file":140,"line":153},"wp_print_scripts",11,71,{"type":137,"name":155,"callback":156,"file":140,"line":157},"register_form","show_gravatar_signup_encouragement_registration",72,{"type":137,"name":138,"callback":159,"file":140,"line":160},"gravatar_signup_encouragement_enqueing_ms_signup",77,{"type":137,"name":162,"callback":163,"file":140,"line":164},"signup_extra_fields","show_gravatar_signup_encouragement_ms_signup",78,{"type":137,"name":166,"callback":167,"priority":73,"file":140,"line":168},"admin_bar_menu","gravatar_signup_encouragement_admin_bar",83,{"type":137,"name":170,"callback":171,"file":140,"line":172},"admin_notices","show_gravatar_signup_encouragement_admin_notice",88,{"type":137,"name":174,"callback":175,"file":140,"line":176},"bbp_theme_after_reply_form","gravatar_signup_encouragement_bbpress",93,{"type":137,"name":178,"callback":175,"file":140,"line":179},"bbp_theme_after_topic_form",94,{"type":137,"name":181,"callback":182,"file":140,"line":183},"admin_init","gravatar_signup_encouragement_notice_upgrade_1_to_2_handler",99,{"type":137,"name":185,"callback":186,"file":140,"line":187},"init","gravatar_signup_encouragement_init",102,{"type":137,"name":181,"callback":189,"file":140,"line":190},"gravatar_signup_encouragement_action_admin_init",121,{"type":137,"name":192,"callback":193,"file":140,"line":194},"comment_form","show_gravatar_signup_encouragement_com_unreg",136,{"type":137,"name":192,"callback":196,"file":140,"line":197},"show_gravatar_signup_encouragement_com_reg",139,{"type":137,"name":138,"callback":199,"file":140,"line":200},"gravatar_signup_encouragement_template_redirect",143,{"type":202,"name":203,"callback":204,"priority":205,"file":140,"line":206},"filter","plugin_action_links","gravatar_signup_encouragement_filter_plugin_actions",10,174,{"type":202,"name":208,"callback":209,"file":140,"line":210},"contextual_help","gravatar_signup_encouragement_contextual_help",196,{"type":137,"name":212,"callback":213,"file":140,"line":214},"load-options-discussion.php","add_gravatar_signup_encouragement_contextual_help",199,{"type":137,"name":216,"callback":217,"file":140,"line":218},"admin_print_styles-options-discussion.php","gravatar_signup_encouragement_load_thickbox_admin",209,{"type":202,"name":220,"callback":221,"file":140,"line":222},"gse_get_email_value_com_unreg","gravatar_signup_encouragement_filter_email_source",226,{"type":137,"name":224,"callback":225,"priority":27,"file":140,"line":226},"wp_head","gravatar_signup_encouragement_load_thickbox",811,{"type":137,"name":228,"callback":229,"priority":33,"file":140,"line":230},"wp_footer","gravatar_signup_encouragement_inline_thickbox",852,{"type":202,"name":232,"callback":233,"priority":205,"file":140,"line":234},"comment_post_redirect","gravatar_signup_encouragement_after_commenting_redirect",881,[236,241],{"action":237,"nopriv":238,"callback":239,"hasNonce":238,"hasCapCheck":238,"file":140,"line":240},"gse_check",false,"gravatar_signup_encouragement_wp_ajax_check",670,{"action":237,"nopriv":242,"callback":239,"hasNonce":238,"hasCapCheck":238,"file":140,"line":243},true,671,[],[],[],{"dangerousFunctions":248,"sqlUsage":249,"outputEscaping":251,"fileOperations":27,"externalRequests":73,"nonceChecks":27,"capabilityChecks":73,"bundledLibraries":389},[],{"prepared":27,"raw":27,"locations":250},[],{"escaped":252,"rawEcho":253,"locations":254},5,73,[255,258,260,262,264,266,268,270,272,274,275,277,279,281,283,284,286,287,289,290,292,293,295,297,299,301,303,304,306,307,309,311,312,314,316,317,319,320,322,324,325,327,330,332,334,336,337,338,339,341,343,345,347,349,351,353,355,357,359,361,363,365,367,369,371,373,375,377,379,381,383,385,387],{"file":140,"line":256,"context":257},400,"raw output",{"file":140,"line":259,"context":257},534,{"file":140,"line":261,"context":257},537,{"file":140,"line":263,"context":257},538,{"file":140,"line":265,"context":257},539,{"file":140,"line":267,"context":257},690,{"file":140,"line":269,"context":257},691,{"file":140,"line":271,"context":257},695,{"file":140,"line":273,"context":257},701,{"file":140,"line":273,"context":257},{"file":140,"line":276,"context":257},718,{"file":140,"line":278,"context":257},721,{"file":140,"line":280,"context":257},725,{"file":140,"line":282,"context":257},731,{"file":140,"line":282,"context":257},{"file":140,"line":285,"context":257},761,{"file":140,"line":285,"context":257},{"file":140,"line":288,"context":257},767,{"file":140,"line":288,"context":257},{"file":140,"line":291,"context":257},833,{"file":140,"line":291,"context":257},{"file":140,"line":294,"context":257},843,{"file":140,"line":296,"context":257},844,{"file":140,"line":298,"context":257},846,{"file":140,"line":300,"context":257},894,{"file":140,"line":302,"context":257},914,{"file":140,"line":302,"context":257},{"file":140,"line":305,"context":257},920,{"file":140,"line":305,"context":257},{"file":140,"line":308,"context":257},956,{"file":140,"line":310,"context":257},966,{"file":140,"line":310,"context":257},{"file":140,"line":313,"context":257},973,{"file":140,"line":315,"context":257},1020,{"file":140,"line":315,"context":257},{"file":140,"line":318,"context":257},1026,{"file":140,"line":318,"context":257},{"file":140,"line":321,"context":257},1059,{"file":140,"line":323,"context":257},1069,{"file":140,"line":323,"context":257},{"file":140,"line":326,"context":257},1076,{"file":328,"line":329,"context":257},"settings.php",24,{"file":328,"line":331,"context":257},29,{"file":328,"line":333,"context":257},44,{"file":328,"line":335,"context":257},55,{"file":328,"line":153,"context":257},{"file":328,"line":157,"context":257},{"file":328,"line":164,"context":257},{"file":328,"line":340,"context":257},89,{"file":328,"line":342,"context":257},103,{"file":328,"line":344,"context":257},104,{"file":328,"line":346,"context":257},110,{"file":328,"line":348,"context":257},115,{"file":328,"line":350,"context":257},122,{"file":328,"line":352,"context":257},128,{"file":328,"line":354,"context":257},133,{"file":328,"line":356,"context":257},161,{"file":328,"line":358,"context":257},162,{"file":328,"line":360,"context":257},168,{"file":328,"line":362,"context":257},182,{"file":328,"line":364,"context":257},183,{"file":328,"line":366,"context":257},191,{"file":328,"line":368,"context":257},205,{"file":328,"line":370,"context":257},206,{"file":328,"line":372,"context":257},215,{"file":328,"line":374,"context":257},232,{"file":328,"line":376,"context":257},233,{"file":328,"line":378,"context":257},253,{"file":328,"line":380,"context":257},276,{"file":328,"line":382,"context":257},285,{"file":328,"line":384,"context":257},294,{"file":328,"line":386,"context":257},295,{"file":328,"line":388,"context":257},306,[],[391,414],{"entryPoint":392,"graph":393,"unsanitizedCount":73,"severity":413},"gravatar_signup_encouragement_wp_ajax_check (gravatar-signup-encouragment.php:662)",{"nodes":394,"edges":410},[395,400,404],{"id":396,"type":397,"label":398,"file":140,"line":399},"n0","source","$_POST",667,{"id":401,"type":402,"label":403,"file":140,"line":399},"n1","transform","→ gravatar_signup_encouragement_check_gravatar_existence()",{"id":405,"type":406,"label":407,"file":140,"line":408,"wp_function":409},"n2","sink","wp_remote_get() [SSRF]",566,"wp_remote_get",[411,412],{"from":396,"to":401,"sanitized":238},{"from":401,"to":405,"sanitized":238},"medium",{"entryPoint":415,"graph":416,"unsanitizedCount":73,"severity":413},"\u003Cgravatar-signup-encouragment> (gravatar-signup-encouragment.php:0)",{"nodes":417,"edges":421},[418,419,420],{"id":396,"type":397,"label":398,"file":140,"line":399},{"id":401,"type":402,"label":403,"file":140,"line":399},{"id":405,"type":406,"label":407,"file":140,"line":408,"wp_function":409},[422,423],{"from":396,"to":401,"sanitized":238},{"from":401,"to":405,"sanitized":238},{"summary":425,"deductions":426},"The gravatar-signup-encouragement plugin, version 3.1, presents a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, not performing raw SQL queries (all use prepared statements), and having no recorded vulnerabilities in its history. This suggests a developer who is at least aware of some common security pitfalls.\n\nHowever, significant concerns arise from the static analysis. The plugin has a small but entirely unprotected attack surface, with both of its AJAX handlers lacking authentication checks. Furthermore, the taint analysis reveals two flows with unsanitized paths, although they are not categorized as critical or high severity. The output escaping is also a major weakness, with only 6% of outputs being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if malicious data is allowed to enter the system.\n\nGiven the absence of historical vulnerabilities, the current risks might not have been exploited yet. However, the presence of unprotected AJAX endpoints and a high rate of unescaped output creates clear pathways for attackers. The plugin's strengths lie in its SQL handling and lack of historical issues, but its weaknesses in input validation and output sanitization, coupled with an exposed attack surface, warrant caution. It's crucial to address the unescaped outputs and the unprotected AJAX handlers to improve its security.",[427,429,431,434],{"reason":428,"points":205},"AJAX handlers without authentication",{"reason":430,"points":90},"Flows with unsanitized paths",{"reason":432,"points":433},"Low percentage of properly escaped output",8,{"reason":435,"points":252},"Missing nonce checks on AJAX","2026-03-16T21:54:19.996Z",{"wat":438,"direct":447},{"assetPaths":439,"generatorPatterns":442,"scriptPaths":443,"versionParams":444},[440,441],"\u002Fwp-content\u002Fplugins\u002Fgravatar-signup-encouragement\u002Fjs\u002Fgravatar-signup-encouragement-admin.js","\u002Fwp-content\u002Fplugins\u002Fgravatar-signup-encouragement\u002Fjs\u002Fgravatar-signup-encouragement.js",[],[440,441],[445,446],"gravatar-signup-encouragement\u002Fjs\u002Fgravatar-signup-encouragement-admin.js?ver=","gravatar-signup-encouragement\u002Fjs\u002Fgravatar-signup-encouragement.js?ver=",{"cssClasses":448,"htmlComments":449,"htmlAttributes":450,"restEndpoints":456,"jsGlobals":457,"shortcodeOutput":459},[],[],[451,452,453,454,455],"data-gse-id","data-gse-registered","data-gse-current-user-id","data-gse-current-user-gravatar-id","data-gse-current-user-gravatar-email",[],[458],"gravatar_signup_encouragement_settings",[]]