[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmngOywkptKdqHlKTYJiYdvUVkEyTRNXIHaPxm7HiUdA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":13,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":35,"fingerprints":72},"local-gravatars","Local Gravatars","1.1.3","Joost de Valk","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoostdevalk\u002F","\u003Cp>Allow your users to use gravatars, but without sacrificing privacy.\u003C\u002Fp>\n\u003Cp>The plugin will get your users gravatars and host them locally on your website.\u003Cbr \u002F>\nYour visitors will get the gravatars directly from your website instead of the gravatar CDN, therefore increasing privacy and performance.\u003C\u002Fp>\n\u003Cp>To avoid cluttering the filesystem and to allow refreshing gravatars, the files get flushed on a weekly basis (interval can be modified using a filter).\u003Cbr \u002F>\nTo avoid performance issues server-side, the download process for gravatars is limited to a maximum of 5 seconds (value can be modified using a filter).\u003C\u002Fp>\n\u003Cp>The code is simple, easy to read, well-documented and includes filters you can use to modify the behavior of the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Changing the folder where gravatars get downloaded.\u003C\u002Fli>\n\u003Cli>Change the URL of downloaded gravatars.\u003C\u002Fli>\n\u003Cli>Change the cleanup frequency.\u003C\u002Fli>\n\u003Cli>Change the maximum process time to avoid performance issues.\u003C\u002Fli>\n\u003Cli>Change the fallback image to use (defaults to blank) – also allows using the remote URL (not recommended as it will defeat the purpose of this privacy enhancement).\u003C\u002Fli>\n\u003C\u002Ful>\n","Locally host gravatars for the privacy-concious.",20,2247,100,1,"2025-11-05T07:30:00.000Z","6.8.5","5.3","5.6",[],"https:\u002F\u002Fgithub.com\u002Faristath\u002Flocal-gravatars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-gravatars.1.1.3.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"joostdevalk",8,9150,96,2736,76,"2026-04-04T16:28:37.946Z",[],{"attackSurface":36,"codeSignals":55,"taintFlows":62,"riskAssessment":63,"analyzedAt":71},{"hooks":37,"ajaxHandlers":49,"restRoutes":50,"shortcodes":51,"cronEvents":52,"entryPointCount":22,"unprotectedCount":22},[38,43],{"type":39,"name":40,"callback":40,"file":41,"line":42},"action","delete_gravatars_folder","includes\\class-local-gravatars.php",143,{"type":44,"name":45,"callback":46,"file":47,"line":48},"filter","get_avatar","closure","local-gravatars.php",34,[],[],[],[53],{"hook":40,"callback":40,"file":41,"line":54},279,{"dangerousFunctions":56,"sqlUsage":57,"outputEscaping":59,"fileOperations":22,"externalRequests":22,"nonceChecks":22,"capabilityChecks":22,"bundledLibraries":61},[],{"prepared":22,"raw":22,"locations":58},[],{"escaped":14,"rawEcho":22,"locations":60},[],[],[],{"summary":64,"deductions":65},"The local-gravatars plugin version 1.1.3 demonstrates a generally strong security posture based on the provided static analysis. There are no identified dangerous functions, SQL injection vulnerabilities through prepared statements, or issues with output escaping. The absence of file operations and external HTTP requests further reduces the attack surface. The plugin also reports no known CVEs or vulnerabilities in its history, suggesting a well-maintained and secure codebase.  \n\nHowever, there are notable areas for improvement. The lack of any capability checks or nonce checks, combined with a cron event that could potentially be an entry point, raises concerns about authorization and potential abuse if not properly secured by WordPress's internal mechanisms. While the static analysis found no explicit vulnerabilities, the absence of these fundamental security checks means that the plugin relies heavily on external WordPress protections, which could be insufficient in certain configurations or if future vulnerabilities are discovered in the core or other plugins. The overall security is good, but the lack of built-in authorization checks is a weakness.",[66,69],{"reason":67,"points":68},"No capability checks",5,{"reason":70,"points":68},"No nonce checks","2026-03-16T22:56:46.952Z",{"wat":73,"direct":78},{"assetPaths":74,"generatorPatterns":75,"scriptPaths":76,"versionParams":77},[],[],[],[],{"cssClasses":79,"htmlComments":80,"htmlAttributes":81,"restEndpoints":82,"jsGlobals":83,"shortcodeOutput":84},[],[],[],[],[],[]]