[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdTyv6WISKi5L0y20Cgjecq_eLXBlyiEtNgd9R1AtB9Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":138,"fingerprints":189},"mindutopia-user-thumbnails","Mindutopia User Thumbnails","1.2","mindutopia","https:\u002F\u002Fprofiles.wordpress.org\u002Fmindutopia\u002F","\u003Cp>This plugin allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a photo with each user, much like featured images\u003C\u002Fli>\n\u003Cli>Replaces the user gravatar with their featured photo\u003C\u002Fli>\n\u003Cli>Only users levels that can upload_files in their capabilities can manage their user photo\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin gives you the ability to add user thumbnails to your WordPress users much like featured images on posts, the images replace the gravatars.",10,2177,0,"2013-08-16T03:15:00.000Z","3.5.2","3.5","",[19,20,21],"author-photos","gravatars","user-photos","http:\u002F\u002Fmindutopia.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmindutopia-user-thumbnails.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,84,"2026-04-04T07:01:10.571Z",[34,60,83,102,120],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":55,"download_link":56,"security_score":57,"vuln_count":58,"unpatched_count":13,"last_vuln_date":59,"fetched_at":26},"simple-local-avatars","Simple Local Avatars","2.8.6","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Adds an avatar upload field to user profiles if the current user has media permissions. Generates requested sizes on demand just like Gravatar! Simple and lightweight.\u003C\u002Fp>\n\u003Cp>Just edit a user profile, and scroll down to the new “Avatar” field. The plug-in will take care of cropping and sizing!\u003C\u002Fp>\n\u003Col>\n\u003Cli>Stores avatars in the “uploads” folder where all of your other media is kept.\u003C\u002Fli>\n\u003Cli>Has a simple, native interface.\u003C\u002Fli>\n\u003Cli>Fully supports Gravatar and default avatars if no local avatar is set for the user – but also allows you turn off Gravatar.\u003C\u002Fli>\n\u003Cli>Generates the requested avatar size on demand (and stores the new size for efficiency), so it looks great, just like Gravatar!\u003C\u002Fli>\n\u003Cli>Lets you decide whether lower privilege users (subscribers, contributors) can upload their own avatar.\u003C\u002Fli>\n\u003Cli>Enables rating of local avatars, just like Gravatar.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support Level\u003C\u002Fh3>\n\u003Cp>Simple Local Avatars’ support level is marked as \u003Ccode>stable\u003C\u002Fcode>.  10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns.  We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes.  We otherwise intend to keep this tested up to the most recent version of WordPress.\u003C\u002Fp>\n","Adds an avatar upload field to user profiles. Generates requested sizes on demand just like Gravatar!",100000,2395990,92,89,"2026-02-17T19:34:00.000Z","6.9.4","6.6","7.4",[51,52,53,21,54],"avatar","gravatar","profile","users","https:\u002F\u002F10up.com\u002Fplugins\u002Fsimple-local-avatars-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-local-avatars.2.8.6.zip",93,6,"2025-08-11 18:20:29",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":17,"tags":75,"homepage":81,"download_link":82,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wp-disable","Reduce HTTP Requests, Disable Emojis & Disable Embeds, Speedup WooCommerce","1.6.1","hosting.io","https:\u002F\u002Fprofiles.wordpress.org\u002Fpigeonhut\u002F","\u003Cp>\u003Cstrong>Reduce HTTP requests\u003C\u002Fstrong> – Disable Emojis, Disable Gravatars, Disable Embeds and Remove Querystrings. SpeedUp WooCommerce, Added support to disable pingbacks, disable trackbacks, close comments after 28 days, Added the ability to force pagingation after 20 posts,\u003Cbr \u002F>\nDisable WooCommerce scripts and CSS on non WooCommerce Pages, Disable RSS, Disable XML-RPC, Disable Autosave, Remove Windows Live Writer tag, Remove Shortlink Tag, Remove WP API from header and\u003Cbr \u002F>\n many more features to help speed and SEO gains.  Now includes \u003Cstrong>Disable Comments, Heartbeat Control, Selective Disable\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003C\u002Fstrong>\u003Cstrong>NEW Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n Better Stats on Dashboard\u003Cbr \u002F>\n Disable loading dashicons on front end if admin bar disabled\u003Cbr \u002F>\n Disable Author Pages\u003C\u002Fp>\n\u003Cp>Disabling Emojis does not disable emoticons, it disables the support for Emojis added since WP 4.2 and removes 1 HTTP request.\u003C\u002Fp>\n\u003Cp>Disabling Embeds  – script that auto formats pasted content in the visual editor, eg videos, etc. Big issue with this script is it loads on every\u003Cbr \u002F>\nsingle page. You can still use the default embed code from YouTube, Twitter etc to included content.\u003C\u002Fp>\n\u003Cp>Remove Query Strings: If you look at the waterfall view of your page load, you will see your query strings end in something like ver=1.12.4.\u003Cbr \u002F>\nThese are called query strings and help determine the version of the script. The problem with query strings like these is that it isn’t very efficient for caching purposes and sometimes prevents caching those assets altogether.  If you are using a CDN already, you can ignore this.\u003C\u002Fp>\n\u003Cp>Disabling Gravatars is completely optional, advise, if you don’t use them, disable as it gets rid of one more useless HTTP request.\u003C\u002Fp>\n\u003Cp>General Performance improvements: Added support for : disable ping\u002Ftrackbacks, close comments after 28 days, force pagingation after 20 posts, Disable WooCommerce scripts and CSS on non WooCommerce Pages.\u003C\u002Fp>\n\u003Cp>Have an idea ?\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhosting-io\u002Fwp-disable\" rel=\"nofollow ugc\">Public repo on GitHub\u003C\u002Fa> if you would like to contribute or have any ideas to add.\u003C\u002Fp>\n\u003Cp>Docs & Support\u003Cbr \u002F>\nThe \u003Ca href=\"https:\u002F\u002Foptimisation.io\u002Ffaq\u002F\" rel=\"nofollow ugc\">documentation is an on-going project\u003C\u002Fa>, so please bare with us as we update.  If you would like to help with the documentation, please get in touch.\u003C\u002Fp>\n","Reduce HTTP requests - Disable Emojis, Disable Gravatars, Disable Embeds and Remove Querystrings. SpeedUp WooCommerce, Added support to disable pingba …",10000,309866,82,45,"2020-08-09T07:42:00.000Z","5.3.21","4.5",[76,77,78,79,80],"disable-embeds","disable-emoji","disable-gravatars","reduce-http-requests","remove-querystrings","https:\u002F\u002Foptimisation.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-disable.1.6.1.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":29,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":17,"tags":97,"homepage":100,"download_link":101,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"easygravatars","Easy Gravatars","1.3","Dougal Campbell","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougal\u002F","\u003Cp>This plugin allows you to automatically add Gravatars for commenters to your\u003Cbr \u002F>\ntheme, if your theme does not already support them.\u003C\u002Fp>\n\u003Cp>According to the Gravatar.com website, Gravatars are Globally Recognized\u003Cbr \u002F>\nAvatars, or an “avatar image that follows you from weblog to weblog\u003Cbr \u002F>\nappearing beside your name when you comment on gravatar enabled sites.”\u003Cbr \u002F>\nYou register with the Gravatar server, and upload an image which you will\u003Cbr \u002F>\nuse as your avatar. The gravatar image is keyed to your email address, so\u003Cbr \u002F>\nthat it is unique to you.\u003C\u002Fp>\n\u003Cp>This plugin will display gravatars for the people who comment on your posts.\u003Cbr \u002F>\nYou do not need to modify any of your template files — just activate the\u003Cbr \u002F>\nplugin, and it will add gravatars to your comments template automatically.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Based on a code snippet from Matt Mullenweg:\u003Cbr \u002F>\n  http:\u002F\u002Fphotomatt.net\u002F2007\u002F10\u002F20\u002Fgravatar-enabled\u002F\u003Cbr \u002F>\n  http:\u002F\u002Fpastebin.ca\u002F743979\u003C\u002Fp>\n\u003Cp>Props to David Potter for pointing out that Gravatar normalizes email\u003Cbr \u002F>\naddresses to lowercase before hashing with MD5:\u003Cbr \u002F>\n  http:\u002F\u002Fdpotter.net\u002FTechnical\u002Findex.php\u002F2007\u002F10\u002F22\u002Fintegrating-gravatar-support\u002F\u003C\u002Fp>\n","Add Gravatars to your comments without modifying any template files. Just activate, and you're done!",200,64590,100,"2010-01-14T15:36:00.000Z","3.0.5","2.0.4",[51,98,99,52,20],"avatars","comments","http:\u002F\u002Fdougal.gunters.org\u002Fplugins\u002Feasy-gravatars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasygravatars.1.3.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":93,"downloaded":110,"rating":70,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":17,"tags":115,"homepage":17,"download_link":119,"security_score":93,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"bp-local-avatars","BP Local Avatars","3.0","shanebp","https:\u002F\u002Fprofiles.wordpress.org\u002Fshanebp\u002F","\u003Cp>BP Local Avatars is a BuddyPress plugin.\u003C\u002Fp>\n\u003Cp>Do you have members or groups on your BuddyPress site who do not have an Avatar?\u003Cbr \u002F>\nAnd you do not want to show the generic default avatar?\u003Cbr \u002F>\nOr maybe you do not want each page view to include a lot of calls to gravatar.com to load avatars?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin will create a Gravatar Identicon avatar, thumb and full versions, for any user who does not already have an Avatar, and save it locally.\u003C\u002Fli>\n\u003Cli>Supports user creation, user registration, user login, and Bulk Generation for user and groups.\u003C\u002Fli>\n\u003Cli>Uses the existing BuddyPress avatar directory structure.\u003C\u002Fli>\n\u003Cli>Conforms to the defined sizes for BuddyPress thumb and full avatars.\u003C\u002Fli>\n\u003Cli>Users can still upload an avatar via their profile.\u003C\u002Fli>\n\u003Cli>Groups can still upload an avatar via Group > Manage > Photo.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Usage:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Provides an option in wp-admin under:\u003Cbr \u002F>\nSettings -> Discussion > Default Avatar > BuddyPress Identicon (Generated and Stored Locally).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select and Save. Otherwise this plugin will not do anything.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>After saving, you will see a link to ‘Bulk Generate’ avatars for all users and groups who do not have a local avatar. If a user already has their own Gravatar, it will save it locally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more BuddyPress plugins, please visit \u003Ca href=\"https:\u002F\u002Fwww.philopress.com\u002F\" rel=\"nofollow ugc\">PhiloPress\u003C\u002Fa>\u003C\u002Fp>\n","A BuddyPress plugin that creates Gravatar avatars for any user or group without one, and stores them locally.",10578,7,"2025-04-19T17:32:00.000Z","6.8.5","4.0",[98,116,20,117,118],"buddypress","groups","members","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-local-avatars.3.0.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":17,"tags":135,"homepage":136,"download_link":137,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"gravatar-signup-encouragement","Gravatar Signup Encouragement","3.1","Milan Dinić","https:\u002F\u002Fprofiles.wordpress.org\u002Fdimadin\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fblog.milandinic.com\u002Fwordpress\u002Fplugins\u002Fgravatar-signup-encouragement\u002F\" rel=\"nofollow ugc\">Plugin homepage\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fblog.milandinic.com\u002F\" rel=\"nofollow ugc\">Plugin author\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fblog.milandinic.com\u002Fdonate\u002F\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin shows a message with link to signup page of Gravatar (pre-filled with e-mail address) to commenters and\u002For users who don’t have gravatar.\u003C\u002Fp>\n\u003Cp>Message can be shown to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>unregistered commenters when they leave text input field for e-mail address\u003C\u002Fli>\n\u003Cli>registered commenters to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>unregistered commenters after they post a comment in a dialog, to whom their entered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered commenters after they post a comment in a dialog, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered users in administration notices, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered users in admin bar, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>registered users on their profile page, to whom their registered e-mail address is checked\u003C\u002Fli>\n\u003Cli>users who fill registration form when they leave text input field for e-mail address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Options are fully customizable. See FAQ for more information.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, it adds only one field in database which is deleted if you uninstall plugin using WordPress’ built-in feature for deletion of plugins. Also it will only load jQuery file to head of your page if it wasn’t already loaded by theme or other plugin(s). Checks for gravatar are done via simple AJAX.\u003Cbr \u002F>\nIf you want to speed up your web site and save on bandwidth and server resources, it is recommended that you also install plugin \u003Ca href=\"http:\u002F\u002Fjasonpenney.net\u002Fwordpress-plugins\u002Fuse-google-libraries\u002F\" rel=\"nofollow ugc\">Use Google Libraries\u003C\u002Fa> which will load jQuery file from \u003Ca href=\"http:\u002F\u002Fcode.google.com\u002Fapis\u002Fajaxlibs\u002F\" rel=\"nofollow ugc\">Google AJAX Libraries\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>In order to plugin works, it needs to be on server with PHP 5 and on WordPress 2.8 or above.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FeIvm4rBkxPk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&cc_load_policy=1&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Shows a message with link to Gravatar's signup page to commenters and\u002For users without gravatar.",50,15171,90,2,"2012-07-11T15:42:00.000Z","3.4.2","2.8",[51,98,52,20],"http:\u002F\u002Fblog.milandinic.com\u002Fwordpress\u002Fplugins\u002Fgravatar-signup-encouragement\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravatar-signup-encouragement.3.1.zip",{"attackSurface":139,"codeSignals":166,"taintFlows":181,"riskAssessment":182,"analyzedAt":188},{"hooks":140,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":13,"unprotectedCount":13},[141,147,152,155,159],{"type":142,"name":143,"callback":144,"priority":11,"file":145,"line":146},"filter","get_avatar","mindutopia_replace_avatars","mindutopia_user_thumbnails.php",192,{"type":148,"name":149,"callback":150,"file":145,"line":151},"action","personal_options_update","mindutopia_save_author_image",194,{"type":148,"name":153,"callback":150,"file":145,"line":154},"edit_user_profile_update",195,{"type":148,"name":156,"callback":157,"file":145,"line":158},"show_user_profile","mindutopia_add_author_image",197,{"type":148,"name":160,"callback":157,"file":145,"line":161},"edit_user_profile",198,[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":171,"bundledLibraries":180},[],{"prepared":13,"raw":13,"locations":169},[],{"escaped":13,"rawEcho":171,"locations":172},3,[173,176,178],{"file":145,"line":174,"context":175},34,"raw output",{"file":145,"line":177,"context":175},39,{"file":145,"line":179,"context":175},142,[],[],{"summary":183,"deductions":184},"The \"mindutopia-user-thumbnails\" v1.2 plugin exhibits a strong security posture based on the provided static analysis. There are no identified attack surface vectors through AJAX, REST API, shortcodes, or cron events. The absence of dangerous functions, raw SQL queries, file operations, external HTTP requests, and taint flows further strengthens this positive outlook. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating capability checks for its functions.\n\nHowever, the static analysis reveals a significant concern regarding output escaping. With 3 total outputs and 0% properly escaped, this indicates a high potential for cross-site scripting (XSS) vulnerabilities. Any user-supplied data displayed on the frontend without proper sanitization could be exploited by attackers. The lack of vulnerability history is a positive sign, suggesting the plugin has not had publicly disclosed security issues in the past, but this does not negate the identified risk from unescaped output.\n\nIn conclusion, while the plugin has a minimal attack surface and employs good practices in many areas, the critical weakness in output escaping presents a clear and actionable security risk that must be addressed. Developers should prioritize sanitizing all output to prevent potential XSS attacks.",[185],{"reason":186,"points":187},"0% output escaping",8,"2026-03-17T05:39:38.710Z",{"wat":190,"direct":199},{"assetPaths":191,"generatorPatterns":194,"scriptPaths":195,"versionParams":196},[192,193],"\u002Fwp-content\u002Fplugins\u002Fmindutopia-user-thumbnails\u002Fcss\u002Fuser-thumbnails.css","\u002Fwp-content\u002Fplugins\u002Fmindutopia-user-thumbnails\u002Fjs\u002Fuser-thumbnails.js",[],[193],[197,198],"mindutopia-user-thumbnails\u002Fcss\u002Fuser-thumbnails.css?ver=","mindutopia-user-thumbnails\u002Fjs\u002Fuser-thumbnails.js?ver=",{"cssClasses":200,"htmlComments":203,"htmlAttributes":213,"restEndpoints":219,"jsGlobals":220,"shortcodeOutput":222},[201,202],"user_thumb","user-image-choose",[204,205,206,207,208,209,210,211,212],"Featured Image","User Thumbnail:","Uploads the file","User Photo","Selected","save that user image","get the user thumbnail image html.","whether or not the given user has a user thumbnail saved.","filter in our author images over regular gravtars",[214,215,216,201,217,218],"data-holder","data-target","user-thumb-choose","_user_thumbnail","remove_img_thumb",[],[221],"file_frame",[]]