Does User Profile Pic have any unpatched vulnerabilities?

No. All known vulnerabilities in User Profile Pic have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is User Profile Pic compatible with WordPress 4.8.28?

According to WordPress.org data, User Profile Pic 1.0.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is User Profile Pic updated?

User Profile Pic was last updated on Jun 23, 2017. Frequent updates are generally a positive security signal.

What is User Profile Pic's security score?

User Profile Pic has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

User Profile Pic Security & Risk Analysis

wordpress.org/plugins/user-profile-pic

A plugin to add new field for user profile pic.

60 active installs v1.0.0 PHP + WP 4.0+ Updated Jun 23, 2017

profile-picuser-pic

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is User Profile Pic Safe to Use in 2026?

Generally Safe

Score 85/100

User Profile Pic has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "user-profile-pic" plugin v1.0.0 appears to have a generally good security posture based on the provided static analysis. There are no identified dangerous functions, SQL queries are exclusively using prepared statements, and there are no file operations or external HTTP requests. The presence of capability checks further strengthens its security. However, a significant concern is the complete absence of nonce checks, especially given the plugin has entry points (shortcodes) that could potentially be manipulated. While the taint analysis found no issues, this could be due to the limited scope of the analysis or the absence of complex data flows.

Key Concerns

Missing nonce checks on entry points
75% of output escaping is good, but 25% is not.

Vulnerabilities

None known

User Profile Pic Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

User Profile Pic Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped4 total outputs

Attack Surface

User Profile Pic Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[upp_user_pic] main.php:95

WordPress Hooks 5

actionshow_user_profilemain.php:49

actionedit_user_profilemain.php:50

actionadmin_footermain.php:52

actionpersonal_options_updatemain.php:67

actionedit_user_profile_updatemain.php:68

Maintenance & Trust

User Profile Pic Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJun 23, 2017

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs60

Alternatives

User Profile Pic Alternatives

Gravatar Enhanced – Avatars, Profiles, and Privacy

gravatar-enhanced

100

The official Gravatar plugin, featuring privacy-focused settings, easy profile updates, and customizable Gravatar Profile blocks.

90K No CVEs

Custom User Profile Photo

custom-user-profile-photo

Add a customized User Profile photo to a WordPress user profile.

5K No CVEs

AP Gravatars

ap-gravatars

A simple plugin that adds the gravatar photo associated with the user's email to their profile page... MultiSite compatable!

200 No CVEs

Advanced User Avatar | Custom Profile Picture Uploader for WordPress, WooCommerce, and BuddyPress

wpmake-advance-user-avatar

100

Adds an avatar upload field through a simple shortcode or block to let your site users upload a custom profile picture (avatar) directly from their de …

200 No CVEs

Profile Picture

profile-picture

Set a profile picture as your wish using media upload.

80 No CVEs

Developer Profile

User Profile Pic Developer Profile

farvehandleren

11 plugins · 240 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect User Profile Pic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/user-profile-pic/user-profile-pic.js

Script Paths

/wp-content/plugins/user-profile-pic/user-profile-pic.js

Version Parameters

user-profile-pic/user-profile-pic.js?ver=

HTML / DOM Fingerprints

CSS Classes

additional-user-imageregular-text

HTML Comments

Data Attributes

id="upp_user_meta_image"id="user_image_1"id="upload_image_button"class="additional-user-image"name="upp_user_meta_image"value="Upload Image"+1 more

JS Globals

window.send_to_editorjQuery

Shortcode Output

esc_url( get_the_author_meta( 'upp_user_meta_image', $userID ) )

FAQ