User Avatar – Reloaded

Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.

v1.2.2Saad IqbalUpdated Added 900 installs100% rating
30
Score
352
Errors
171
Warnings
+0
Change

Category Scores

Security0
Repo86
Performance100
Maintainability37

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

523 findings

Security

234

9 issue groups

I18n

185

3 issue groups

Maintainability

89

13 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'user-avatar-reloaded' but got 'wp-user-avatar'.121
Category
I18n
Occurrences
121
Severity
error

Sample message

Mismatched text domain. Expected 'user-avatar-reloaded' but got 'wp-user-avatar'.

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"' $selected/> $rating</label><br />"'.76
Category
Security
Occurrences
76
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"' $selected/> $rating</label><br />"'.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.57
Category
Security
Occurrences
57
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().50
Category
I18n
Occurrences
50
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$all_sizes&quot;.43
Category
Maintainability
Occurrences
43
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$all_sizes&quot;.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.29
Category
Security
Occurrences
29
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES[&#039;wpua-file&#039;][&#039;name&#039;]22
Category
Security
Occurrences
22
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_FILES[&#039;wpua-file&#039;][&#039;name&#039;]

WARNINGSecurityRequest data is not unslashed$_GET[&#039;deleted&#039;] not unslashed before sanitization. Use wp_unslash() or similar17
Category
Security
Occurrences
17
Severity
warning

Sample message

$_GET[&#039;deleted&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.16
Category
Security
Occurrences
16
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.14
Category
I18n
Occurrences
14
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Show 15 more
ERRORMaintainabilityMissing direct file access protection12
Category
Maintainability
Occurrences
12
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityInput is not validated10
Category
Security
Occurrences
10
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES[&#039;wpua-file&#039;][&#039;name&#039;]. Check that the array index exists before using it.

ERRORMaintainabilitydate date5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGMaintainabilityNon-prefixed hook name4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;avatar_defaults&quot;.

WARNINGSecuritywp redirect wp redirect4
Category
Security
Occurrences
4
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORSecuritySetting is missing a sanitization callback3
Category
Security
Occurrences
3
Severity
error

Sample message

Sanitization missing for register_setting().

WARNINGMaintainabilityDirect Query3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityslow db query meta query3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WARNINGMaintainabilityNon-prefixed function3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: &quot;get_wp_user_avatar&quot;.

ERRORMaintainabilitystrip tags strip tags3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

WARNINGMaintainabilityDiscouraged PHP function3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

wp_reset_query() is discouraged. Use wp_reset_postdata() instead.

ERRORMaintainabilityNon Enqueued Script3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

WARNINGMaintainabilityerror log error log2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

ERRORMaintainabilityfile system operations is writeable2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writeable().

External Connections

Potential connections found in static code analysis.

6 domains

Outbound calls

9

External assets

0

Incoming endpoints

1

Notable Domains

jqueryui.com1 · outbound
mailoptin.io1 · outbound
siboliban.org1 · outbound
stackoverflow.com1 · outbound

Platform / Reference Domains

wordpress.org4 · platform/reference
profiles.wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1
wp_ajax_wp_user_avatar_tinymceauthenticated

wp_ajax

Score History

First score snapshot

v1.2.2

30

Latest

Findings
523
Errors
352
Warnings
171
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

33 nodes

Related Plugins

Easy Author Avatar Image

1k+ active installs

100
WP Custom Avatar

500 active installs

98
Disable User Gravatar

3k+ active installs

95
Leira Letter Avatar

6k+ active installs

93
Add New Default Avatar

500 active installs

82
80