Skip to main content
PluginScorePluginScore
Errors
PluginScore — Plugin Analyzer for WordPress
© 2025 PluginScore.
← Back to Leaderboard
wp-user-avatars icon

WP User Avatars

Allow registered users to upload & select their own avatars.

Updated 6/1/2021
Scanned 11/13/2025, 7:14:22 AM
avatarlocalmediaprofileuser
94
Score
7
Errors
18
Warnings
20K
Installs
Security15
Repo9
Performance1
General0
Accessibility0
Top Issues by Category
Issues organized by category, type, and rule family

Issues Details
25 issues found in latest scan
CodeMessageLocationCategory
ERRORWordPress.WP.AlternativeFunctions.unlink_unlink
unlink() is discouraged. Use wp_delete_file() to delete a file.
439:5Plugin Repo
ERRORWordPress.Security.EscapeOutput.OutputNotEscaped
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'ob_get_clean'.
616:10Security
ERRORWordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_wp_user_avatars".
27:1Plugin Repo
ERRORPluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
44:2Plugin Repo
ERRORoutdated_tested_upto_header
Tested up to: 5.8 < 6.8. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
—Plugin Repo
ERRORreadme_mismatched_header_requires_php
Mismatched Requires PHP: 7.2 != 7.0. "Requires PHP" needs to be exactly the same with that in your main plugin file's header.
—Plugin Repo
ERRORWordPress.Security.EscapeOutput.OutputNotEscaped
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'translate_user_role'.
73:24Security
WARNINGWordPress.Security.ValidatedSanitizedInput.InputNotSanitized
Detected usage of a non-sanitized input variable: $_POST[&#039;wp_user_avatars_rating&#039;]
91:73Security
WARNINGWordPress.Security.ValidatedSanitizedInput.MissingUnslash
$_POST[&#039;wp_user_avatars_rating&#039;] not unslashed before sanitization. Use wp_unslash() or similar
95:57Security
WARNINGWordPress.Security.ValidatedSanitizedInput.InputNotSanitized
Detected usage of a non-sanitized input variable: $_POST[&#039;wp_user_avatars_rating&#039;]
95:57Security
25 total row(s)
Scan History
1 scan recorded
11/13/2025, 7:14:22 AM10s
94
7
18
1 total row(s)