WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Simple Local Avatars safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Simple Local Avatars WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: simple-local-avatars
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Simple Local Avatars [simple-local-avatars] < 2.7.4 [CVE-2022-25860, simple-git < 3.16.0 - Remote Code Execution]
  • Simple Local Avatars [simple-local-avatars] < 2.7.4 [CVE-2022-25881, http-cache-semantics < 4.1.1 - Regular Expression Denial of Service (ReDoS)]
  • Simple Local Avatars [simple-local-avatars] < 2.7.11 [CVE-2024-43116, WordPress Simple Local Avatars Plugin <= 2.7.10 is vulnerable to Cross Site Request Forgery (CSRF), Simple Local Avatars <= 2.7.10 - Cross-Site Request Forgery via save_default_avatar_file_id()]
  • Simple Local Avatars [simple-local-avatars] < 2.8.0 [CVE-2024-10786, Simple Local Avatars <= 2.7.11 - Missing Authorization to Authenticated (Subscriber+) User Cache Clearing, WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control]
  • Simple Local Avatars [simple-local-avatars] < 2.8.5 [CVE-2025-8482, WordPress Simple Local Avatars Plugin <= 2.8.4 is vulnerable to Broken Access Control, Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration, EUVD-2025-24225]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.