I think you should reconsider the Upload Profile Image function.
1. It is not limited to file upload types. I check can upload html ,js … If not well protected. => can run file upload with HTML+JS. I think this is a pretty serious security bug. Could be a bug. Hackers can upload shells. Website attack. You need an update soon to stop it.
2. Turn off the media upload management function. It’s not the same as uploading images other than review.=> direct and unmanaged uploads.
3. Limit the maximum upload volume. For example 2-5Mb. Normally, websites have to increase to meet the needs of uploading plugins, web design …. Can be up to several hundred Mb. And users upload large files can be a Storage.
