Gravatar Disclosure

Some WordPress applications have ties to "Gravatar" unless it is explicitly disabled on the WP app. You might be able to find a users gravatar profile picture by looking through the HTML source code.

https://secure.gravatar.com/avatar/{long_alphanumeric_value}

This Alphanumeric value is an MD5 hash of the user's email Address. With a large enough list of email addresses from data brokers and such, it is possible to try and crack this MD5 hash using HashCat or John The Ripper