Does a3 Portfolio have any unpatched vulnerabilities?

No. All known vulnerabilities in a3 Portfolio have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is a3 Portfolio compatible with WordPress 6.9.0?

According to WordPress.org data, a3 Portfolio 3.2.4 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

How often is a3 Portfolio updated?

a3 Portfolio was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is a3 Portfolio's security score?

a3 Portfolio has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

a3 Portfolio Security & Risk Analysis

wordpress.org/plugins/a3-portfolio

a3 Portfolio is an extendable post based plugin that makes creating beautiful content a breeze.

90 active installs v3.2.4 PHP + WP 6.0+ Updated Dec 2, 2025

a3-portfolioimage-showcaseportfoliopost-portfolioshowcase

A · Safe

CVEs total3

Unpatched0

Last CVEApr 10, 2023

Download

Safety Verdict

Is a3 Portfolio Safe to Use in 2026?

Generally Safe

Score 98/100

a3 Portfolio has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 10, 2023Updated 4mo ago

Risk Assessment

The a3-portfolio plugin v3.2.4 exhibits a mixed security posture with some positive aspects but significant areas of concern. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for a majority of its SQL queries (63%) and properly escaping a high percentage of its output (82%). It also includes a reasonable number of nonce checks (14) and capability checks (6), indicating an awareness of common WordPress security mechanisms. The absence of dangerous functions and critical taint flows is also encouraging.

However, the plugin's attack surface is a notable weakness, with 18 total entry points, 12 of which lack any authentication checks. This is particularly concerning given the 3 high-severity taint flows with unsanitized paths identified during the analysis. While there are no currently unpatched CVEs, the plugin has a history of 3 known vulnerabilities, with 2 high and 1 medium severity. The common vulnerability types (XSS and CSRF) suggest that input validation and output escaping are areas that have historically required attention and may still be a concern in the current version, especially given the identified taint flows.

In conclusion, while the plugin has made strides in secure coding practices, the large number of unprotected entry points coupled with identified unsanitized taint flows present a significant risk. The historical vulnerability pattern further emphasizes the need for rigorous security auditing, especially around user-supplied data handling. Developers should prioritize securing all entry points and thoroughly sanitizing any data processed by these handlers.

Key Concerns

12 unprotected AJAX handlers
3 high severity unsanitized taint flows
2 high severity CVEs in history
1 medium severity CVE in history
37% SQL queries not using prepared statements
Bundled library (jQuery) potential for outdated versions

Vulnerabilities

a3 Portfolio Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2023-29097medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

a3 Portfolio <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting

Apr 10, 2023 Patched in 3.1.1 (288d)

WF-0a5a0ca6-f355-4110-a533-04e46c741ec9-a3-portfoliohigh · 8.8Cross-Site Request Forgery (CSRF)

a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset

Nov 2, 2022 Patched in 3.0.2 (447d)

WF-9133fa10-036b-4f42-9d0c-8e15d2625f5e-a3-portfoliohigh · 8.8Cross-Site Request Forgery (CSRF)

a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes

May 24, 2022 Patched in 3.0.0 (609d)

Code Analysis

Analyzed Mar 16, 2026

a3 Portfolio Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

268

1233 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

37% prepared41 total queries

Output Escaping

82% escaped1501 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

17 flows8 with unsanitized paths

a3_admin_ui_event (admin\admin-interface.php:174)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

12 unprotected

a3 Portfolio Attack Surface

Entry Points18

Unprotected12

AJAX Handlers 12

authwp_ajax_portfolio_update_taxonomy_orderincludes\attributes\a3-portfolio-attribute-taxonomies.php:25

noprivwp_ajax_portfolio_update_taxonomy_orderincludes\attributes\a3-portfolio-attribute-taxonomies.php:26

authwp_ajax_a3_portfolio_set_cookieincludes\cookies\class-a3-portfolio-cookies.php:14

noprivwp_ajax_a3_portfolio_set_cookieincludes\cookies\class-a3-portfolio-cookies.php:15

authwp_ajax_a3_portfolio_remove_all_cookieincludes\cookies\class-a3-portfolio-cookies.php:16

noprivwp_ajax_a3_portfolio_remove_all_cookieincludes\cookies\class-a3-portfolio-cookies.php:17

authwp_ajax_a3_portfolio_remove_cookieincludes\cookies\class-a3-portfolio-cookies.php:18

noprivwp_ajax_a3_portfolio_remove_cookieincludes\cookies\class-a3-portfolio-cookies.php:19

authwp_ajax_portfolio_update_taxonomy_orderincludes\taxonomies\a3-portfolio-cat.php:25

noprivwp_ajax_portfolio_update_taxonomy_orderincludes\taxonomies\a3-portfolio-cat.php:26

authwp_ajax_a3_portfolio_update_taxonomy_custom_metaincludes\taxonomies\a3-portfolio-cat.php:29

noprivwp_ajax_a3_portfolio_update_taxonomy_custom_metaincludes\taxonomies\a3-portfolio-cat.php:30

Shortcodes 6

[a3_portfolio_item] includes\shortcodes\class-shortcodes-display.php:24

[a3_portfolio_category] includes\shortcodes\class-shortcodes-display.php:27

[a3_portfolio_tag] includes\shortcodes\class-shortcodes-display.php:30

[a3_portfolios] includes\shortcodes\class-shortcodes-display.php:33

[a3_portfolio_recent] includes\shortcodes\class-shortcodes-display.php:36

[a3_portfolio_sticky] includes\shortcodes\class-shortcodes-display.php:39

WordPress Hooks 140

actionplugins_loadedadmin\admin-init.php:47

actioninitadmin\admin-interface.php:49

actioninitadmin\admin-interface.php:50

actionadmin_enqueue_scriptsadmin\admin-interface.php:65

actionadmin_enqueue_scriptsadmin\admin-interface.php:66

actionadmin_print_scriptsadmin\admin-interface.php:69

actionadmin_print_footer_scriptsadmin\admin-interface.php:70

actionadmin_enqueue_scriptsadmin\admin-interface.php:81

actionadmin_enqueue_scriptsadmin\includes\uploader\class-uploader.php:59

actionwp_enqueue_scriptsadmin\less\sass.php:22

filterfilesystem_methodadmin\less\sass.php:57

actionplugins_loadedadmin\plugin-init.php:19

actioninitadmin\plugin-init.php:25

actionwidgets_initadmin\plugin-init.php:28

actioninitincludes\attributes\a3-portfolio-attribute-taxonomies.php:15

actioncreate_termincludes\attributes\a3-portfolio-attribute-taxonomies.php:17

filterterms_clausesincludes\attributes\a3-portfolio-attribute-taxonomies.php:21

actionadmin_menuincludes\attributes\class-a3-portfolio-attributes-page.php:20

actionadmin_enqueue_scriptsincludes\backend\class-a3-portfolio-backend-scripts.php:14

actionadmin_enqueue_scriptsincludes\backend\class-a3-portfolio-backend-scripts.php:18

filterplugin_row_metaincludes\backend\class-a3-portfolio-backend-scripts.php:25

actioncurrent_screenincludes\backend\class-a3-portfolio-permalinks-structure.php:15

filterrewrite_rules_arrayincludes\backend\class-a3-portfolio-permalinks-structure.php:17

filterpost_type_linkincludes\backend\class-a3-portfolio-permalinks-structure.php:18

actioninitincludes\backend\class-a3-portfolio-shortcodes-hooks.php:14

actionmedia_buttonsincludes\backend\class-a3-portfolio-shortcodes-hooks.php:19

actionadmin_footerincludes\backend\class-a3-portfolio-shortcodes-hooks.php:20

filtermanage_edit-portfolio_cat_columnsincludes\backend\class-a3-portfolio-shortcodes-hooks.php:23

filtermanage_portfolio_cat_custom_columnincludes\backend\class-a3-portfolio-shortcodes-hooks.php:24

actiontemplate_redirectincludes\BlockTemplatesController.php:58

filterpre_get_block_file_templateincludes\BlockTemplatesController.php:59

filterget_block_templatesincludes\BlockTemplatesController.php:60

filterpre_get_block_file_templateincludes\BlockTemplatesController.php:135

filterget_block_file_templateincludes\BlockTemplatesController.php:141

filterpre_get_block_file_templateincludes\BlockTemplatesController.php:147

filterportfolio_has_block_templateincludes\BlockTemplatesController.php:465

filterportfolio_has_block_templateincludes\BlockTemplatesController.php:470

filterportfolio_has_block_templateincludes\BlockTemplatesController.php:475

filterportfolio_has_block_templateincludes\BlockTemplatesController.php:480

actioninitincludes\class-a3-portfolio-ajax.php:21

actiontemplate_redirectincludes\class-a3-portfolio-ajax.php:22

filtertemplate_includeincludes\compatibilities\divi-theme.php:12

actionwp_headincludes\frontend\a3-portfolio-template-hooks.php:10

actiona3_portfolio_before_category_contentincludes\frontend\a3-portfolio-template-hooks.php:16

actiona3_portfolio_before_tag_contentincludes\frontend\a3-portfolio-template-hooks.php:17

actiona3_portfolio_before_main_contentincludes\frontend\a3-portfolio-template-hooks.php:23

actiona3_portfolio_before_main_loopincludes\frontend\a3-portfolio-template-hooks.php:29

actiona3_portfolio_after_main_loopincludes\frontend\a3-portfolio-template-hooks.php:35

actiona3_portfolio_after_loop_item_cardincludes\frontend\a3-portfolio-template-hooks.php:41

actiona3_portfolio_after_loop_item_cardincludes\frontend\a3-portfolio-template-hooks.php:42

actiona3_portfolio_before_category_contentincludes\frontend\a3-portfolio-template-hooks.php:48

actiona3_portfolio_custom_before_category_contentincludes\frontend\a3-portfolio-template-hooks.php:54

actiona3_portfolio_before_tag_contentincludes\frontend\a3-portfolio-template-hooks.php:60

actiona3_portfolio_custom_before_tag_contentincludes\frontend\a3-portfolio-template-hooks.php:66

actiona3_portfolio_after_item_expander_large_image_containerincludes\frontend\a3-portfolio-template-hooks.php:72

actiona3_portfolio_before_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:78

actiona3_portfolio_before_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:79

actiona3_portfolio_before_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:80

actiona3_portfolio_before_item_expander_full_contentincludes\frontend\a3-portfolio-template-hooks.php:86

actiona3_portfolio_main_after_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:92

actiona3_portfolio_main_after_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:93

actiona3_portfolio_main_after_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:94

actiona3_portfolio_main_after_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:95

actiona3_portfolio_expander_large_image_startincludes\frontend\a3-portfolio-template-hooks.php:101

actiona3_portfolio_single_after_large_image_containerincludes\frontend\a3-portfolio-template-hooks.php:107

actiona3_portfolio_single_before_full_contentincludes\frontend\a3-portfolio-template-hooks.php:113

actiona3_portfolio_single_after_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:119

actiona3_portfolio_single_after_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:120

actiona3_portfolio_single_after_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:121

actiona3_portfolio_single_after_item_expander_contentincludes\frontend\a3-portfolio-template-hooks.php:122

actionwp_enqueue_scriptsincludes\frontend\class-a3-portfolio-frontend-scripts.php:12

actionwp_print_scriptsincludes\frontend\class-a3-portfolio-frontend-scripts.php:13

actionwp_print_scriptsincludes\frontend\class-a3-portfolio-frontend-scripts.php:14

actionwp_print_footer_scriptsincludes\frontend\class-a3-portfolio-frontend-scripts.php:15

actiona3_portfolio_before_include_scriptsincludes\frontend\class-a3-portfolio-frontend-scripts.php:18

actiona3_portfolio_before_single_contentincludes\frontend\class-a3-portfolio-frontend-scripts.php:21

actiona3_portfolio_after_single_contentincludes\frontend\class-a3-portfolio-frontend-scripts.php:24

actiona3_portfolio_before_recently_widgetincludes\frontend\class-a3-portfolio-frontend-scripts.php:27

actiona3_portfolio_before_attribute_filter_widgetincludes\frontend\class-a3-portfolio-frontend-scripts.php:30

filterrequestincludes\frontend\class-a3-portfolio-template-loader.php:16

filterparse_queryincludes\frontend\class-a3-portfolio-template-loader.php:17

actiontemplate_redirectincludes\frontend\class-a3-portfolio-template-loader.php:18

filterrequestincludes\frontend\class-a3-portfolio-template-loader.php:19

filterarchive_templateincludes\frontend\class-a3-portfolio-template-loader.php:20

filterthe_titleincludes\frontend\class-a3-portfolio-template-loader.php:22

filtera3_lazy_load_run_filterincludes\frontend\class-a3-portfolio-template-loader.php:26

actionwp_headincludes\frontend\class-a3-portfolio-template-loader.php:31

filterpre_get_postsincludes\frontend\class-a3-portfolio-template-loader.php:136

filterthe_titleincludes\frontend\class-a3-portfolio-template-loader.php:400

filterthe_contentincludes\frontend\class-a3-portfolio-template-loader.php:410

filterthe_contentincludes\frontend\class-a3-portfolio-template-loader.php:411

actionadd_meta_boxesincludes\meta-boxes\a3-portfolio-data-metabox.php:18

actionsave_postincludes\meta-boxes\a3-portfolio-data-metabox.php:19

actionadmin_footerincludes\meta-boxes\a3-portfolio-data-metabox.php:44

actionadmin_footerincludes\meta-boxes\a3-portfolio-data-metabox.php:45

actionadmin_action_duplicate_a3-portfolioincludes\post-types\a3-portfolio-duplicate.php:15

filterpost_row_actionsincludes\post-types\a3-portfolio-duplicate.php:18

filterpage_row_actionsincludes\post-types\a3-portfolio-duplicate.php:19

actionpost_submitbox_startincludes\post-types\a3-portfolio-duplicate.php:22

actionrestrict_manage_postsincludes\post-types\a3-portfolio-post-types.php:17

filterparse_queryincludes\post-types\a3-portfolio-post-types.php:18

filtermanage_edit-a3-portfolio_columnsincludes\post-types\a3-portfolio-post-types.php:21

filtermanage_a3-portfolio_posts_columnsincludes\post-types\a3-portfolio-post-types.php:22

actionmanage_a3-portfolio_posts_custom_columnincludes\post-types\a3-portfolio-post-types.php:23

actioninitincludes\taxonomies\a3-portfolio-cat.php:14

filterterms_clausesincludes\taxonomies\a3-portfolio-cat.php:18

actioninitincludes\taxonomies\a3-portfolio-cat.php:19

actionswitch_blogincludes\taxonomies\a3-portfolio-cat.php:20

actionportfolio_cat_pre_add_formincludes\taxonomies\a3-portfolio-cat.php:21

actioncreate_termincludes\taxonomies\a3-portfolio-cat.php:37

actiondelete_termincludes\taxonomies\a3-portfolio-cat.php:38

actionportfolio_cat_add_form_fieldsincludes\taxonomies\a3-portfolio-cat.php:39

actionportfolio_cat_edit_formincludes\taxonomies\a3-portfolio-cat.php:40

actionedited_portfolio_catincludes\taxonomies\a3-portfolio-cat.php:41

actioncreate_portfolio_catincludes\taxonomies\a3-portfolio-cat.php:42

actiondelete_portfolio_catincludes\taxonomies\a3-portfolio-cat.php:43

filtermanage_edit-portfolio_cat_columnsincludes\taxonomies\a3-portfolio-cat.php:46

filtermanage_portfolio_cat_custom_columnincludes\taxonomies\a3-portfolio-cat.php:47

actionadmin_footerincludes\taxonomies\a3-portfolio-cat.php:57

actionadmin_footerincludes\taxonomies\a3-portfolio-cat.php:58

actionadmin_footerincludes\taxonomies\a3-portfolio-cat.php:59

actionadmin_footerincludes\taxonomies\a3-portfolio-cat.php:60

actionportfolio_tag_pre_add_formincludes\taxonomies\a3-portfolio-tag.php:13

actionportfolio_tag_add_form_fieldsincludes\taxonomies\a3-portfolio-tag.php:16

actionportfolio_tag_edit_form_fieldsincludes\taxonomies\a3-portfolio-tag.php:19

actionedited_portfolio_tagincludes\taxonomies\a3-portfolio-tag.php:21

actioncreate_portfolio_tagincludes\taxonomies\a3-portfolio-tag.php:22

actiondelete_portfolio_tagincludes\taxonomies\a3-portfolio-tag.php:23

actionadmin_enqueue_scriptsincludes\taxonomies\a3-portfolio-tag.php:26

actionplugins_loadedincludes\wpml-support\class-portfolio-wpml.php:19

actioninitsrc\blocks\categories\block.php:21

actioninitsrc\blocks\item-tags\block.php:53

actioninitsrc\blocks\items\block.php:21

actioninitsrc\blocks\main\block.php:21

actioninitsrc\blocks\recent\block.php:21

actioninitsrc\blocks\sticky\block.php:21

actioninitsrc\blocks\tags\block.php:21

actioninitsrc\blocks.php:21

actionenqueue_block_editor_assetssrc\blocks.php:34

filterblock_categories_allsrc\blocks.php:137

Maintenance & Trust

a3 Portfolio Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedDec 2, 2025

PHP min version

Downloads37K

Community Trust

Rating60/100

Number of ratings12

Active installs90

Alternatives

a3 Portfolio Alternatives

Themify Portfolio Post

themify-portfolio-post

Add a simple Portfolio post type to your site.

30K 6 CVEs

Filterable Portfolio

filterable-portfolio

100

A WordPress Portfolio plugin to display portfolio/project images to your site.

1K No CVEs

Portfolio Block – The Ultimate Project & Portfolio Builder

portfolio-block

100

Portfolio Block helps you create and display modern, responsive portfolios with multiple layouts, filters, and full design control.

700 No CVEs

Portfolio Awesome – Responsive WordPress Porfolio Plugin

portfolio-builder-awesome

Create Grid Portfolio, Masonry Portfolio, Carousel portfolio, Slider Portfolio and Other stunning portfolio template with this portfolio plugin for Wo …

400 No CVEs

Portfolio X

portfolio-x

100

Portfolio X is a responsive portfolio gallery plugin for project portfolio with unique photo gallery styles, portfolio widgets and project showcase.

200 No CVEs

Developer Profile

a3 Portfolio Developer Profile

Steve Truman

13 plugins · 117K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

539 days

View full developer profile

Detection Fingerprints

How We Detect a3 Portfolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/a3-portfolio/assets/css/admin-style.css/wp-content/plugins/a3-portfolio/assets/css/admin-style.rtl.css/wp-content/plugins/a3-portfolio/assets/js/admin-script.js/wp-content/plugins/a3-portfolio/assets/js/admin-script.min.js/wp-content/plugins/a3-portfolio/assets/js/bootstrap/modal.min.js/wp-content/plugins/a3-portfolio/assets/js/bootstrap/popper.min.js/wp-content/plugins/a3-portfolio/assets/js/bootstrap/tooltip.min.js/wp-content/plugins/a3-portfolio/assets/js/bootstrap/util.min.js+30 more

Script Paths

/wp-content/plugins/a3-portfolio/assets/js/admin-script.js/wp-content/plugins/a3-portfolio/assets/js/admin-script.min.js/wp-content/plugins/a3-portfolio/assets/js/bootstrap/modal.min.js/wp-content/plugins/a3-portfolio/assets/js/bootstrap/popper.min.js/wp-content/plugins/a3-portfolio/assets/js/bootstrap/tooltip.min.js/wp-content/plugins/a3-portfolio/assets/js/bootstrap/util.min.js+17 more

Version Parameters

/wp-content/plugins/a3-portfolio/assets/css/admin-style.css?ver=/wp-content/plugins/a3-portfolio/assets/js/admin-script.js?ver=/wp-content/plugins/a3-portfolio/assets/js/bootstrap/util.min.js?ver=/wp-content/plugins/a3-portfolio/assets/js/bootstrap/modal.min.js?ver=/wp-content/plugins/a3-portfolio/assets/js/bootstrap/popper.min.js?ver=/wp-content/plugins/a3-portfolio/assets/js/bootstrap/tooltip.min.js?ver=/wp-content/plugins/a3-portfolio/assets/js/chosen.jquery.min.js?ver=/wp-content/plugins/a3-portfolio/assets/js/custom-select.min.js?ver=/wp-content/plugins/a3-portfolio/assets/js/magnific-popup/modernizr.custom.js?ver=/wp-content/plugins/a3-portfolio/assets/js/magnific-popup/jquery.magnific-popup.min.js?ver=/wp-content/plugins/a3-portfolio/assets/js/owl.carousel.min.js?ver=/wp-content/plugins/a3-portfolio/assets/js/tinymce/themes/a3portfolio/theme.min.js?ver=/wp-content/plugins/a3-portfolio/assets/js/tinymce/plugins/a3portfolio/plugin.min.js?ver=/wp-content/plugins/a3-portfolio/assets/js/wp-color-picker-alpha.min.js?ver=/wp-content/plugins/a3-portfolio/css/a3-portfolio.css?ver=/wp-content/plugins/a3-portfolio/css/magnific-popup.css?ver=/wp-content/plugins/a3-portfolio/css/owl.carousel.min.css?ver=/wp-content/plugins/a3-portfolio/css/owl.theme.default.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

a3-portfolio-wrapa3-portfolio-contenta3-portfolio-itema3-portfolio-thumbnaila3-portfolio-captiona3-portfolio-single-wrapa3-portfolio-single-contenta3-portfolio-gallery-item+39 more

HTML Comments

+2 more

Data Attributes

data-a3portfolio-iddata-a3portfolio-filterdata-a3portfolio-urldata-a3portfolio-typedata-a3portfolio-imagedata-a3portfolio-title+9 more

JS Globals

a3_portfolio_paramsa3_portfolio_admin_paramsa3_portfolio_admin_localize

REST Endpoints

/wp-json/a3-portfolio/v1/settings/wp-json/a3-portfolio/v1/portfolio-items/wp-json/a3-portfolio/v1/categories/wp-json/a3-portfolio/v1/tags

Shortcode Output

[a3_portfolio[a3_portfolio_filter[a3_portfolio_gallery[a3_portfolio_single

FAQ