WP-Safety

Premium Portfolio Features for Phlox theme Security & Risk Analysis

wordpress.org/plugins/auxin-portfolio

Showcase your projects beautifully in Phlox theme

40K active installs v2.3.12 PHP 5.6+ WP 4.7+ Updated Nov 3, 2025
avertaelementorgalleryphloxportfolio
89
A · Safe
CVEs total4
Unpatched0
Last CVENov 4, 2025
Plugin page Download
Safety Verdict

Is Premium Portfolio Features for Phlox theme Safe to Use in 2026?

Generally Safe

Score 89/100

Premium Portfolio Features for Phlox theme has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Nov 4, 2025Updated 5mo ago
Risk Assessment

The plugin auxin-portfolio v2.3.12 presents a mixed security posture. While the static analysis indicates a relatively small attack surface with no direct unprotected entry points and the use of prepared statements for SQL queries, there are concerning indicators regarding output escaping. A significant percentage of output (43%) is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is directly reflected in the output. The presence of unsanitized paths in taint flows, although not classified as critical or high severity in this analysis, suggests a potential for insecure file operations or include/require statements that could be exploited if input is not rigorously validated.

The plugin's vulnerability history is a major concern. With four known CVEs, including one critical and one high severity, and a recent vulnerability recorded in late 2025, the plugin has a demonstrated track record of security flaws. The historical prevalence of Remote File Inclusion and Cross-site Scripting vulnerabilities indicates recurring weaknesses in input validation and file handling. Although there are currently no unpatched CVEs, the history suggests a consistent need for vigilance and prompt patching when new vulnerabilities are discovered. The combination of unescaped output, potential for unsanitized path flows, and a history of critical vulnerabilities points to a need for caution when using this plugin.

Key Concerns

  • Significant percentage of unescaped output
  • Taint flows with unsanitized paths
  • History of critical severity CVEs
  • History of high severity CVEs
  • History of medium severity CVEs
  • Bundled library (TinyMCE) may be outdated
Vulnerabilities
4

Premium Portfolio Features for Phlox theme Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
2

4 total CVEs

CVE-2025-12497high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Premium Portfolio Features for Phlox theme <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path]

Nov 4, 2025 Patched in 2.3.12 (1d)
CVE-2024-1384medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Portfolio Features for Phlox theme <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 28, 2024 Patched in 2.3.5 (114d)
CVE-2024-3587medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Premium Portfolio Features for Phlox theme <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios'

Jul 15, 2024 Patched in 2.3.3 (1d)
CVE-2023-38399critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Phlox Portfolio <= 2.3.1 - Unauthenticated Local File Inclusion

Nov 15, 2023 Patched in 2.3.2 (69d)
Code Analysis
Analyzed Mar 16, 2026

Premium Portfolio Features for Phlox theme Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
65
86 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared1 total queries

Output Escaping

57% escaped151 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
auxin_recent_portfolios_ajax_handler (admin\includes\admin-ajax.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Premium Portfolio Features for Phlox theme Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_aux_recent_portfolio_filter_contentadmin\includes\admin-ajax.php:65
noprivwp_ajax_aux_recent_portfolio_filter_contentadmin\includes\admin-ajax.php:66
WordPress Hooks 38
actionadmin_initadmin\includes\admin-hooks.php:19
actionsave_post_portfolioadmin\includes\admin-hooks.php:27
filterauxin_admin_metabox_models_portfolioadmin\includes\metaboxes\metabox-fields-portfolio.php:88
filterauxin_admin_metabox_models_portfolioadmin\includes\metaboxes\metabox-fields-portfolio.php:101
actionplugins_loadedauxin-portfolio.php:98
actionadmin_noticesincludes\classes\class-auxin-plugin-requirements.php:42
actionactivated_pluginincludes\classes\class-auxin-plugin-requirements.php:43
actionauxin_after_inner_body_openincludes\classes\class-auxin-plugin-requirements.php:45
filtertemplate_includeincludes\classes\class-auxpfo-template-loader.php:20
actionplugins_loadedincludes\elements\elementor\class-auxpfo-elementor-elements.php:80
actionauxin/core_elements/elementor/widgets_listincludes\elements\elementor\class-auxpfo-elementor-elements.php:136
actionauxin_plugin_updatedincludes\elements\elementor\class-auxpfo-elementor-elements.php:139
filterelementor/theme/need_override_locationincludes\elements\elementor\class-auxpfo-elementor-elements.php:142
actionelementor/dynamic_tags/registerincludes\elements\elementor\class-auxpfo-elementor-elements.php:154
filterauxin_master_array_shortcodesincludes\elements\recent-portfolios-tile-carousel.php:405
filterauxin_master_array_shortcodesincludes\elements\recent-portfolios.php:842
filterauxin_defined_option_fields_sectionsincludes\general-hooks.php:3535
actioninitincludes\general-hooks.php:3574
filterwp_ulike_respond_for_liked_dataincludes\general-hooks.php:3592
filterwp_ulike_respond_for_not_liked_dataincludes\general-hooks.php:3593
filterwp_ulike_respond_for_unliked_dataincludes\general-hooks.php:3594
filterwp_ulike_add_templates_argsincludes\general-hooks.php:3633
actionauxin_single_portfolio_actionsincludes\general-hooks.php:3652
actionauxin_single_portfolio_overviewincludes\general-hooks.php:3664
actionauxin_portfolio_single_after_article_primaryincludes\general-hooks.php:3783
actionauxin_portfolio_single_after_article_primaryincludes\general-hooks.php:3784
actionauxin_portfolio_single_after_content_primaryincludes\general-hooks.php:3786
actionauxin_portfolio_single_after_content_primaryincludes\general-hooks.php:3787
actionwpincludes\general-hooks.php:3794
filterauxin_get_page_sidebar_posincludes\general-hooks.php:3806
actionpre_get_postsincludes\general-hooks.php:3829
filterauxin_active_post_typesincludes\general-hooks.php:3842
actioninitpublic\class-auxpfo.php:66
actionwpmu_new_blogpublic\class-auxpfo.php:69
actionafter_setup_themepublic\class-auxpfo.php:245
actionwp_enqueue_scriptspublic\includes\class-auxpfo-frontend-assets.php:23
actionwp_enqueue_scriptspublic\includes\class-auxpfo-frontend-assets.php:24
actionwp_enqueue_scriptspublic\includes\class-auxpfo-frontend-assets.php:25
Maintenance & Trust

Premium Portfolio Features for Phlox theme Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 3, 2025
PHP min version5.6
Downloads1.1M

Community Trust

Rating84/100
Number of ratings6
Active installs40K
Alternatives

Premium Portfolio Features for Phlox theme Alternatives

Shortcodes and extra features for Phlox theme

Shortcodes and extra features for Phlox theme

auxin-elements

D
32

Powerful and comprehensive plugin that extends the functionality of Phlox Elementor theme.

90K 2 unpatched
PowerFolio – Portfolio & Image Gallery for Elementor

PowerFolio – Portfolio & Image Gallery for Elementor

portfolio-elementor

A
96

A powerful portfolio and gallery plugin for WP, Elementor and Gutenberg. Create portfolio and image galleries in seconds using any page builder!

10K 4 CVEs
Elfi Masonry – Filterable Portfolio & Masonry Gallery Addon for Elementor

Elfi Masonry – Filterable Portfolio & Masonry Gallery Addon for Elementor

elfi-masonry-addon

A
100

"ELFI Masonry Addon" is a filterable and gallery showcase addon for Elementor page builder.

200 No CVEs
Gallery Tile Links (for Elementor)

Gallery Tile Links (for Elementor)

gallery-tile-links-elementor

A
100

Give each image in Elementor’s built-in Image Gallery its own URL. Masonry/Classic layouts supported. Server-side, no JS, no order hacks.

60 No CVEs
mFolio Lite

mFolio Lite

mfolio-lite

B
73

Short Description: Create modern portfolios with an all-in-one Elementor portfolio plugin for WordPress.

0 1 unpatched
Developer Profile

Premium Portfolio Features for Phlox theme Developer Profile

averta

6 plugins · 310K total installs

59
trust score
Avg Security Score
71/100
Avg Patch Time
250 days
View full developer profile
Detection Fingerprints

How We Detect Premium Portfolio Features for Phlox theme

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/auxin-portfolio/public/assets/js/portfolio.js/wp-content/plugins/auxin-portfolio/public/assets/css/main.css
Version Parameters
auxin-portfolio/main.css?ver=auxin-portfolio/portfolio.js?ver=

HTML / DOM Fingerprints

CSS Classes
aux-portfolio-gridaux-portfolio-item-wrapperaux-portfolio-item-metaaux-portfolio-terms
HTML Comments
<!-- Auxin Portfolio Loop --><!-- Auxin Portfolio Item -->
Data Attributes
data-auxin-portfolio-iddata-auxin-portfolio-layout
JS Globals
window.auxpfo
REST Endpoints
/wp-json/auxin-portfolio/v1
Shortcode Output
[auxin_portfolio[auxin_portfolio_gallery
FAQ

Frequently Asked Questions about Premium Portfolio Features for Phlox theme