WP-Safety

Codeincept Portfolio Security & Risk Analysis

wordpress.org/plugins/codeincept-portfolio

Codeincept portfolio plugin helps you design awesome portfolio showcase

10 active installs v1.0.2 PHP 5.2+ WP 4.5.0+ Updated Sep 14, 2018
advanced-portfoliocodeinceptfilterable-portfolioportfolioportfolio-slider
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Codeincept Portfolio Safe to Use in 2026?

Generally Safe

Score 85/100

Codeincept Portfolio has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "codeincept-portfolio" plugin version 1.0.2 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating nonce and capability checks. The absence of known CVEs and a history of vulnerabilities also suggests a generally well-maintained codebase.

However, several significant concerns arise from the static analysis. The presence of the `unserialize()` function is a major red flag, as it can be a vector for remote code execution if untrusted data is unserialized. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential vulnerabilities where user input might not be adequately validated or sanitized before being processed. The low percentage of properly escaped output (8%) is also a concern, suggesting a high likelihood of cross-site scripting (XSS) vulnerabilities, especially if the data being output is user-controllable.

While the plugin has no recorded vulnerabilities to date, the identified code signals and taint flows indicate latent risks. The `unserialize()` function and unsanitized taint flows are critical issues that require immediate attention. The low output escaping rate also presents a widespread risk. Addressing these specific areas will significantly improve the plugin's security, despite its otherwise positive indicators like prepared statements and authentication checks.

Key Concerns

  • Dangerous function unserialize() present
  • Flows with unsanitized paths (2)
  • Low output escaping (8%)
  • File operations present
Vulnerabilities
None known

Codeincept Portfolio Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Codeincept Portfolio Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
47
4 escaped
Nonce Checks
1
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$html['thumb'] = unserialize(file_get_contents("http://vimeo.com/api/v2/video/$video_id.php"))[0]['tpublic\class-advanced-portfolio-public.php:242

Output Escaping

8% escaped51 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
single_page (admin\class-advanced-portfolio-settings.php:65)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Codeincept Portfolio Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[advanced-portfolio] public\class-advanced-portfolio-public.php:55
WordPress Hooks 15
actioninitadmin\class-advanced-portfolio-admin.php:62
actioninitadmin\class-advanced-portfolio-admin.php:63
actionadd_meta_boxesadmin\class-advanced-portfolio-admin.php:64
actionsave_post_advanced-portfolioadmin\class-advanced-portfolio-admin.php:65
actionadmin_menuadmin\class-advanced-portfolio-admin.php:66
actionadd_meta_boxesadmin\class-advanced-portfolio-metaboxes.php:8
actionsave_post_advportfoliosadmin\class-advanced-portfolio-metaboxes.php:9
filtermanage_edit-advportfolios_columnsadmin\class-advanced-portfolio-metaboxes.php:10
actionmanage_advportfolios_posts_custom_columnadmin\class-advanced-portfolio-metaboxes.php:11
actionplugins_loadedincludes\class-advanced-portfolio.php:142
actionadmin_enqueue_scriptsincludes\class-advanced-portfolio.php:157
actionadmin_enqueue_scriptsincludes\class-advanced-portfolio.php:158
actionwp_enqueue_scriptsincludes\class-advanced-portfolio.php:173
actionwp_enqueue_scriptsincludes\class-advanced-portfolio.php:174
actionwp_headpublic\class-advanced-portfolio-public.php:56
Maintenance & Trust

Codeincept Portfolio Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedSep 14, 2018
PHP min version5.2
Downloads2K

Community Trust

Rating60/100
Number of ratings4
Active installs10
Alternatives

Codeincept Portfolio Alternatives

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more

gs-portfolio

A
99

Showcase your work with GS Portfolio – create filterable grids, sliders & stylish layouts anywhere on your site using simple shortcodes.

300 2 CVEs
Radius Portfolio – Filterable Grid, Gallery & Slider Portfolio

Radius Portfolio – Filterable Grid, Gallery & Slider Portfolio

tlp-portfolio

A
99

A simple and powerful WordPress portfolio plugin to showcase your creative work beautifully with different ways.

8K 2 CVEs
Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

advance-portfolio-grid

A
99

Create responsive and customizable portfolio grids to showcase projects, case studies, and creative work on your WordPress site.

900 1 CVE
HT Portfolio – WordPress Portfolio Plugin for Elementor

HT Portfolio – WordPress Portfolio Plugin for Elementor

ht-portfolio

A
100

HT Portfolio - WordPress Portfolio Plugin for Elementor

300 1 CVE
Creative Portfolio

Creative Portfolio

creative-portfolio

A
85

Creative portfolio for creative people. This plugin Registers a custom post type for portfolio items and display them on a filterable creative grid.

200 No CVEs
Developer Profile

Codeincept Portfolio Developer Profile

codeincept

3 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Codeincept Portfolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/codeincept-portfolio/admin/css/advanced-portfolio-admin.css/wp-content/plugins/codeincept-portfolio/admin/js/advanced-portfolio-admin.js/wp-content/plugins/codeincept-portfolio/public/css/advanced-portfolio-public.css/wp-content/plugins/codeincept-portfolio/public/js/advanced-portfolio-public.js
Script Paths
/wp-content/plugins/codeincept-portfolio/admin/js/advanced-portfolio-admin.js/wp-content/plugins/codeincept-portfolio/public/js/advanced-portfolio-public.js
Version Parameters
codeincept-portfolio/admin/css/advanced-portfolio-admin.css?ver=codeincept-portfolio/admin/js/advanced-portfolio-admin.js?ver=codeincept-portfolio/public/css/advanced-portfolio-public.css?ver=codeincept-portfolio/public/js/advanced-portfolio-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
advanced-portfolio-wrapap-single-itemap-grid-item
HTML Comments
<!-- Start of Advanced Portfolio plugin --><!-- End of Advanced Portfolio plugin -->
Data Attributes
data-portfolio-iddata-portfolio-settings
JS Globals
advancedPortfolioSettingsCI_Portfolio
REST Endpoints
/wp-json/codeincept-portfolio/v1/portfolios/wp-json/codeincept-portfolio/v1/portfolio/
Shortcode Output
[advanced_portfolio][codeincept_portfolio_display id=]
FAQ

Frequently Asked Questions about Codeincept Portfolio