WP-Safety

DPortfolio Security & Risk Analysis

wordpress.org/plugins/dportfolio

Portfolio manager, easy to use and customizable.

10 active installs v2.1 PHP + WP 3.9.0+ Updated Oct 19, 2024
categoriesclientsportfolioprojectsresponsive
91
A · Safe
CVEs total1
Unpatched0
Last CVENov 14, 2024
Plugin page Download
Safety Verdict

Is DPortfolio Safe to Use in 2026?

Generally Safe

Score 91/100

DPortfolio has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 14, 2024Updated 1yr ago
Risk Assessment

The dportfolio plugin v2.1 exhibits a generally good security posture with several positive indicators. The complete absence of vulnerable SQL queries, file operations, and external HTTP requests is commendable. Furthermore, the plugin demonstrates strong adherence to WordPress security best practices by implementing nonce and capability checks on its entry points, and a high percentage of properly escaped output. The plugin also shows no known unpatched CVEs, indicating proactive maintenance or resolution of past issues.

However, the static analysis did reveal a concern with unsanitized paths in two identified taint flows. While these did not reach critical or high severity, they represent a potential avenue for input manipulation and should be investigated further. The presence of two shortcodes, while not inherently insecure, contributes to the plugin's attack surface and warrants careful monitoring for potential vulnerabilities if input handling is not robust. The history of Cross-site Scripting vulnerabilities, although resolved, suggests a pattern of input sanitization issues that require continued vigilance.

In conclusion, dportfolio v2.1 is a reasonably secure plugin with strong foundational security practices. The primary area of concern lies in the two identified taint flows with unsanitized paths, which, despite their current low severity, highlight a potential risk. The plugin's vulnerability history also indicates a need for ongoing attention to input sanitization. Overall, the plugin is suitable for use, but administrators should remain aware of the potential for input-related vulnerabilities.

Key Concerns

  • Taint flows with unsanitized paths
  • High percentage of unescaped output
  • History of XSS vulnerabilities
Vulnerabilities
1

DPortfolio Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-24534medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DPortfolio <= 2.0 - Reflected Cross-Site Scripting

Nov 14, 2024 Patched in 2.1 (99d)
Code Analysis
Analyzed Mar 17, 2026

DPortfolio Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
19
76 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

80% escaped95 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
settings_page (includes\class-dportfolio-settings.php:265)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

DPortfolio Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[dportfolio] includes\class-dportfolio-ptype.php:29
[dportfolio] includes\dportfolio-shortcodes.php:37
WordPress Hooks 32
actionplugins_loadeddportfolio.php:33
actionsave_postincludes\class-dportfolio-admin-api.php:11
actioninitincludes\class-dportfolio-post-type.php:21
filterpost_updated_messagesincludes\class-dportfolio-post-type.php:23
filterbulk_post_updated_messagesincludes\class-dportfolio-post-type.php:24
actioninitincludes\class-dportfolio-ptype.php:17
actioninitincludes\class-dportfolio-ptype.php:18
actionadmin_menuincludes\class-dportfolio-ptype.php:22
actionsave_postincludes\class-dportfolio-ptype.php:23
filterpost_updated_messagesincludes\class-dportfolio-ptype.php:25
actioninitincludes\class-dportfolio-settings.php:20
actionadmin_initincludes\class-dportfolio-settings.php:23
actionadmin_menuincludes\class-dportfolio-settings.php:26
actioninitincludes\class-dportfolio-taxonomy.php:24
actionwp_enqueue_scriptsincludes\class-dportfolio.php:29
actionwp_enqueue_scriptsincludes\class-dportfolio.php:30
actioninitincludes\class-dportfolio.php:33
filterthe_contentincludes\dportfolio-functions.php:29
actiondportfolio_before_contentincludes\dportfolio-functions.php:41
filterthe_contentincludes\dportfolio-functions.php:64
actiondportfolio_after_contentincludes\dportfolio-functions.php:76
actionwp_enqueue_scriptsincludes\dportfolio-load-js-css.php:5
actionwp_enqueue_scriptsincludes\dportfolio-load-js-css.php:6
actionadmin_enqueue_scriptsincludes\dportfolio-load-js-css.php:7
actionadmin_enqueue_scriptsincludes\dportfolio-load-js-css.php:8
actionadd_meta_boxesincludes\dportfolio-metaboxes.php:43
actionsave_postincludes\dportfolio-metaboxes.php:141
actionpre_get_postsincludes\dportfolio-setup-post-types-taxonomies.php:19
filterdportfolio_register_argsincludes\dportfolio-setup-post-types-taxonomies.php:27
actioninitincludes\dportfolio-setup-post-types-taxonomies.php:31
filterdportfolio_categories_register_argsincludes\dportfolio-setup-post-types-taxonomies.php:79
actioninitincludes\dportfolio-setup-post-types-taxonomies.php:83
Maintenance & Trust

DPortfolio Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedOct 19, 2024
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings3
Active installs10
Alternatives

DPortfolio Alternatives

Sight – Professional Image Gallery and Portfolio

Sight – Professional Image Gallery and Portfolio

sight

A
99

Introducing Sight — a fast & simple way to create professional looking portfolios and neatly stunning image and video galleries — all with zero co &hellip;

4K 1 CVE
Fancy Grid Portfolio

Fancy Grid Portfolio

fancy-grid-portfolio

A
85

Create portfolio in nice grid format that is animated and filterable with beautiful hover overlay of project title and description.

30 No CVEs
Simple Folio

Simple Folio

simple-folio

A
96

This plugin lets you to create beautiful filterable responsive portfolio.

30 3 CVEs
WPZOOM Portfolio Lite – Filterable Portfolio Plugin

WPZOOM Portfolio Lite – Filterable Portfolio Plugin

wpzoom-portfolio

A
99

Portfolio plugin for WordPress. Create filterable portfolio grids with masonry layouts and lightbox. Ideal for photographers, designers, agencies.

20K 2 CVEs
PowerFolio – Portfolio & Image Gallery for Elementor

PowerFolio – Portfolio & Image Gallery for Elementor

portfolio-elementor

A
96

A powerful portfolio and gallery plugin for WP, Elementor and Gutenberg. Create portfolio and image galleries in seconds using any page builder!

10K 4 CVEs
Developer Profile

DPortfolio Developer Profile

dinamiko

3 plugins · 70 total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
1246 days
View full developer profile
Detection Fingerprints

How We Detect DPortfolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dportfolio/assets/css/dportfolio-front.css/wp-content/plugins/dportfolio/assets/js/jquery.fitvids.js/wp-content/plugins/dportfolio/assets/js/dportfolio-front.js/wp-content/plugins/dportfolio/assets/css/dportfolio-admin.css/wp-content/plugins/dportfolio/assets/js/settings-admin.js
Version Parameters
dportfolio/assets/css/dportfolio-front.css?ver=dportfolio/assets/js/dportfolio-front.js?ver=

HTML / DOM Fingerprints

CSS Classes
dportfolio-itemdportfolio-griddportfolio-contentdportfolio-detailsdportfolio-categoriesdportfolio-entry-meta
HTML Comments
<!-- DPortfolio item --><!-- DPortfolio item details -->
Data Attributes
data-dportfolio-id
JS Globals
dportfolio_settings
Shortcode Output
[dportfolio]
FAQ

Frequently Asked Questions about DPortfolio