WP-Safety

Gravitation Portfolios Security & Risk Analysis

wordpress.org/plugins/gravitation-portfolios

A Plugin to integrate portfolios

10 active installs v1.0.0 PHP + WP 4.3.1+ Updated May 16, 2016
portfoliosportfolios-on-widgetsportfolios-shortcodes
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gravitation Portfolios Safe to Use in 2026?

Generally Safe

Score 85/100

Gravitation Portfolios has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The 'gravitation-portfolios' v1.0.0 plugin presents a generally good security posture with some notable areas for improvement. Its limited attack surface, with only one shortcode and no unprotected entry points, is a significant strength. The complete absence of raw SQL queries and the consistent use of prepared statements for database interactions are excellent practices. Furthermore, the plugin incorporates nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities. The vulnerability history is clean, with no recorded CVEs, which is a positive indicator of past development quality.

However, a critical concern arises from the low percentage of properly escaped output. With 112 total outputs and only 16% properly escaped, there is a high likelihood of cross-site scripting (XSS) vulnerabilities. Any user-supplied data that is displayed without proper sanitization could be exploited by an attacker to inject malicious scripts. The inclusion of the Select2 library, while potentially useful, also introduces a risk if it's an outdated version, as bundled libraries can be vectors for vulnerabilities if not maintained.

In conclusion, while 'gravitation-portfolios' v1.0.0 demonstrates strengths in limiting its attack surface and securing database interactions, the significant lack of output escaping represents a substantial security risk that requires immediate attention. Addressing this output sanitization issue is paramount to improving the plugin's overall security.

Key Concerns

  • Insufficient output escaping
  • Bundled library (Select2) potentially outdated
Vulnerabilities
None known

Gravitation Portfolios Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Gravitation Portfolios Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
94
18 escaped
Nonce Checks
4
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

16% escaped112 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
gravitation_portfolios_help_page (gravitation-portfolios.php:502)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Gravitation Portfolios Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[gravitation_portfolios] gravitation-portfolios.php:494
WordPress Hooks 24
filterimage_size_names_choosegravitation-portfolios.php:64
actioninitgravitation-portfolios.php:72
actionplugins_loadedgravitation-portfolios.php:77
filterwidget_textgravitation-portfolios.php:86
filterexcerpt_lengthgravitation-portfolios.php:90
actionplugins_loadedgravitation-portfolios.php:93
filtersingle_templategravitation-portfolios.php:103
filterarchive_templategravitation-portfolios.php:112
actionwp_enqueue_scriptsgravitation-portfolios.php:135
actionwp_enqueue_scriptsgravitation-portfolios.php:162
filtermanage_gv_portfolios_posts_columnsgravitation-portfolios.php:175
actionmanage_gv_portfolios_posts_custom_columngravitation-portfolios.php:201
actionadmin_menugravitation-portfolios.php:496
actioninitgravitation-portfolios.php:680
actionsave_postgravitation-portfolios.php:793
filterinitmeta-box-class\my-meta-box-class.php:116
actionadd_meta_boxesmeta-box-class\my-meta-box-class.php:137
actionsave_postmeta-box-class\my-meta-box-class.php:139
actionadmin_print_stylesmeta-box-class\my-meta-box-class.php:142
filterwp_handle_upload_prefiltermeta-box-class\my-meta-box-class.php:144
actionpost_edit_form_tagmeta-box-class\my-meta-box-class.php:221
filterpage_attributes_dropdown_pages_argsPortfolios.php:42
filterwp_insert_post_dataPortfolios.php:49
filtertemplate_includePortfolios.php:57
Maintenance & Trust

Gravitation Portfolios Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedMay 16, 2016
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Gravitation Portfolios Alternatives

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

cozy-essential-addons

A
100

Cozy Essential Addons is the free WordPress plugin for Custom post type and provides basic skeletal for custom post type list.

7K No CVEs
Portfolios

Portfolios

portfolios

A
85

Adds a "Portfolio Item" custom post type with associated "Portfolio" and "Porfolio Tag" taxonomies.

700 No CVEs
CB Portfolio Work For Elementor

CB Portfolio Work For Elementor

cb-portfolio-work

A
85

Show your works history as a portfolio on your website by using elementor widget or shortcode [cb-pwork-our-works]

0 No CVEs
Developer Profile

Gravitation Portfolios Developer Profile

UlisesFreitas

5 plugins · 50 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Gravitation Portfolios

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gravitation-portfolios/css/portfolio-styles.css/wp-content/plugins/gravitation-portfolios/js/jquery.easing.1.3.js/wp-content/plugins/gravitation-portfolios/js/jquery.quicksand.js/wp-content/plugins/gravitation-portfolios/js/functions.js
Script Paths
/wp-content/plugins/gravitation-portfolios/js/jquery.easing.1.3.js/wp-content/plugins/gravitation-portfolios/js/jquery.quicksand.js/wp-content/plugins/gravitation-portfolios/js/functions.js
Version Parameters
gravitation_portfolios_style?ver=gravitation_portfolios_easing?ver=gravitation_portfolios_quicksand?ver=gravitation_portfolios_functions?ver=

HTML / DOM Fingerprints

CSS Classes
gravitation-portfolios-itemgravitation-portfolio-titlegravitation-portfolio-category
HTML Comments
<!-- Gravitation portfoliosCopyright (C) 2016 Gravitation portfoliosThis library is free software; you can redistribute it and/ormodify it under the terms of the GNU Lesser General Public+27 more
Data Attributes
data-filterdata-id
JS Globals
jQuery(document).readyjQuery().quicksand
Shortcode Output
[gravitation_portfolios ids="
FAQ

Frequently Asked Questions about Gravitation Portfolios