WP-Safety

GS Shots for Dribbble Security & Risk Analysis

wordpress.org/plugins/gs-dribbble-portfolio

Best Responsive Dribbble plugin for WordPress to showcase Dribbble shots.

20 active installs v1.2.1 PHP 5.6+ WP 4.3+ Updated Apr 29, 2025
dribbbledribbble-portfolio-for-wordpressdribbble-portfolio-shotsdribbble-portfolio-wordpressdribbble-shortcode
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 30, 2024
Plugin page Download
Safety Verdict

Is GS Shots for Dribbble Safe to Use in 2026?

Generally Safe

Score 99/100

GS Shots for Dribbble has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 30, 2024Updated 11mo ago
Risk Assessment

The "gs-dribbble-portfolio" plugin v1.2.1 exhibits a generally good security posture with several strengths. The absence of unpatched CVEs, coupled with robust use of prepared statements for SQL queries and a decent number of capability checks, indicates a commitment to secure coding practices. The plugin also demonstrates proper nonce checks for its entry points.

However, there are areas for improvement. The static analysis revealed a taint flow with an unsanitized path, which is a potential security concern, although it was not classified as critical or high severity in the taint analysis. Furthermore, the output escaping is only at 66% proper, meaning a significant portion of its output could be vulnerable to Cross-Site Scripting (XSS) attacks. The plugin's history of a medium-severity XSS vulnerability reinforces the importance of addressing output escaping comprehensively.

In conclusion, while the plugin has strong foundations, the identified taint flow and the suboptimal output escaping present tangible risks. The past XSS vulnerability highlights a recurring pattern that needs attention. Addressing these specific issues, particularly the unsanitized path and improving output escaping, would significantly enhance the plugin's security.

Key Concerns

  • Taint flow with unsanitized path identified
  • Output escaping only 66% proper
Vulnerabilities
1

GS Shots for Dribbble Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-56263medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GS Shots for Dribbble <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2024 Patched in 1.2.1 (10d)
Code Analysis
Analyzed Mar 16, 2026

GS Shots for Dribbble Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
49
94 escaped
Nonce Checks
4
Capability Checks
6
File Operations
0
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

66% escaped143 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
gs_dribb_review_notice_message (gs-dribbble-assets\includes\gs-dribbble-root.php:90)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

GS Shots for Dribbble Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[gs_dribbble] gs-dribbble-assets\includes\gs-dribbble-shortcode.php:16
WordPress Hooks 20
actionadmin_enqueue_scriptsgs-dribbble-assets\admin\class.settings-api.php:30
actionadmin_initgs-dribbble-assets\admin\gs_dribbble_options_config.php:22
actionadmin_menugs-dribbble-assets\admin\gs_dribbble_options_config.php:23
actionswitch_themegs-dribbble-assets\appsero\Insights.php:132
actionswitch_themegs-dribbble-assets\appsero\Insights.php:133
actionadmin_footergs-dribbble-assets\appsero\Insights.php:145
actionadmin_noticesgs-dribbble-assets\appsero\Insights.php:162
actionadmin_initgs-dribbble-assets\appsero\Insights.php:165
filtercron_schedulesgs-dribbble-assets\appsero\Insights.php:171
actionadmin_menugs-dribbble-assets\gs-common-pages\gs-plugins-common-pages.php:16
actionadmin_enqueue_scriptsgs-dribbble-assets\gs-common-pages\gs-plugins-common-pages.php:17
actioninitgs-dribbble-assets\gs-dribbble-scripts.php:24
actiongs_dribbble_custom_cssgs-dribbble-assets\gs-dribbble-scripts.php:41
actionadmin_enqueue_scriptsgs-dribbble-assets\gs-dribbble-scripts.php:54
actionin_admin_headergs-dribbble-assets\includes\gs-dribbble-root.php:33
actionadmin_initgs-dribbble-assets\includes\gs-dribbble-root.php:49
actionadmin_noticesgs-dribbble-assets\includes\gs-dribbble-root.php:82
actionadmin_initgs-dribbble-assets\includes\gs-dribbble-root.php:85
filterplugin_row_metags-dribbble-assets\includes\gs-dribbble-root.php:217
actionplugins_loadedgs_dribbble_portfolio.php:68
Maintenance & Trust

GS Shots for Dribbble Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 29, 2025
PHP min version5.6
Downloads6K

Community Trust

Rating46/100
Number of ratings3
Active installs20
Alternatives

GS Shots for Dribbble Alternatives

Dribbble Portfolio

Dribbble Portfolio

dribbble-portfolio

A
85

Display dribbble.com shots to your website

10 No CVEs
AtticThemes: Social Feed

AtticThemes: Social Feed

atticthemes-social-feed

A
85

Display posts from your Instagram or Dribbble account in your blog posts, pages or any shortcode enabled area.

10 No CVEs
Olympus Widgets

Olympus Widgets

olympus-widgets

A
85

Adds eight new widgets you can use in your sidebar.

10 No CVEs
Recent Shots Widget

Recent Shots Widget

recent-shots-widget

A
85

A simple plugin that allows you to display your shots feed from Dribbble in a sidebar area of your website.

0 No CVEs
Developer Profile

GS Shots for Dribbble Developer Profile

GS Plugins

19 plugins · 41K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
173 days
View full developer profile
Detection Fingerprints

How We Detect GS Shots for Dribbble

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gs-dribbble-portfolio/gs-dribbble-assets/admin/css/style.css/wp-content/plugins/gs-dribbble-portfolio/gs-dribbble-assets/admin/js/script.js/wp-content/plugins/gs-dribbble-portfolio/gs-dribbble-assets/appsero/css/style.css/wp-content/plugins/gs-dribbble-portfolio/gs-dribbble-assets/appsero/js/scripts.js/wp-content/plugins/gs-dribbble-portfolio/gs-dribbble-assets/includes/gs-dribbble-root.php
Script Paths
/wp-content/plugins/gs-dribbble-portfolio/gs-dribbble-assets/admin/js/script.js/wp-content/plugins/gs-dribbble-portfolio/gs-dribbble-assets/appsero/js/scripts.js
Version Parameters
gs-dribbble-portfolio/gs-dribbble-assets/admin/css/style.css?ver=gs-dribbble-portfolio/gs-dribbble-assets/admin/js/script.js?ver=gs-dribbble-portfolio/gs-dribbble-assets/appsero/css/style.css?ver=gs-dribbble-portfolio/gs-dribbble-assets/appsero/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
gsdribbble-shortcode-wrap
HTML Comments
<!-- Protect direct access --><!-- Defining constants --><!-- weDevs Settings API wrapper class --><!-- Enqueue scripts and styles -->+6 more
Data Attributes
data-gsdribbble-tokendata-gsdribbble-usernamedata-gsdribbble-api-keydata-gsdribbble-limitdata-gsdribbble-columnsdata-gsdribbble-aspect-ratio+4 more
JS Globals
gsdribbble_scriptsgsdribbble_data
Shortcode Output
<div class="gsdribbble-shortcode-wrap" id="gsdribbble-shots-container-<div class="gsdribbble-shot" style="aspect-ratio:<a href="" target="
FAQ

Frequently Asked Questions about GS Shots for Dribbble