WP-Safety

GS Portfolio for Envato Security & Risk Analysis

wordpress.org/plugins/gs-envato-portfolio

Best Responsive Envato Portfolio Plugin to display Themeforest & Codecanyon Items.

4K active installs v1.4.2 PHP 5.6+ WP 4.3+ Updated Dec 14, 2025
codecanyon-wordpressenvato-market-wordpress-pluginenvato-themeforestportfolio-items-wordpresspremium-wordpress-plugins
76
B · Generally Safe
CVEs total2
Unpatched1
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is GS Portfolio for Envato Safe to Use in 2026?

Mostly Safe

Score 76/100

GS Portfolio for Envato is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Dec 31, 2025Updated 3mo ago
Risk Assessment

The gs-envato-portfolio plugin exhibits a mixed security posture. While it demonstrates strengths in using prepared statements for SQL queries and includes a reasonable number of nonce and capability checks, there are significant areas of concern. The 65% proper output escaping rate is a notable weakness, suggesting a risk of Cross-Site Scripting (XSS) vulnerabilities, a pattern supported by the plugin's vulnerability history. The presence of unsanitized paths in taint analysis, even without critical or high severity, warrants attention as it can be an indicator of potential path traversal or file inclusion vulnerabilities.

The plugin's vulnerability history, with two known CVEs, one of which remains unpatched, is a critical red flag. The common vulnerability types of Missing Authorization and XSS further reinforce the output escaping concern and highlight potential privilege escalation or unauthorized access risks. The unpatched vulnerability is a direct and immediate threat. While the attack surface is currently small and appears to be protected, the historical trend and the taint analysis findings suggest that past vulnerabilities may not have been fully addressed or that new ones could emerge.

In conclusion, while the plugin has implemented some good security practices like prepared SQL statements, the high percentage of unescaped output, identified unsanitized paths, and the presence of unpatched historical vulnerabilities significantly elevate the risk. The historical pattern of XSS and Missing Authorization vulnerabilities, coupled with the current static analysis findings, suggests that a thorough security audit and prompt patching of the known vulnerability are highly recommended.

Key Concerns

  • Unpatched CVE present
  • Output escaping below recommended threshold
  • Unsanitized paths identified in taint analysis
  • Historical vulnerability pattern (XSS & Missing Auth)
Vulnerabilities
2

GS Portfolio for Envato Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-62755medium · 5.3Missing Authorization

GS Portfolio for Envato <= 1.4.2 - Missing Authorization

Dec 31, 2025Unpatched
CVE-2023-0559medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GS Portfolio for Envato <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 30, 2023 Patched in 1.4.0 (358d)
Code Analysis
Analyzed Mar 16, 2026

GS Portfolio for Envato Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
48
91 escaped
Nonce Checks
5
Capability Checks
8
File Operations
0
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

65% escaped139 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
gsenvato_review_notice_message (gs-envato-assets\includes\gs-envato-root.php:70)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

GS Portfolio for Envato Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[gs_envato] gs-envato-assets\includes\gs-envato-item-shortcode.php:13
WordPress Hooks 22
actionadmin_enqueue_scriptsgs-envato-assets\admin\class.settings-api.php:30
actionadmin_initgs-envato-assets\admin\gs_envato_options_config.php:22
actionadmin_menugs-envato-assets\admin\gs_envato_options_config.php:23
actionswitch_themegs-envato-assets\appsero\Insights.php:132
actionswitch_themegs-envato-assets\appsero\Insights.php:133
actionadmin_footergs-envato-assets\appsero\Insights.php:145
actionadmin_noticesgs-envato-assets\appsero\Insights.php:162
actionadmin_initgs-envato-assets\appsero\Insights.php:165
filtercron_schedulesgs-envato-assets\appsero\Insights.php:171
actionadmin_menugs-envato-assets\gs-common-pages\gs-plugins-common-pages.php:16
actionadmin_enqueue_scriptsgs-envato-assets\gs-common-pages\gs-plugins-common-pages.php:17
actioninitgs-envato-assets\gs-envato-scripts.php:24
actionadmin_enqueue_scriptsgs-envato-assets\gs-envato-scripts.php:46
actionadmin_noticesgs-envato-assets\includes\gs-envato-root.php:49
actionadmin_initgs-envato-assets\includes\gs-envato-root.php:52
actionin_admin_headergs-envato-assets\includes\gs-envato-root.php:65
actionadmin_initgs-envato-assets\includes\gs-envato-root.php:195
actionadmin_initgs-envato-assets\includes\gs-envato-root.php:228
filterplugin_row_metags-envato-assets\includes\gs-envato-root.php:257
actionadmin_noticesgs-envato-assets\includes\gs-envato-root.php:274
actionadmin_noticesgs-envato-assets\includes\gs-envato-root.php:277
actionplugins_loadedgs_envato_market.php:66
Maintenance & Trust

GS Portfolio for Envato Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 14, 2025
PHP min version5.6
Downloads55K

Community Trust

Rating100/100
Number of ratings2
Active installs4K
Alternatives

GS Portfolio for Envato Alternatives

No alternatives data available yet.

Developer Profile

GS Portfolio for Envato Developer Profile

GS Plugins

19 plugins · 41K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
173 days
View full developer profile
Detection Fingerprints

How We Detect GS Portfolio for Envato

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gs-envato-portfolio/gs-envato-assets/css/frontend.css/wp-content/plugins/gs-envato-portfolio/gs-envato-assets/css/owl.carousel.min.css/wp-content/plugins/gs-envato-portfolio/gs-envato-assets/js/frontend.js/wp-content/plugins/gs-envato-portfolio/gs-envato-assets/js/owl.carousel.min.js/wp-content/plugins/gs-envato-portfolio/gs-envato-assets/js/gs-envato-frontend.js
Script Paths
/wp-content/plugins/gs-envato-portfolio/gs-envato-assets/js/frontend.js/wp-content/plugins/gs-envato-portfolio/gs-envato-assets/js/owl.carousel.min.js/wp-content/plugins/gs-envato-portfolio/gs-envato-assets/js/gs-envato-frontend.js
Version Parameters
gs-envato-portfolio/gs-envato-assets/css/frontend.css?ver=gs-envato-portfolio/gs-envato-assets/css/owl.carousel.min.css?ver=gs-envato-portfolio/gs-envato-assets/js/frontend.js?ver=gs-envato-portfolio/gs-envato-assets/js/owl.carousel.min.js?ver=gs-envato-portfolio/gs-envato-assets/js/gs-envato-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
gs-envato-portfoliogs-envato-itemsgs-envato-itemgs-envato-item-wrapgs-envato-item-img-wrapgs-envato-item-contentgs-envato-item-titlegs-envato-item-price+1 more
HTML Comments
Copyright GS PluginsProtect direct access
Data Attributes
data-gs-envato-theme
JS Globals
GS_envato_WeDevs_Settings_API
Shortcode Output
[gs_envato
FAQ

Frequently Asked Questions about GS Portfolio for Envato