WP-Safety

GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets Security & Risk Analysis

wordpress.org/plugins/gs-pinterest-portfolio

Showcase Pinterest pins in Grid, Masonry, Popup & Gallery layouts with GS Pinterest Portfolio. Responsive, lightweight & easy to use.

2K active installs v1.9.1 PHP 5.6+ WP 4.3+ Updated Mar 3, 2026
pinterestpinterest-pluginpinterest-plugin-wordpresswordpress-pinterestwordpress-pinterest-plugin
97
A · Safe
CVEs total5
Unpatched0
Last CVEDec 2, 2024
Plugin page Download
Safety Verdict

Is GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets Safe to Use in 2026?

Generally Safe

Score 97/100

GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 2, 2024Updated 1mo ago
Risk Assessment

The "gs-pinterest-portfolio" plugin v1.9.1 exhibits a mixed security posture. On the positive side, it shows good practices with a high percentage of SQL queries using prepared statements and properly escaped outputs, as well as a reasonable number of nonce and capability checks. However, significant concerns arise from the static analysis, particularly the presence of 4 unprotected AJAX handlers, which represent a direct attack surface. The taint analysis is also troubling, with 5 high-severity flows and 6 flows with unsanitized paths, indicating potential risks of data manipulation or execution vulnerabilities.

The vulnerability history reveals a pattern of 5 known CVEs, all classified as medium severity, and interestingly, all are currently patched. The common vulnerability types (Missing Authorization, Cross-site Scripting) align with the findings from the static analysis, specifically the unprotected AJAX handlers and potentially the unsanitized paths identified in the taint analysis. While the absence of currently unpatched vulnerabilities is a positive sign, the recurring nature of these vulnerability types suggests underlying architectural weaknesses that need continuous attention.

In conclusion, while the plugin has implemented some good security measures and has a history of patching vulnerabilities, the identified unprotected entry points and high-severity taint flows present immediate risks that require remediation. The past vulnerability types also suggest a need for more robust input validation and authorization mechanisms across all entry points to prevent similar issues from re-emerging.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Flows with unsanitized paths
  • Multiple medium CVEs historically
Vulnerabilities
5

GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
2 CVEs in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2024-11453medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 2, 2024 Patched in 1.8.9 (1d)
CVE-2024-30192medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GS Pins for Pinterest <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorcode

Mar 25, 2024 Patched in 1.8.3 (17d)
WF-3f81003b-8214-4fa3-960f-81b166623de9-gs-pinterest-portfoliomedium · 4.3Missing Authorization

GS Pins for Pinterest Lite <= 1.8.0 - Missing Authorization via _update_shortcode

Nov 21, 2023 Patched in 1.8.1 (63d)
WF-20daf751-176d-48f2-ac68-480fda89cee1-gs-pinterest-portfoliomedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Pinterest Plugin <= 1.6.1 - Stored (Contributor+) Cross-Site Scripting via Shortcode

Mar 22, 2023 Patched in 1.6.2 (307d)
WF-84003388-c47c-41db-8d2d-4643aa375a89-gs-pinterest-portfoliomedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.6.3 (699d)
Code Analysis
Analyzed Mar 16, 2026

GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
16 prepared
Unescaped Output
58
263 escaped
Nonce Checks
12
Capability Checks
15
File Operations
1
External Requests
4
Bundled Libraries
0

SQL Query Safety

84% prepared19 total queries

Output Escaping

82% escaped321 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths
notice_message (includes\notices.php:68)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets Attack Surface

Entry Points13
Unprotected4

AJAX Handlers 10

authwp_ajax_gspin_update_shortcodeincludes\shortcode-builder\builder.php:19
authwp_ajax_gspin_create_shortcodeincludes\shortcode-builder\builder.php:20
authwp_ajax_gspin_clone_shortcodeincludes\shortcode-builder\builder.php:21
authwp_ajax_gspin_get_shortcodeincludes\shortcode-builder\builder.php:22
authwp_ajax_gspin_get_shortcodesincludes\shortcode-builder\builder.php:23
authwp_ajax_gspin_delete_shortcodesincludes\shortcode-builder\builder.php:24
authwp_ajax_gspin_temp_save_shortcode_settingsincludes\shortcode-builder\builder.php:25
authwp_ajax_gspin_get_shortcode_prefincludes\shortcode-builder\builder.php:27
authwp_ajax_gspin_save_shortcode_prefincludes\shortcode-builder\builder.php:28
authwp_ajax_gspin_sync_dataincludes\shortcode-builder\builder.php:29

Shortcodes 3

[gs_pinterest] includes\shortcode.php:21
[gs_pin_widget] includes\shortcode.php:22
[gs_follow_pin_widget] includes\shortcode.php:23
WordPress Hooks 67
actionswitch_themeappsero\Insights.php:132
actionswitch_themeappsero\Insights.php:133
actionadmin_footerappsero\Insights.php:145
actionadmin_noticesappsero\Insights.php:162
actionadmin_initappsero\Insights.php:165
filtercron_schedulesappsero\Insights.php:171
actionplugins_loadedgs_pinterest_portfolio.php:37
actionadmin_menuincludes\admin.php:18
actionwp_footerincludes\asset-generator\gs-asset-generator-base.php:27
actionpost_updatedincludes\asset-generator\gs-asset-generator-base.php:28
actionsave_postincludes\asset-generator\gs-asset-generator-base.php:29
filterwidget_update_callbackincludes\asset-generator\gs-asset-generator-base.php:30
actionupdate_option_sidebars_widgetsincludes\asset-generator\gs-asset-generator-base.php:31
actiongsp_shortcode_createdincludes\asset-generator\gs-asset-generator-base.php:32
actiongsp_shortcode_updatedincludes\asset-generator\gs-asset-generator-base.php:33
actiongsp_shortcode_deletedincludes\asset-generator\gs-asset-generator-base.php:34
actiongsp_preference_updateincludes\asset-generator\gs-asset-generator-base.php:35
actioninitincludes\functions.php:28
actionadmin_noticesincludes\functions.php:36
actioninitincludes\functions.php:87
actionadmin_menuincludes\gs-common-pages\gs-plugins-common-pages.php:16
actionadmin_enqueue_scriptsincludes\gs-common-pages\gs-plugins-common-pages.php:17
actionadmin_initincludes\hooks.php:13
actionin_admin_headerincludes\hooks.php:14
actioninitincludes\hooks.php:16
actioninitincludes\integrations\integration-beaver.php:27
actiondivi_extensions_initincludes\integrations\integration-divi.php:30
actionet_builder_modules_loadedincludes\integrations\integration-divi.php:39
actionwp_enqueue_scriptsincludes\integrations\integration-divi.php:40
actionwp_headincludes\integrations\integration-divi.php:41
actionelementor/widgets/registerincludes\integrations\integration-elementor.php:27
actionelementor/elements/categories_registeredincludes\integrations\integration-elementor.php:28
actionelementor/editor/after_enqueue_scriptsincludes\integrations\integration-elementor.php:30
actionelementor/editor/after_enqueue_stylesincludes\integrations\integration-elementor.php:31
actionelementor/preview/enqueue_stylesincludes\integrations\integration-elementor.php:33
actionelementor/preview/enqueue_scriptsincludes\integrations\integration-elementor.php:34
actioninitincludes\integrations\integration-gutenberg.php:24
actionenqueue_block_editor_assetsincludes\integrations\integration-gutenberg.php:25
actionplugins_loadedincludes\integrations\integration-oxygen.php:24
actioninitincludes\integrations\integration-oxygen.php:26
actionct_builder_startincludes\integrations\integration-oxygen.php:34
actionct_builder_endincludes\integrations\integration-oxygen.php:38
actionwp_enqueue_scriptsincludes\integrations\integration-oxygen.php:61
actionvc_before_initincludes\integrations\integration-wpb-vc.php:26
actionadmin_footerincludes\integrations\integration-wpb-vc.php:28
actioninitincludes\migration.php:21
actionadmin_initincludes\notices.php:20
actionadmin_noticesincludes\notices.php:22
actionadmin_initincludes\notices.php:24
filterplugin_row_metaincludes\notices.php:25
actionadmin_noticesincludes\notices.php:59
actionadmin_noticesincludes\notices.php:322
actionadmin_noticesincludes\notices.php:325
actiongs_pinterest_pin_sync_eventincludes\pinterest.php:12
filtercron_schedulesincludes\pinterest.php:13
actionplugins_loadedincludes\scripts.php:35
actionadmin_enqueue_scriptsincludes\scripts.php:36
actionwp_enqueue_scriptsincludes\scripts.php:37
actionadmin_headincludes\scripts.php:38
actionwp_footerincludes\scripts.php:370
actionwp_enqueue_scriptsincludes\shortcode-builder\builder.php:31
actiontemplate_includeincludes\shortcode-builder\builder.php:32
actionshow_admin_barincludes\shortcode-builder\builder.php:33
actionadmin_enqueue_scriptsincludes\shortcode-builder\builder.php:34
actionwp_footerincludes\shortcode.php:207
actioninitincludes\template-loader.php:26
actionwidgets_initincludes\widgets\widgets.php:19

Scheduled Events 1

gs_pinterest_pin_sync_event
Maintenance & Trust

GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version5.6
Downloads131K

Community Trust

Rating96/100
Number of ratings47
Active installs2K
Alternatives

GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets Alternatives

Simple Pin It Button

Simple Pin It Button

simple-pin-it-button

A
100

Adds a "Pin it" button over images on hover with customizable options.

100 No CVEs
Pinterest for WooCommerce

Pinterest for WooCommerce

pinterest-for-woocommerce

A
100

Get your products in front of Pinterest users searching for ideas and things to buy. Connect your WooCommerce store to make your catalog browsable.

300K No CVEs
Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic

Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic

shareaholic

A
91

Boost Audience Engagement with Award Winning Speed Optimized Social Tools: Share Buttons, Related Posts, Monetization & Google Analytics.

20K 4 CVEs
jQuery Pin It Button for Images

jQuery Pin It Button for Images

jquery-pin-it-button-for-images

A
85

Highlights images on hover and adds a Pinterest "Pin It" button over them for easy pinning.

10K No CVEs
Weblizar Pin It Button On Image Hover And Post

Weblizar Pin It Button On Image Hover And Post

pinterest-pin-it-button-on-image-hover-and-post

A
100

Pin Your Images With weblizar pin it button on image hover and post.

10K 1 CVE
Developer Profile

GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets Developer Profile

GS Plugins

19 plugins · 41K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
173 days
View full developer profile
Detection Fingerprints

How We Detect GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gs-pinterest-portfolio/assets/css/gs-pinterest-public.css/wp-content/plugins/gs-pinterest-portfolio/assets/css/gs-pinterest-public-divi.css/wp-content/plugins/gs-pinterest-portfolio/assets/js/gs-pinterest-public.js/wp-content/plugins/gs-pinterest-portfolio/assets/js/pinterest-pinit.js
Script Paths
/wp-content/plugins/gs-pinterest-portfolio/includes/asset-generator/gs-pinterest-asset-generator.php
Version Parameters
gs-pinterest-portfolio/assets/css/gs-pinterest-public.css?ver=gs-pinterest-portfolio/assets/css/gs-pinterest-public-divi.css?ver=gs-pinterest-portfolio/assets/js/gs-pinterest-public.js?ver=gs-pinterest-portfolio/assets/js/pinterest-pinit.js?ver=

HTML / DOM Fingerprints

CSS Classes
gs-pin-detailsgs-pin-popgs-single-pin
Data Attributes
data-gs-pin-id
JS Globals
gsPinterestGenerator
Shortcode Output
[gs_pinterestid=
FAQ

Frequently Asked Questions about GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets