WP-Safety

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more Security & Risk Analysis

wordpress.org/plugins/gs-portfolio

Showcase your work with GS Portfolio – create filterable grids, sliders & stylish layouts anywhere on your site using simple shortcodes.

300 active installs v3.0.3 PHP 5.6+ WP 4.3+ Updated Mar 10, 2026
best-portfolio-plugin-wordpressfilterable-portfolioportfolio-gridportfolio-sliderwordpress-portfolio-plugin
99
A · Safe
CVEs total2
Unpatched0
Last CVEDec 11, 2024
Plugin page Download
Safety Verdict

Is GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more Safe to Use in 2026?

Generally Safe

Score 99/100

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 11, 2024Updated 24d ago
Risk Assessment

The "gs-portfolio" plugin v3.0.3 exhibits a mixed security posture. While it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output, there are significant concerns. The plugin exposes 5 AJAX handlers without authentication checks, creating a substantial attack surface for unauthorized actions. Taint analysis reveals 4 flows with unsanitized paths, including 3 of high severity, indicating potential vulnerabilities where user-supplied data could be improperly processed, leading to security risks like cross-site scripting or unintended code execution. The plugin's history of 2 medium-severity CVEs, both related to Cross-site Scripting, coupled with the taint analysis findings, suggests a recurring pattern of input sanitization weaknesses. Although there are no currently unpatched CVEs, the presence of high-severity taint flows and unprotected AJAX handlers necessitates careful attention.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Medium severity CVE history
Vulnerabilities
2

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-11765medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 11, 2024 Patched in 1.6.4 (1d)
CVE-2023-0540medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GS Filterable Portfolio <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 30, 2023 Patched in 1.6.1 (358d)
Code Analysis
Analyzed Mar 16, 2026

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
28 prepared
Unescaped Output
61
303 escaped
Nonce Checks
20
Capability Checks
27
File Operations
9
External Requests
5
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

90% prepared31 total queries

Output Escaping

83% escaped364 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
delete_shortcodes (includes\shortcode-builder\builder.php:624)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more Attack Surface

Entry Points21
Unprotected5

AJAX Handlers 20

authwp_ajax_gsportfolio_import_portfolio_dataincludes\demo-data\dummy-data.php:33
authwp_ajax_gsportfolio_remove_portfolio_dataincludes\demo-data\dummy-data.php:35
authwp_ajax_gsportfolio_import_shortcode_dataincludes\demo-data\dummy-data.php:37
authwp_ajax_gsportfolio_remove_shortcode_dataincludes\demo-data\dummy-data.php:39
authwp_ajax_gsportfolio_import_all_dataincludes\demo-data\dummy-data.php:41
authwp_ajax_gsportfolio_remove_all_dataincludes\demo-data\dummy-data.php:43
authwp_ajax_gsportfolio_export_dataincludes\import-export.php:17
authwp_ajax_gsportfolio_import_dataincludes\import-export.php:18
authwp_ajax_dhf_sortincludes\metabox.php:13
authwp_ajax_gsportfolio_create_shortcodeincludes\shortcode-builder\builder.php:25
authwp_ajax_gsportfolio_clone_shortcodeincludes\shortcode-builder\builder.php:26
authwp_ajax_gsportfolio_get_shortcodeincludes\shortcode-builder\builder.php:27
authwp_ajax_gsportfolio_update_shortcodeincludes\shortcode-builder\builder.php:28
authwp_ajax_gsportfolio_delete_shortcodesincludes\shortcode-builder\builder.php:29
authwp_ajax_gsportfolio_temp_save_shortcode_settingsincludes\shortcode-builder\builder.php:30
authwp_ajax_gsportfolio_get_shortcodesincludes\shortcode-builder\builder.php:31
authwp_ajax_gsportfolio_get_shortcode_prefincludes\shortcode-builder\builder.php:33
authwp_ajax_gsportfolio_save_shortcode_prefincludes\shortcode-builder\builder.php:34
authwp_ajax_update_gsportfolio_orderincludes\sortable.php:28
authwp_ajax_update_gsportfolio_taxonomy_orderincludes\sortable.php:31

Shortcodes 1

[gsportfolio] includes\shortcode.php:12
WordPress Hooks 93
actionswitch_themeincludes\appsero\Insights.php:132
actionswitch_themeincludes\appsero\Insights.php:133
actionadmin_footerincludes\appsero\Insights.php:145
actionadmin_noticesincludes\appsero\Insights.php:162
actionadmin_initincludes\appsero\Insights.php:165
filtercron_schedulesincludes\appsero\Insights.php:171
actionwp_footerincludes\asset-generator\gs-asset-generator-base.php:27
actionpost_updatedincludes\asset-generator\gs-asset-generator-base.php:28
actionsave_postincludes\asset-generator\gs-asset-generator-base.php:29
filterwidget_update_callbackincludes\asset-generator\gs-asset-generator-base.php:30
actionupdate_option_sidebars_widgetsincludes\asset-generator\gs-asset-generator-base.php:31
actiongsp_shortcode_createdincludes\asset-generator\gs-asset-generator-base.php:32
actiongsp_shortcode_updatedincludes\asset-generator\gs-asset-generator-base.php:33
actiongsp_shortcode_deletedincludes\asset-generator\gs-asset-generator-base.php:34
actiongsp_preference_updateincludes\asset-generator\gs-asset-generator-base.php:35
filtermanage_edit-gs-portfolio_columnsincludes\column.php:12
actionmanage_posts_custom_columnincludes\column.php:13
filtermanage_edit-gs-portfolio_sortable_columnsincludes\column.php:14
actioninitincludes\cpt.php:11
actioninitincludes\cpt.php:12
actionafter_setup_themeincludes\cpt.php:13
filterwidget_textincludes\cpt.php:136
actionadmin_initincludes\demo-data\dummy-data.php:29
actiongsportfolio_shortcode_submenuincludes\demo-data\dummy-data.php:31
actionedit_post_gs_portfolio_sliderincludes\demo-data\dummy-data.php:46
actiongsportfolio_dummy_attachments_process_startincludes\demo-data\dummy-data.php:49
actiongsportfolio_dummy_attachments_process_finishedincludes\demo-data\dummy-data.php:59
actiongsportfolio_dummy_terms_process_finishedincludes\demo-data\dummy-data.php:65
actiongsportfolio_dummy_portfolios_process_finishedincludes\demo-data\dummy-data.php:71
actiongsportfolio_dummy_shortcodes_process_startincludes\demo-data\dummy-data.php:82
actiongsportfolio_dummy_shortcodes_process_finishedincludes\demo-data\dummy-data.php:92
filterhttp_request_argsincludes\demo-data\dummy-data.php:768
actionadmin_noticesincludes\functions.php:296
actionadmin_menuincludes\gs-common-pages\gs-plugins-common-pages.php:16
actionadmin_enqueue_scriptsincludes\gs-common-pages\gs-plugins-common-pages.php:17
actioninitincludes\hooks.php:12
actioninitincludes\hooks.php:13
actionadmin_initincludes\hooks.php:14
actionplugins_loadedincludes\hooks.php:15
filterarchive_templateincludes\hooks.php:16
actionin_admin_headerincludes\hooks.php:17
filtersingle_templateincludes\hooks.php:18
filterwp_kses_allowed_htmlincludes\hooks.php:19
actionwp_handle_upload_prefilterincludes\hooks.php:20
filterget_user_option_meta-box-order_gs-portfolioincludes\hooks.php:21
filterupload_dirincludes\hooks.php:30
actiongsportfolio_shortcode_submenuincludes\import-export.php:19
actionplugins_loadedincludes\init.php:9
actioninitincludes\init.php:45
actioninitincludes\integrations\integration-beaver.php:24
actiondivi_extensions_initincludes\integrations\integration-divi.php:28
actionet_builder_modules_loadedincludes\integrations\integration-divi.php:36
actionwp_enqueue_scriptsincludes\integrations\integration-divi.php:37
actionwp_headincludes\integrations\integration-divi.php:38
actionelementor/widgets/registerincludes\integrations\integration-elementor.php:27
actionelementor/elements/categories_registeredincludes\integrations\integration-elementor.php:28
actionelementor/editor/after_enqueue_scriptsincludes\integrations\integration-elementor.php:30
actionelementor/editor/after_enqueue_stylesincludes\integrations\integration-elementor.php:31
actionelementor/preview/enqueue_stylesincludes\integrations\integration-elementor.php:33
actionelementor/preview/enqueue_scriptsincludes\integrations\integration-elementor.php:34
actioninitincludes\integrations\integration-gutenberg.php:24
actionenqueue_block_editor_assetsincludes\integrations\integration-gutenberg.php:25
actionplugins_loadedincludes\integrations\integration-oxygen.php:25
actioninitincludes\integrations\integration-oxygen.php:26
actionct_builder_startincludes\integrations\integration-oxygen.php:33
actionct_builder_endincludes\integrations\integration-oxygen.php:41
actionwp_enqueue_scriptsincludes\integrations\integration-oxygen.php:65
actiontd_global_afterincludes\integrations\integration-tagdiv.php:24
actionwp_enqueue_scriptsincludes\integrations\integration-tagdiv.php:25
actionadmin_enqueue_scriptsincludes\integrations\integration-tagdiv.php:26
actionvc_before_initincludes\integrations\integration-wpb-vc.php:23
actionadmin_footerincludes\integrations\integration-wpb-vc.php:24
actionadd_meta_boxesincludes\metabox.php:11
actionsave_postincludes\metabox.php:12
actionplugins_loadedincludes\plugin.php:58
actionplugins_loadedincludes\scripts.php:39
actionwp_enqueue_scriptsincludes\scripts.php:40
actionadmin_enqueue_scriptsincludes\scripts.php:41
actionadmin_headincludes\scripts.php:42
actionwp_footerincludes\scripts.php:400
actionadmin_menuincludes\shortcode-builder\builder.php:21
actionadmin_enqueue_scriptsincludes\shortcode-builder\builder.php:22
actionwp_enqueue_scriptsincludes\shortcode-builder\builder.php:23
actiontemplate_includeincludes\shortcode-builder\builder.php:36
actionshow_admin_barincludes\shortcode-builder\builder.php:37
actionadmin_menuincludes\sortable.php:15
actionadmin_initincludes\sortable.php:18
filterplugins_loadedincludes\sortable.php:21
filterget_terms_orderbyincludes\sortable.php:24
filterterms_clausesincludes\sortable.php:25
actionadmin_enqueue_scriptsincludes\sortable.php:34
filterposts_orderbyincludes\sortable.php:37
actioninitincludes\template-loader.php:26
Maintenance & Trust

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version5.6
Downloads34K

Community Trust

Rating86/100
Number of ratings36
Active installs300
Alternatives

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more Alternatives

Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

advance-portfolio-grid

A
99

Create responsive and customizable portfolio grids to showcase projects, case studies, and creative work on your WordPress site.

900 1 CVE
Radius Portfolio – Filterable Grid, Gallery & Slider Portfolio

Radius Portfolio – Filterable Grid, Gallery & Slider Portfolio

tlp-portfolio

A
99

A simple and powerful WordPress portfolio plugin to showcase your creative work beautifully with different ways.

8K 2 CVEs
Codeincept Portfolio

Codeincept Portfolio

codeincept-portfolio

A
85

Codeincept portfolio plugin helps you design awesome portfolio showcase

10 No CVEs
GBS Portfolio

GBS Portfolio

gbs-portfolio

A
100

GBS Portfolio plugin allows you to display portfolio in filterable format.

10 No CVEs
Zozo Portfolio for Elementor

Zozo Portfolio for Elementor

zozo-portfolio

A
100

A modern Elementor portfolio plugin for WordPress that lets you create filterable, responsive, and dynamic portfolio layouts.

0 No CVEs
Developer Profile

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more Developer Profile

GS Plugins

19 plugins · 41K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
173 days
View full developer profile
Detection Fingerprints

How We Detect GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gs-portfolio/assets/css/frontend.css/wp-content/plugins/gs-portfolio/assets/js/frontend.js
Script Paths
/wp-content/plugins/gs-portfolio/assets/js/frontend.js
Version Parameters
gs-portfolio/assets/css/frontend.css?ver=gs-portfolio/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
gs_portfolio_areags-portfolio-single
Data Attributes
data-gs-portfolio-id
JS Globals
gs_portfolio_options
REST Endpoints
/wp-json/gs-portfolio/v1
Shortcode Output
[gsportfolio
FAQ

Frequently Asked Questions about GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more