WP-Safety

Project Showcase – A WordPress Plugin to Display Projects in Various Layouts Security & Risk Analysis

wordpress.org/plugins/gs-projects

Introducing a WordPress plugin that enables users to display their projects in a variety of layouts through a project showcase.

200 active installs v3.0.0 PHP 5.6+ WP 4.3+ Updated Mar 5, 2026
project-pluginproject-showcaseproject-wordpressprojects-plugin
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 30, 2024
Plugin page Download
Safety Verdict

Is Project Showcase – A WordPress Plugin to Display Projects in Various Layouts Safe to Use in 2026?

Generally Safe

Score 99/100

Project Showcase – A WordPress Plugin to Display Projects in Various Layouts has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 30, 2024Updated 29d ago
Risk Assessment

The "gs-projects" plugin v3.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices in SQL query preparation (96% prepared statements), output escaping (85% properly escaped), and the use of nonces and capability checks. The absence of dangerous functions and critical taint flows is also encouraging.

However, several areas raise concern. The plugin has 20 AJAX handlers, with 6 of them lacking authentication checks, presenting a significant attack surface. The taint analysis, while not critical, identified 3 high-severity flows with unsanitized paths, indicating potential vulnerabilities. Furthermore, the plugin has a history of a medium severity Cross-site Scripting (XSS) vulnerability, with the last recorded instance being very recent. This suggests that while the developers are addressing issues, there's a recurring pattern that warrants careful monitoring.

In conclusion, while "gs-projects" v3.0.0 has made strides in secure coding practices, the unprotected AJAX endpoints and the history of XSS vulnerabilities remain notable weaknesses. The high-severity taint flows also represent a latent risk that needs attention. Further scrutiny and proactive security measures are recommended.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • History of medium XSS vulnerability
  • File operations present
  • External HTTP requests present
Vulnerabilities
1

Project Showcase – A WordPress Plugin to Display Projects in Various Layouts Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-56261medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Project Showcase <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2024 Patched in 1.1.2 (10d)
Code Analysis
Analyzed Mar 16, 2026

Project Showcase – A WordPress Plugin to Display Projects in Various Layouts Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
24 prepared
Unescaped Output
64
358 escaped
Nonce Checks
19
Capability Checks
26
File Operations
1
External Requests
5
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

96% prepared25 total queries

Output Escaping

85% escaped422 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths
gs_project_sortable_callback (includes\sortable.php:248)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Project Showcase – A WordPress Plugin to Display Projects in Various Layouts Attack Surface

Entry Points21
Unprotected6

AJAX Handlers 20

authwp_ajax_gsproject_import_project_dataincludes\demo-data\dummy-data.php:32
authwp_ajax_gsproject_remove_project_dataincludes\demo-data\dummy-data.php:34
authwp_ajax_gsproject_import_shortcode_dataincludes\demo-data\dummy-data.php:36
authwp_ajax_gsproject_remove_shortcode_dataincludes\demo-data\dummy-data.php:38
authwp_ajax_gsproject_import_all_dataincludes\demo-data\dummy-data.php:40
authwp_ajax_gsproject_remove_all_dataincludes\demo-data\dummy-data.php:42
authwp_ajax_dhf_sortincludes\metabox.php:13
authwp_ajax_gsproject_create_shortcodeincludes\shortcode-builder\builder.php:22
authwp_ajax_gsproject_clone_shortcodeincludes\shortcode-builder\builder.php:23
authwp_ajax_gsproject_get_shortcodeincludes\shortcode-builder\builder.php:24
authwp_ajax_gsproject_update_shortcodeincludes\shortcode-builder\builder.php:25
authwp_ajax_gsproject_delete_shortcodesincludes\shortcode-builder\builder.php:26
authwp_ajax_gsproject_temp_save_shortcode_settingsincludes\shortcode-builder\builder.php:27
authwp_ajax_gsproject_get_shortcodesincludes\shortcode-builder\builder.php:28
authwp_ajax_gsproject_get_shortcode_prefincludes\shortcode-builder\builder.php:30
authwp_ajax_gsproject_save_shortcode_prefincludes\shortcode-builder\builder.php:31
authwp_ajax_gsproject_get_taxonomy_bootincludes\shortcode-builder\builder.php:33
authwp_ajax_gsproject_save_taxonomy_settingsincludes\shortcode-builder\builder.php:34
authwp_ajax_update_gsproject_orderincludes\sortable.php:28
authwp_ajax_update_gsproject_taxonomy_orderincludes\sortable.php:31

Shortcodes 1

[gsprojects] includes\shortcode.php:12
WordPress Hooks 91
actionswitch_themeincludes\appsero\Insights.php:132
actionswitch_themeincludes\appsero\Insights.php:133
actionadmin_footerincludes\appsero\Insights.php:145
actionadmin_noticesincludes\appsero\Insights.php:162
actionadmin_initincludes\appsero\Insights.php:165
filtercron_schedulesincludes\appsero\Insights.php:171
actionwp_footerincludes\asset-generator\gs-asset-generator-base.php:27
actionpost_updatedincludes\asset-generator\gs-asset-generator-base.php:28
actionsave_postincludes\asset-generator\gs-asset-generator-base.php:29
filterwidget_update_callbackincludes\asset-generator\gs-asset-generator-base.php:30
actionupdate_option_sidebars_widgetsincludes\asset-generator\gs-asset-generator-base.php:31
actiongsp_shortcode_createdincludes\asset-generator\gs-asset-generator-base.php:32
actiongsp_shortcode_updatedincludes\asset-generator\gs-asset-generator-base.php:33
actiongsp_shortcode_deletedincludes\asset-generator\gs-asset-generator-base.php:34
actiongsp_preference_updateincludes\asset-generator\gs-asset-generator-base.php:35
filtermanage_edit-gs-project_columnsincludes\column.php:12
actionmanage_posts_custom_columnincludes\column.php:13
actioninitincludes\cpt.php:11
actioninitincludes\cpt.php:12
actionafter_setup_themeincludes\cpt.php:13
filterwidget_textincludes\cpt.php:156
actionadmin_initincludes\demo-data\dummy-data.php:29
actiongsproject_shortcode_submenuincludes\demo-data\dummy-data.php:30
actionedit_post_gs_projectincludes\demo-data\dummy-data.php:45
actiongsproject_dummy_attachments_process_startincludes\demo-data\dummy-data.php:48
actiongsproject_dummy_attachments_process_finishedincludes\demo-data\dummy-data.php:58
actiongsproject_dummy_terms_process_finishedincludes\demo-data\dummy-data.php:64
actiongsproject_dummy_projects_process_finishedincludes\demo-data\dummy-data.php:70
actiongsproject_dummy_shortcodes_process_startincludes\demo-data\dummy-data.php:81
actiongsproject_dummy_shortcodes_process_finishedincludes\demo-data\dummy-data.php:91
filterhttp_request_argsincludes\demo-data\dummy-data.php:709
actionadmin_noticesincludes\functions.php:287
actionadmin_menuincludes\gs-common-pages\gs-plugins-common-pages.php:16
actionadmin_enqueue_scriptsincludes\gs-common-pages\gs-plugins-common-pages.php:17
actioninitincludes\hooks.php:12
actioninitincludes\hooks.php:13
actionadmin_initincludes\hooks.php:14
actionplugins_loadedincludes\hooks.php:15
filterarchive_templateincludes\hooks.php:16
actionin_admin_headerincludes\hooks.php:17
filtersingle_templateincludes\hooks.php:18
filterwp_kses_allowed_htmlincludes\hooks.php:19
actionwp_handle_upload_prefilterincludes\hooks.php:20
filterget_user_option_meta-box-order_gs-projectincludes\hooks.php:21
filterupload_dirincludes\hooks.php:30
actionplugins_loadedincludes\init.php:9
actioninitincludes\init.php:45
actioninitincludes\integrations\integration-beaver.php:24
actiondivi_extensions_initincludes\integrations\integration-divi.php:28
actionet_builder_modules_loadedincludes\integrations\integration-divi.php:36
actionwp_enqueue_scriptsincludes\integrations\integration-divi.php:37
actionwp_headincludes\integrations\integration-divi.php:38
actionelementor/widgets/registerincludes\integrations\integration-elementor.php:27
actionelementor/elements/categories_registeredincludes\integrations\integration-elementor.php:28
actionelementor/editor/after_enqueue_scriptsincludes\integrations\integration-elementor.php:30
actionelementor/editor/after_enqueue_stylesincludes\integrations\integration-elementor.php:31
actionelementor/preview/enqueue_stylesincludes\integrations\integration-elementor.php:33
actionelementor/preview/enqueue_scriptsincludes\integrations\integration-elementor.php:34
actioninitincludes\integrations\integration-gutenberg.php:24
actionenqueue_block_editor_assetsincludes\integrations\integration-gutenberg.php:25
actionplugins_loadedincludes\integrations\integration-oxygen.php:25
actioninitincludes\integrations\integration-oxygen.php:26
actionct_builder_startincludes\integrations\integration-oxygen.php:33
actionct_builder_endincludes\integrations\integration-oxygen.php:41
actionwp_enqueue_scriptsincludes\integrations\integration-oxygen.php:65
actiontd_global_afterincludes\integrations\integration-tagdiv.php:24
actionwp_enqueue_scriptsincludes\integrations\integration-tagdiv.php:25
actionadmin_enqueue_scriptsincludes\integrations\integration-tagdiv.php:26
actionvc_before_initincludes\integrations\integration-wpb-vc.php:23
actionadmin_footerincludes\integrations\integration-wpb-vc.php:24
actionadd_meta_boxesincludes\metabox.php:11
actionsave_postincludes\metabox.php:12
actionplugins_loadedincludes\plugin.php:56
actionplugins_loadedincludes\scripts.php:39
actionwp_enqueue_scriptsincludes\scripts.php:40
actionadmin_enqueue_scriptsincludes\scripts.php:41
actionadmin_headincludes\scripts.php:42
actionwp_footerincludes\scripts.php:431
actionadmin_menuincludes\shortcode-builder\builder.php:18
actionadmin_enqueue_scriptsincludes\shortcode-builder\builder.php:19
actionwp_enqueue_scriptsincludes\shortcode-builder\builder.php:20
actiontemplate_includeincludes\shortcode-builder\builder.php:36
actionshow_admin_barincludes\shortcode-builder\builder.php:37
actionadmin_menuincludes\sortable.php:15
actionadmin_initincludes\sortable.php:18
filterplugins_loadedincludes\sortable.php:21
filterget_terms_orderbyincludes\sortable.php:24
filterterms_clausesincludes\sortable.php:25
actionadmin_enqueue_scriptsincludes\sortable.php:34
filterposts_orderbyincludes\sortable.php:37
actioninitincludes\template-loader.php:26
Maintenance & Trust

Project Showcase – A WordPress Plugin to Display Projects in Various Layouts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 5, 2026
PHP min version5.6
Downloads11K

Community Trust

Rating100/100
Number of ratings5
Active installs200
Alternatives

Project Showcase – A WordPress Plugin to Display Projects in Various Layouts Alternatives

Filterable Portfolio

Filterable Portfolio

filterable-portfolio

A
100

A WordPress Portfolio plugin to display portfolio/project images to your site.

1K No CVEs
Ultimate Portfolio

Ultimate Portfolio

ultimate-portfolio

A
100

Build portfolio galleries with category filters, image sliders, and post grids using Gutenberg blocks.

100 No CVEs
Developer Profile

Project Showcase – A WordPress Plugin to Display Projects in Various Layouts Developer Profile

GS Plugins

19 plugins · 41K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
173 days
View full developer profile
Detection Fingerprints

How We Detect Project Showcase – A WordPress Plugin to Display Projects in Various Layouts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gs-projects/assets/css/gs-projects.css/wp-content/plugins/gs-projects/assets/js/gs-projects.js
Script Paths
/wp-content/plugins/gs-projects/assets/js/gs-projects.js
Version Parameters
gs-projects/assets/css/gs-projects.css?ver=gs-projects/assets/js/gs-projects.js?ver=

HTML / DOM Fingerprints

CSS Classes
gs-project-singlegsp-slider-03gs_project_area
Data Attributes
data-gsprojects-id
JS Globals
GSPROJECTS_VERSIONGSPROJECTS_MIN_PRO_VERSIONGSPROJECTS_MENU_POSITIONGSPROJECTS_PLUGIN_FILEGSPROJECTS_PLUGIN_DIRGSPROJECTS_PLUGIN_URI+1 more
Shortcode Output
[gsprojects id=
FAQ

Frequently Asked Questions about Project Showcase – A WordPress Plugin to Display Projects in Various Layouts