WP-Safety

ISTK Add-On Security & Risk Analysis

wordpress.org/plugins/istk-add-on

This plugin adds features for theme "ISTK Portfolio".

80 active installs v1.3 PHP 8.3+ WP 5.9+ Updated Apr 3, 2026
artistportfolio
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ISTK Add-On Safe to Use in 2026?

Generally Safe

Score 100/100

ISTK Add-On has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'istk-add-on' v1.2 plugin exhibits a generally strong security posture, primarily due to the absence of known vulnerabilities and critical findings in the static and taint analysis. The code effectively utilizes prepared statements for all SQL queries and includes nonce and capability checks, which are good practices for securing WordPress plugins. There are no indications of dangerous functions, file operations, or external HTTP requests, further contributing to its secure design.

However, a significant concern lies in the output escaping, with only 17% of 36 outputs being properly escaped. This leaves a considerable portion of the plugin's output potentially vulnerable to Cross-Site Scripting (XSS) attacks, especially if the content being displayed originates from user input or untrusted sources. While the attack surface is relatively small and appears to be protected by authentication checks, the lack of comprehensive output escaping represents a tangible risk that should be addressed.

The plugin's clean vulnerability history is a positive indicator, suggesting a consistent effort towards security or a lack of discoverable vulnerabilities thus far. Combined with the strong use of prepared statements and access control checks, the plugin demonstrates a good foundation. The primary weakness is the insufficient output escaping, which, despite the absence of historical high-severity vulnerabilities, poses a realistic threat that could be exploited.

Key Concerns

  • Insufficient output escaping (17% of 36 outputs)
Vulnerabilities
None known

ISTK Add-On Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ISTK Add-On Release Timeline

v1.3Current
v1.2
v1.1.3
v1.1.2
v1.1.1
v1.1
v1.0
Code Analysis
Analyzed Mar 16, 2026

ISTK Add-On Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
30
6 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

17% escaped36 total outputs
Attack Surface

ISTK Add-On Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[istk_portfolio_category] includes\shortcodes.php:8
[istk_portfolio_tags] includes\shortcodes.php:15
[istk_cta_contact] includes\shortcodes.php:28
[istk_cta_download] includes\shortcodes.php:41
WordPress Hooks 16
actionadmin_initincludes\add-category-image.php:20
actionistk_portfolio_category_add_form_fieldsincludes\add-category-image.php:35
actionistk_portfolio_category_edit_form_fieldsincludes\add-category-image.php:61
actioncreate_termincludes\add-category-image.php:73
actionedit_termsincludes\add-category-image.php:74
actionadd_meta_boxesincludes\portfolio-metas.php:32
actionsave_postincludes\portfolio-metas.php:80
actioninitincludes\post-type.php:37
actioninitincludes\post-type.php:74
actioninitincludes\post-type.php:121
actionadmin_menuincludes\settings.php:15
actionadmin_initincludes\settings.php:154
filteristk_portfolio_ctaincludes\template-functions.php:211
filtertemplate_includeincludes\templates.php:21
actionwp_enqueue_scriptsistk-add-on.php:39
actionadmin_initistk-add-on.php:44
Maintenance & Trust

ISTK Add-On Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 3, 2026
PHP min version8.3
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs80
Alternatives

ISTK Add-On Alternatives

WP Show Posts

WP Show Posts

wp-show-posts

B
84

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs
Visual Portfolio, Photo Gallery & Post Grid

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

A
93

Powerful WordPress gallery plugin for stunning photo, video & album galleries with advanced layouts and flexible block editing.

60K 4 CVEs
Portfolio Post Type

Portfolio Post Type

portfolio-post-type

A
85

This plugin registers a custom post type for portfolio items. It also registers separate portfolio taxonomies for tags and categories.

50K No CVEs
Premium Portfolio Features for Phlox theme

Premium Portfolio Features for Phlox theme

auxin-portfolio

A
91

Showcase your projects beautifully in Phlox theme

40K 4 CVEs
Themify Portfolio Post

Themify Portfolio Post

themify-portfolio-post

A
95

Add a simple Portfolio post type to your site.

30K 6 CVEs
Developer Profile

ISTK Add-On Developer Profile

niao70

2 plugins · 180 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ISTK Add-On

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/istk-add-on/assets/style.css/wp-content/plugins/istk-add-on/assets/admin.css/wp-content/plugins/istk-add-on/assets/upload_category_image.js
Script Paths
/wp-content/plugins/istk-add-on/assets/upload_category_image.js
Version Parameters
istk-add-on/style.css?ver=istk-add-on/admin.css?ver=upload_category_image.js?ver=

HTML / DOM Fingerprints

CSS Classes
istk_add_on_category_imagework-data-areawork-data-tablework_data_notice
Data Attributes
id="istk_add_on_category_image_thumb"id="istk_add_on_category_image_id"id="istk_add_on_category_image_upload"id="istk_add_on_category_image_delete"
JS Globals
istk_add_on_transrate
Shortcode Output
[istk_portfolio_category][istk_portfolio_tags][istk_cta_contact][istk_cta_download]
FAQ

Frequently Asked Questions about ISTK Add-On