Does mFolio Lite have any unpatched vulnerabilities?

Yes — mFolio Lite currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is mFolio Lite compatible with WordPress 6.9.4?

According to WordPress.org data, mFolio Lite 1.2.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is mFolio Lite compatible with PHP 8.1+?

mFolio Lite requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is mFolio Lite updated?

mFolio Lite was last updated on Jan 14, 2026. Frequent updates are generally a positive security signal.

What is mFolio Lite's security score?

mFolio Lite has a WP-Safety security score of 73/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

mFolio Lite Security & Risk Analysis

wordpress.org/plugins/mfolio-lite

Short Description: Create modern portfolios with an all-in-one Elementor portfolio plugin for WordPress.

0 active installs v1.2.3 PHP 8.1+ WP 6.5+ Updated Jan 14, 2026

elementorgallerygridmasonryportfolio-gallery

B · Generally Safe

CVEs total2

Unpatched1

Last CVEApr 1, 2025

Download

Safety Verdict

Is mFolio Lite Safe to Use in 2026?

Mostly Safe

Score 73/100

mFolio Lite is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Apr 1, 2025Updated 2mo ago

Risk Assessment

The mfolio-lite plugin exhibits a mixed security posture. On one hand, its static analysis shows no identified attack surface in terms of AJAX, REST API, shortcodes, or cron events, and SQL queries are secured with prepared statements. The presence of nonce and capability checks, along with proper output escaping in a significant percentage of cases, are positive indicators of secure coding practices. However, the plugin's vulnerability history is a significant concern.

The plugin has a history of two known CVEs, with one critical and one medium vulnerability, and crucially, one of these remains unpatched. The types of past vulnerabilities, including Cross-site Scripting and Unrestricted Upload of File with Dangerous Type, are serious and can lead to site compromise. While the current static analysis did not reveal active taint flows or critical code signals, the historical pattern of exploitable vulnerabilities, particularly the unpatched critical one, suggests that users of this plugin are at a substantial risk.

In conclusion, while the current code might appear clean in static analysis, the historical record of severe and unpatched vulnerabilities overshadows these positive aspects. The presence of an unpatched critical vulnerability implies a direct and immediate threat to WordPress sites using this plugin. Users should prioritize updating or replacing this plugin to mitigate the identified risks.

Key Concerns

Unpatched critical CVE
1 critical and 1 medium CVE in history
High percentage of output not properly escaped (18%)

Vulnerabilities

mFolio Lite Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

2 total CVEs

CVE-2025-31847medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

mFolio Lite <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched

CVE-2024-9307critical · 9.9Unrestricted Upload of File with Dangerous Type

mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files

Nov 5, 2024 Patched in 1.2.2 (20d)

Code Analysis

Analyzed Mar 17, 2026

mFolio Lite Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

158 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

82% escaped193 total outputs

Attack Surface

mFolio Lite Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 23

actionplugins_loadedaddons\addons.php:84

actionadmin_noticesaddons\addons.php:108

actionadmin_noticesaddons\addons.php:114

actionadmin_noticesaddons\addons.php:120

actionelementor/widgets/widgets_registeredaddons\addons.php:125

actionelementor/editor/before_enqueue_scriptsaddons\addons.php:127

actionelementor/frontend/after_enqueue_scriptsaddons\addons.php:130

actionelementor/frontend/after_register_scriptsaddons\addons.php:133

actionelementor/elements/categories_registeredaddons\addons.php:136

actionswitch_themeappsero\src\Insights.php:140

actionswitch_themeappsero\src\Insights.php:141

actionadmin_footerappsero\src\Insights.php:158

actionadmin_noticesappsero\src\Insights.php:175

actionadmin_initappsero\src\Insights.php:178

filtercron_schedulesappsero\src\Insights.php:184

actionadmin_menuappsero\src\License.php:219

actionafter_switch_themeappsero\src\License.php:781

actionswitch_themeappsero\src\License.php:782

actioninitinc\mfolio-functions.php:22

filtersingle_templateinc\mfolio-functions.php:131

filterarchive_templateinc\mfolio-functions.php:150

actionwp_enqueue_scriptsinc\mfolio-functions.php:198

actioninitmfolio.php:27

Maintenance & Trust

mFolio Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 14, 2026

PHP min version8.1

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

mFolio Lite Alternatives

Zozo Portfolio for Elementor

zozo-portfolio

100

A modern Elementor portfolio plugin for WordPress that lets you create filterable, responsive, and dynamic portfolio layouts.

0 No CVEs

Easy Photography Portfolio

photography-portfolio

Easy Photography Portfolio is an elegant portfolio gallery plugin designed for Photographers. Install the plugin, add portfolio entries and galleries …

3K No CVEs

Responsive Filterable Portfolio

responsive-filterable-portfolio

This is a beautiful responsive portfolio with responsive lightbox plugin for WordPress blogs and sites. Admin can manage any number of videos, images, …

1K 4 CVEs

Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

advance-portfolio-grid

Create responsive and customizable portfolio grids to showcase projects, case studies, and creative work on your WordPress site.

900 1 CVE

Elfi Masonry – Filterable Portfolio & Masonry Gallery Addon for Elementor

elfi-masonry-addon

100

"ELFI Masonry Addon" is a filterable and gallery showcase addon for Elementor page builder.

200 No CVEs

Developer Profile

mFolio Lite Developer Profile

themelooks

11 plugins · 3K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

20 days

View full developer profile

Detection Fingerprints

How We Detect mFolio Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mfolio-lite/assets/css/mfolio-portfolio.css/wp-content/plugins/mfolio-lite/assets/css/mfolio-frontend.css/wp-content/plugins/mfolio-lite/assets/js/mfolio-frontend.js/wp-content/plugins/mfolio-lite/assets/js/mfolio-elementor-widgets.js/wp-content/plugins/mfolio-lite/assets/js/isotope.pkgd.min.js/wp-content/plugins/mfolio-lite/assets/js/swiper.min.js/wp-content/plugins/mfolio-lite/assets/js/jquery.fancybox.min.js/wp-content/plugins/mfolio-lite/assets/js/elementor-frontend.js+1 more

Script Paths

/wp-content/plugins/mfolio-lite/assets/js/mfolio-frontend.js/wp-content/plugins/mfolio-lite/assets/js/mfolio-elementor-widgets.js/wp-content/plugins/mfolio-lite/assets/js/isotope.pkgd.min.js/wp-content/plugins/mfolio-lite/assets/js/swiper.min.js/wp-content/plugins/mfolio-lite/assets/js/jquery.fancybox.min.js/wp-content/plugins/mfolio-lite/assets/js/elementor-frontend.js

Version Parameters

/wp-content/plugins/mfolio-lite/assets/css/mfolio-portfolio.css?ver=/wp-content/plugins/mfolio-lite/assets/css/mfolio-frontend.css?ver=/wp-content/plugins/mfolio-lite/assets/js/mfolio-frontend.js?ver=/wp-content/plugins/mfolio-lite/assets/js/mfolio-elementor-widgets.js?ver=/wp-content/plugins/mfolio-lite/assets/js/isotope.pkgd.min.js?ver=/wp-content/plugins/mfolio-lite/assets/js/swiper.min.js?ver=/wp-content/plugins/mfolio-lite/assets/js/jquery.fancybox.min.js?ver=/wp-content/plugins/mfolio-lite/assets/js/elementor-frontend.js?ver=/wp-content/plugins/mfolio-lite/assets/css/fancybox.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

mfolio-elementor-widgets-wrappermfolio-portfolio-gridmf-portfolio-filter-navmfolio-portfolio-slider-wrappermfolio-portfolio-gallerymfolio-portfolio-details-bannermfolio-double-image-wrappermfolio-simple-slider-wrapper

HTML Comments

Data Attributes

data-filterdata-mf-filter-group

JS Globals

mfolio_frontend_params

FAQ