Does Perfect Portal Widgets have any unpatched vulnerabilities?

No. All known vulnerabilities in Perfect Portal Widgets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Perfect Portal Widgets compatible with WordPress 6.7.5?

According to WordPress.org data, Perfect Portal Widgets 3.0.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Perfect Portal Widgets compatible with PHP 7.0+?

Perfect Portal Widgets requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Perfect Portal Widgets updated?

Perfect Portal Widgets was last updated on Jan 14, 2025. Frequent updates are generally a positive security signal.

What is Perfect Portal Widgets's security score?

Perfect Portal Widgets has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Perfect Portal Widgets Security & Risk Analysis

wordpress.org/plugins/perfect-portal-widgets

A set of Gutenberg blocks and Shortcodes to display Perfect Portal website widgets

100 active installs v3.0.4 PHP 7.0+ WP 6.1+ Updated Jan 14, 2025

blockintake-formreviews

A · Safe

CVEs total1

Unpatched0

Last CVEJan 10, 2025

Download

Safety Verdict

Is Perfect Portal Widgets Safe to Use in 2026?

Generally Safe

Score 91/100

Perfect Portal Widgets has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 10, 2025Updated 1yr ago

Risk Assessment

The perfect-portal-widgets plugin v3.0.4 exhibits a generally strong security posture based on the static analysis. The absence of dangerous functions, SQL queries that are all prepared, and 100% properly escaped output are significant positive indicators. Furthermore, the lack of file operations and external HTTP requests reduces the potential attack surface. The presence of nonce checks is also a good security practice.

However, the vulnerability history of this plugin raises a concern. It has one known CVE, which was for Cross-site Scripting (XSS), and although currently unpatched, it was recorded for the future date of 2025-01-10, which is unusual and might indicate a reporting anomaly or a vulnerability that was mitigated before release. The presence of any past vulnerability, even if marked as patched or for a future date, suggests a potential for future issues if development practices are not consistently robust.

In conclusion, while the code itself appears to follow many security best practices, the past vulnerability history warrants a degree of caution. The plugin has a limited attack surface with no apparent critical or high severity issues in the static analysis, but vigilance is advised due to its vulnerability track record.

Key Concerns

Past vulnerability history (XSS)

Vulnerabilities

Perfect Portal Widgets Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12527medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 10, 2025 Patched in 3.0.4 (6d)

Code Analysis

Analyzed Mar 16, 2026

Perfect Portal Widgets Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped14 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

perfect_portal_submit_settings (perfect-portal-widgets.php:89)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Perfect Portal Widgets Attack Surface

Entry Points4

Unprotected0

Shortcodes 4

[perfect_portal_intake_form] perfect-portal-widgets.php:56

[perfect_portal_quote_calculator] perfect-portal-widgets.php:57

[perfect_portal_website_calculator] perfect-portal-widgets.php:58

[perfect_portal_review_widget] perfect-portal-widgets.php:68

WordPress Hooks 8

actioninitperfect-portal-widgets.php:33

filterplugin_auto_update_setting_htmlperfect-portal-widgets.php:43

actioninitperfect-portal-widgets.php:51

actionadmin_headperfect-portal-widgets.php:81

actionadmin_menuperfect-portal-widgets.php:87

actionadmin_post_perfect_portal_settingsperfect-portal-widgets.php:120

actionwp_enqueue_scriptsperfect-portal-widgets.php:502

actioninitperfect-portal-widgets.php:503

Maintenance & Trust

Perfect Portal Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 14, 2025

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Perfect Portal Widgets Alternatives

Business Reviews – Display Customer Reviews from Popular Sites

business-review

100

Business Reviews helps you display Google, Facebook, and Yelp reviews easily on your WordPress site to build trust and boost your business reputation.

1K No CVEs

Affiliate Reviews

affiliate-reviews

Custom affiliate blocks for your product, casino, forex affiliate site, using your favorite theme!

200 1 CVE

Easy Zillow Reviews

easy-zillow-reviews

100

Display reviews from Zillow on your website.

80 No CVEs

Simple Star Rating Block

simple-star-rating-block

Simple Star Rating Block allows you to display star ratings either by manually entering the value or pulling it from a custom field.

50 No CVEs

Customer Reviews by Revukangaroo

customer-reviews-by-revukangaroo

Revukangaroo allows you to funnel negative and positive reviews directly from your website.Take control of your online reputation!

30 No CVEs

Developer Profile

Perfect Portal Widgets Developer Profile

alanperfectportal

1 plugin · 100 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Perfect Portal Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/perfect-portal-widgets/assets/css/perfect-portal-admin.css/wp-content/plugins/perfect-portal-widgets/assets/scripts/perfect-portal-admin.js

Script Paths

/wp-content/plugins/perfect-portal-widgets/assets/scripts/perfect-portal-admin.js

Version Parameters

perfect-portal-widgets/assets/css/perfect-portal-admin.css?ver=3.0.4perfect-portal-widgets/assets/scripts/perfect-portal-admin.js?ver=3.0.4

HTML / DOM Fingerprints

CSS Classes

perfect-portal-region-selectedpp-hide

HTML Comments

Data Attributes

perfect_portal_regionperfect_portal_quote_calc_intake_typeperfect_portal_quote_calc_intake_guidperfect_portal_company_guid

Shortcode Output

<code>[perfect_portal_intake_form guid="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"]</code>

FAQ