WP-Safety

Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/portfolio

Create and add personal portfolio to your WordPress website. Manage and showcase past projects to get more clients.

600 active installs v2.58 PHP + WP 5.6+ Updated Jun 9, 2025
add-portfolioadd-portfolio-widgetfancyboxportfolioportfolio-plugin
77
B · Generally Safe
CVEs total2
Unpatched1
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress Safe to Use in 2026?

Mostly Safe

Score 77/100

Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Sep 22, 2025Updated 9mo ago
Risk Assessment

The "portfolio" v2.58 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by implementing robust nonce and capability checks, with a high percentage of properly escaped output and SQL queries utilizing prepared statements. The static analysis shows a relatively small attack surface, and importantly, no unprotected entry points were identified. However, the presence of a single "unserialize" function in the code raises a significant concern, as this function is notorious for its potential to lead to remote code execution vulnerabilities if not handled with extreme caution and sanitization. Furthermore, the taint analysis revealed one flow with an unsanitized path, indicating a potential weakness where user-supplied data could be manipulated. The vulnerability history, while not currently showing critical or high severity issues, indicates a pattern of medium severity vulnerabilities, specifically Cross-Site Scripting (XSS) issues, with one such vulnerability remaining unpatched. This historical trend, coupled with the static analysis findings, suggests that while the plugin has areas of strength, there are critical areas that require immediate attention and diligent security practices.

Key Concerns

  • Unpatched CVE (Medium Severity)
  • Dangerous function detected (unserialize)
  • Taint flow with unsanitized path
  • SQL queries not using prepared statements (57% prepared)
Vulnerabilities
2

Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-58245medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Portfolio <= 2.58 - Authenticated (Author+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
WF-4148b37e-c5dd-43a1-aecf-085ce4fb2473-portfoliomedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Portfolio by BestWebSoft < 2.4.0 - Reflected Cross-Site Scripting

Apr 12, 2017 Patched in 2.4.0 (2477d)
Code Analysis
Analyzed Mar 16, 2026

Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress Code Analysis

Dangerous Functions
1
Raw SQL Queries
6
8 prepared
Unescaped Output
30
765 escaped
Nonce Checks
23
Capability Checks
4
File Operations
3
External Requests
6
Bundled Libraries
0

Dangerous Functions Found

unserialize$prtfl_information = isset( $prtfl_information ) ? unserialize( $prtfl_informaportfolio.php:2561

SQL Query Safety

57% prepared14 total queries

Output Escaping

96% escaped795 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

8 flows1 with unsanitized paths
bws_demo_confirm (includes\demo-data\class-bws-demo-data.php:57)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 3

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1466
authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:433
authwp_ajax_prtfl_update_imageportfolio.php:2698

Shortcodes 1

[latest_portfolio_items] portfolio.php:2700
WordPress Hooks 38
filterload_textdomain_mofilebws_menu\bws_functions.php:43
filtermce_external_pluginsbws_menu\bws_functions.php:1146
filtermce_buttonsbws_menu\bws_functions.php:1147
actionadmin_initbws_menu\bws_functions.php:1433
actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1434
actionadmin_headbws_menu\bws_functions.php:1435
actionadmin_footerbws_menu\bws_functions.php:1436
actionadmin_noticesbws_menu\bws_functions.php:1438
actionwp_enqueue_scriptsbws_menu\bws_functions.php:1440
actionload-post-new.phpportfolio.php:55
actionload-post.phpportfolio.php:56
actionload-edit.phpportfolio.php:57
actiontemplate_includeportfolio.php:109
filterwp_get_attachment_urlportfolio.php:419
filterwp_get_attachment_image_attributesportfolio.php:420
filterwp_update_attachment_metadataportfolio.php:421
filterthe_contentportfolio.php:2260
actionadmin_menuportfolio.php:2676
actionadmin_initportfolio.php:2677
actioninitportfolio.php:2678
actionplugins_loadedportfolio.php:2679
actionsave_postportfolio.php:2681
filtercontent_save_preportfolio.php:2682
filterbwsplgns_get_pdf_print_contentportfolio.php:2685
actionadmin_enqueue_scriptsportfolio.php:2687
actionwp_enqueue_scriptsportfolio.php:2688
actionwp_headportfolio.php:2689
actionwp_footerportfolio.php:2690
filterbody_classportfolio.php:2693
actionwidgets_initportfolio.php:2696
filterbws_shortcode_button_contentportfolio.php:2702
filterrequestportfolio.php:2704
filterpre_get_postsportfolio.php:2706
filterrewrite_rules_arrayportfolio.php:2707
filterplugin_row_metaportfolio.php:2709
filterplugin_action_linksportfolio.php:2710
filternav_menu_css_classportfolio.php:2712
actionadmin_noticesportfolio.php:2714
Maintenance & Trust

Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 9, 2025
PHP min version
Downloads268K

Community Trust

Rating70/100
Number of ratings26
Active installs600
Alternatives

Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress Alternatives

Radius Portfolio – Filterable Grid, Gallery & Slider Portfolio

Radius Portfolio – Filterable Grid, Gallery & Slider Portfolio

tlp-portfolio

A
99

A simple and powerful WordPress portfolio plugin to showcase your creative work beautifully with different ways.

8K 2 CVEs
Portfolio, Gallery, Product Catalog – Grid KIT Portfolio

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio

portfolio-wp

A
100

Portfolio, gallery, product catalog, teams, logos and more. All-in-one - Grid Kit Portfolio Gallery plugin!

6K 1 CVE
Filterable Portfolio

Filterable Portfolio

filterable-portfolio

A
100

A WordPress Portfolio plugin to display portfolio/project images to your site.

1K No CVEs
Responsive Filterable Portfolio

Responsive Filterable Portfolio

responsive-filterable-portfolio

A
95

This is a beautiful responsive portfolio with responsive lightbox plugin for WordPress blogs and sites. Admin can manage any number of videos, images, &hellip;

1K 4 CVEs
Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

advance-portfolio-grid

A
99

Create responsive and customizable portfolio grids to showcase projects, case studies, and creative work on your WordPress site.

900 1 CVE
Developer Profile

Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress Developer Profile

bestweblayout

32 plugins · 17K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
1944 days
View full developer profile
Detection Fingerprints

How We Detect Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/portfolio/css/frontend.css/wp-content/plugins/portfolio/css/magnific-popup.css/wp-content/plugins/portfolio/js/jquery.magnific-popup.min.js/wp-content/plugins/portfolio/js/main.js
Script Paths
/wp-content/plugins/portfolio/js/main.js/wp-content/plugins/portfolio/js/jquery.magnific-popup.min.js
Version Parameters
portfolio/css/frontend.css?ver=portfolio/css/magnific-popup.css?ver=portfolio/js/jquery.magnific-popup.min.js?ver=portfolio/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
portfolio_wrapportfolio_imageportfolio_title
HTML Comments
<!-- Portfolio by BestWebSoft --><!-- Start Portfolio --><!-- End Portfolio --><!-- Portfolio Item -->+1 more
Data Attributes
data-portfolio-iddata-item-id
JS Globals
prtfl_frontend_options
Shortcode Output
[portfolio][portfolio id=""]
FAQ

Frequently Asked Questions about Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress