WP-Safety

Portfolio Block – The Ultimate Project & Portfolio Builder Security & Risk Analysis

wordpress.org/plugins/portfolio-block

Portfolio Block helps you create and display modern, responsive portfolios with multiple layouts, filters, and full design control.

700 active installs v2.1.1 PHP 7.1+ WP 6.5+ Updated Mar 15, 2026
blockgalleryportfolioprojectsshowcase
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Portfolio Block – The Ultimate Project & Portfolio Builder Safe to Use in 2026?

Generally Safe

Score 100/100

Portfolio Block – The Ultimate Project & Portfolio Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The portfolio-block plugin v2.1.1 demonstrates a generally good security posture based on the static analysis. The absence of dangerous functions, file operations, and external HTTP requests is commendable. All SQL queries are properly prepared, and a significant majority of output is correctly escaped, mitigating common injection and cross-site scripting risks. The presence of nonce and capability checks on its entry points further strengthens its defense against unauthorized actions.

However, a potential concern lies in the 86% output escaping rate. While high, it means 14% of outputs are not properly escaped, which could leave the plugin vulnerable to cross-site scripting (XSS) attacks if user-supplied data is involved in these unescaped outputs. The taint analysis shows no unsanitized paths or critical/high severity flows, which is a positive indicator, but the limited number of analyzed flows (2) might not cover all possible execution paths. The plugin also bundles the Freemius library, which, if outdated or unpatched, could introduce vulnerabilities.

Furthermore, the plugin has no recorded vulnerability history, including CVEs. This suggests a track record of security robustness or a lack of scrutiny. While this is a strength, it's important to remember that even well-maintained plugins can develop vulnerabilities over time. The plugin's limited attack surface (2 entry points, both protected) is a positive sign. Overall, the plugin exhibits strong development practices, but the minor output escaping gap and the inclusion of bundled libraries warrant careful attention.

Key Concerns

  • Unescaped output detected
  • Bundled library (Freemius) present
Vulnerabilities
None known

Portfolio Block – The Ultimate Project & Portfolio Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Portfolio Block – The Ultimate Project & Portfolio Builder Release Timeline

v2.1.1Current
v2.1.0
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Portfolio Block – The Ultimate Project & Portfolio Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
6 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius

Output Escaping

86% escaped7 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
pfb_get_blocks (includes\rootPlugin\Ajax.php:14)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Portfolio Block – The Ultimate Project & Portfolio Builder Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_pfb_get_blocksincludes\rootPlugin\Ajax.php:11

Shortcodes 1

[pfb] includes\rootPlugin\ShortCode.php:6
WordPress Hooks 8
actionadmin_menuincludes\rootPlugin\AdminMenu.php:7
filterblock_categories_allincludes\rootPlugin\BlockCategory.php:11
filtermanage_pfb_posts_columnsincludes\rootPlugin\CustomColumn.php:7
actionmanage_pfb_posts_custom_columnincludes\rootPlugin\CustomColumn.php:8
actionenqueue_block_assetsincludes\rootPlugin\Enqueue.php:7
actionenqueue_block_editor_assetsincludes\rootPlugin\Enqueue.php:8
actionadmin_enqueue_scriptsincludes\rootPlugin\Enqueue.php:10
actioninitincludes\rootPlugin\Init.php:8
Maintenance & Trust

Portfolio Block – The Ultimate Project & Portfolio Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version7.1
Downloads14K

Community Trust

Rating100/100
Number of ratings2
Active installs700
Alternatives

Portfolio Block – The Ultimate Project & Portfolio Builder Alternatives

Project Showcase – A WordPress Plugin to Display Projects in Various Layouts

Project Showcase – A WordPress Plugin to Display Projects in Various Layouts

gs-projects

A
99

Introducing a WordPress plugin that enables users to display their projects in a variety of layouts through a project showcase.

200 1 CVE
B Portfolio

B Portfolio

bportfolio

A
92

Build and display Portfolios/Projects on your site. Professionally present your Skill.

10 No CVEs
Portfolio Pro Advance

Portfolio Pro Advance

portfolio-pro-advance

A
100

Advanced portfolio management with multiple layouts and pro features.

0 No CVEs
Realmagic Portfolio

Realmagic Portfolio

realmagic-portfolio

A
100

A free, fully featured portfolio display plugin for WordPress. Start with a simple grid layout, with upcoming features like filterable views, sliders, …

0 No CVEs
Visual Portfolio, Photo Gallery & Post Grid

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

A
93

Powerful WordPress gallery plugin for stunning photo, video & album galleries with advanced layouts and flexible block editing.

60K 4 CVEs
Developer Profile

Portfolio Block – The Ultimate Project & Portfolio Builder Developer Profile

colorlibplugins

121 plugins · 740K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
130 days
View full developer profile
Detection Fingerprints

How We Detect Portfolio Block – The Ultimate Project & Portfolio Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/portfolio-block/build/admin-post.css/wp-content/plugins/portfolio-block/build/admin-post.js/wp-content/plugins/portfolio-block/build/admin-dashboard.js/wp-content/plugins/portfolio-block/build/admin-dashboard.css/wp-content/plugins/portfolio-block/public/js/isotope.pkgd.min.js/wp-content/plugins/portfolio-block/public/mosaic/jquery.mosaic.min.js/wp-content/plugins/portfolio-block/public/mosaic/jquery.mosaic.min.css
Script Paths
https://cdn.jsdelivr.net/npm/html2canvas@1.4.1/dist/html2canvas.min.jshttps://cdn.jsdelivr.net/npm/jspdf@2.5.1/dist/jspdf.umd.min.jshttps://cdn.jsdelivr.net/npm/html2pdf.js@0.10.1/dist/html2pdf.bundle.min.js
Version Parameters
portfolio-block/build/admin-post.css?ver=portfolio-block/build/admin-post.js?ver=portfolio-block/build/admin-dashboard.js?ver=portfolio-block/build/admin-dashboard.css?ver=portfolio-block/public/js/isotope.pkgd.min.js?ver=portfolio-block/public/mosaic/jquery.mosaic.min.js?ver=portfolio-block/public/mosaic/jquery.mosaic.min.css?ver=

HTML / DOM Fingerprints

JS Globals
pfbIsPremium
Shortcode Output
render_block(
FAQ

Frequently Asked Questions about Portfolio Block – The Ultimate Project & Portfolio Builder