Does Portfolio Filter Gallery have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Portfolio Filter Gallery compatible with WordPress 6.9.4?

According to WordPress.org data, Portfolio Filter Gallery 2.1.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Portfolio Filter Gallery compatible with PHP 7.4+?

Portfolio Filter Gallery requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Portfolio Filter Gallery updated?

Portfolio Filter Gallery was last updated on Apr 8, 2026. Frequent updates are generally a positive security signal.

What is Portfolio Filter Gallery's security score?

Portfolio Filter Gallery has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Portfolio Filter Gallery Security & Risk Analysis

wordpress.org/plugins/portfolio-filter-gallery

A WordPress plugin designed for creating filterable portfolio galleries. Supports images and videos with masonry routing.

20K active installs v2.1.5 PHP 7.4+ WP 5.8+ Updated Apr 8, 2026

galleryphoto-galleryportfolioportfolio-galleryvideo-gallery

A · Safe

CVEs total3

Unpatched0

Last CVEJun 26, 2024

Plugin page Download

Safety Verdict

Is Portfolio Filter Gallery Safe to Use in 2026?

Generally Safe

Score 98/100

Portfolio Filter Gallery has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Jun 26, 2024Updated 1mo ago

Risk Assessment

The 'portfolio-filter-gallery' v2.1.5 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices regarding SQL queries, with 100% using prepared statements, and a high level of output escaping (99%). It also incorporates a significant number of nonce and capability checks, indicating an awareness of common WordPress security mechanisms. However, a substantial concern lies in its attack surface, with 19 out of 29 entry points lacking authentication checks. This significantly increases the risk of unauthorized access and potential abuse of these unprotected AJAX handlers.

The vulnerability history shows three previously disclosed medium-severity vulnerabilities, primarily related to Cross-Site Scripting and Cross-Site Request Forgery. While there are currently no unpatched CVEs, the pattern of past vulnerabilities, especially XSS, coupled with the large number of unprotected AJAX handlers, suggests a recurring risk if proper input validation and sanitization are not consistently applied to all entry points. The presence of a dangerous `preg_replace(/e)` function is also a potential area for concern, though no taint flows of critical or high severity were identified in the static analysis.

In conclusion, while the plugin benefits from good SQL and output sanitization practices, the large number of unprotected AJAX handlers and the history of XSS and CSRF vulnerabilities present a notable risk. Addressing the unauthenticated entry points and ensuring robust input validation across all AJAX handlers should be a priority to improve its overall security.

Key Concerns

19 unprotected AJAX handlers
3 medium severity CVEs (historically)
1 dangerous function: preg_replace(/e)

Vulnerabilities

3 published

Portfolio Filter Gallery Security Vulnerabilities

CVEs by Year

1 CVE in 2020

2020

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-6262medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Portfolio Gallery – Image Gallery Plugin <= 1.6.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Jun 26, 2024 Patched in 1.6.5 (1d)

CVE-2024-29769medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Portfolio Gallery – Image Gallery Plugin <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Mar 25, 2024 Patched in 1.5.7 (8d)

WF-25dd83c5-2ebe-4976-8e97-650e5eadbe43-portfolio-filter-gallerymedium · 4.3Cross-Site Request Forgery (CSRF)

Portfolio Gallery – Image Gallery Plugin <= 1.1.2 - Cross-Site Request Forgery

Jan 29, 2020 Patched in 1.1.3 (1455d)

Version History

Portfolio Filter Gallery Release Timeline

v2.1.5Current

v2.1.4

v2.1.3

v2.1.2

v2.1.0

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.7.5

v1.7.4

v1.7.3

v1.7.2

v1.7.1

Code Analysis

Analyzed Apr 16, 2026

Portfolio Filter Gallery Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

982 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace( '/eincludes/class-pfg-security.php:175

SQL Query Safety

100% prepared4 total queries

Output Escaping

99% escaped992 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<page-settings> (admin/views/page-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

19 unprotected

Portfolio Filter Gallery Attack Surface

Entry Points29

Unprotected19

AJAX Handlers 26

authwp_ajax_pfg_add_filteradmin/class-pfg-ajax-handler.php:25

authwp_ajax_pfg_delete_filteradmin/class-pfg-ajax-handler.php:26

authwp_ajax_pfg_update_filteradmin/class-pfg-ajax-handler.php:27

authwp_ajax_pfg_reorder_filtersadmin/class-pfg-ajax-handler.php:28

authwp_ajax_pfg_update_filter_parentadmin/class-pfg-ajax-handler.php:29

authwp_ajax_pfg_update_filter_coloradmin/class-pfg-ajax-handler.php:30

authwp_ajax_pfg_update_filter_slugadmin/class-pfg-ajax-handler.php:31

authwp_ajax_pfg_delete_all_filtersadmin/class-pfg-ajax-handler.php:32

authwp_ajax_pfg_upload_imagesadmin/class-pfg-ajax-handler.php:35

authwp_ajax_pfg_remove_imageadmin/class-pfg-ajax-handler.php:36

authwp_ajax_pfg_reorder_imagesadmin/class-pfg-ajax-handler.php:37

authwp_ajax_pfg_update_imageadmin/class-pfg-ajax-handler.php:38

authwp_ajax_pfg_save_galleryadmin/class-pfg-ajax-handler.php:41

authwp_ajax_pfg_duplicate_galleryadmin/class-pfg-ajax-handler.php:42

authwp_ajax_pfg_run_migrationadmin/class-pfg-ajax-handler.php:45

authwp_ajax_pfg_restore_backupadmin/class-pfg-ajax-handler.php:46

authwp_ajax_pfg_get_migration_statusadmin/class-pfg-ajax-handler.php:47

authwp_ajax_pfg_force_remigrateadmin/class-pfg-ajax-handler.php:48

authwp_ajax_pfg_get_attachment_urladmin/class-pfg-ajax-handler.php:51

authwp_ajax_pfg_upload_dropped_filesadmin/class-pfg-ajax-handler.php:54

authwp_ajax_pfg_save_images_chunkadmin/class-pfg-ajax-handler.php:57

authwp_ajax_pfg_get_admin_images_pageadmin/class-pfg-ajax-handler.php:60

authwp_ajax_pfg_get_thumbnailsadmin/class-pfg-ajax-handler.php:63

authwp_ajax_pfg_delete_video_thumbnailadmin/class-pfg-ajax-handler.php:66

authwp_ajax_pfg_complete_tourincludes/class-pfg-onboarding-tour.php:31

authwp_ajax_pfg_dismiss_tourincludes/class-pfg-onboarding-tour.php:32

Shortcodes 3

[PFG] public/class-pfg-shortcode.php:23

[portfolio_gallery] public/class-pfg-shortcode.php:26

[Portfolio_Gallery] public/class-pfg-shortcode.php:27

WordPress Hooks 29

actionadd_meta_boxesadmin/class-pfg-admin.php:51

actionsave_postadmin/class-pfg-admin.php:54

actionadmin_enqueue_scriptsadmin/class-pfg-admin.php:57

actionadmin_enqueue_scriptsadmin/class-pfg-admin.php:58

filterpost_row_actionsadmin/class-pfg-admin.php:61

actionadmin_action_pfg_duplicate_galleryadmin/class-pfg-admin.php:62

actionadmin_enqueue_scriptsincludes/class-pfg-onboarding-tour.php:28

actionadmin_menuincludes/class-pfg-setup-wizard.php:33

actionadmin_initincludes/class-pfg-setup-wizard.php:36

actionadmin_post_pfg_wizard_completeincludes/class-pfg-setup-wizard.php:39

actionadmin_post_pfg_wizard_skipincludes/class-pfg-setup-wizard.php:40

actionadmin_enqueue_scriptsincludes/class-pfg-setup-wizard.php:43

actionplugins_loadedincludes/class-portfolio-filter-gallery.php:91

actionadmin_enqueue_scriptsincludes/class-portfolio-filter-gallery.php:102

actionadmin_enqueue_scriptsincludes/class-portfolio-filter-gallery.php:103

actioninitincludes/class-portfolio-filter-gallery.php:106

actionadd_meta_boxesincludes/class-portfolio-filter-gallery.php:107

actionsave_postincludes/class-portfolio-filter-gallery.php:108

actionadmin_menuincludes/class-portfolio-filter-gallery.php:111

filtermanage_awl_filter_gallery_posts_columnsincludes/class-portfolio-filter-gallery.php:114

actionmanage_awl_filter_gallery_posts_custom_columnincludes/class-portfolio-filter-gallery.php:115

actionwp_enqueue_scriptsincludes/class-portfolio-filter-gallery.php:136

actionwp_enqueue_scriptsincludes/class-portfolio-filter-gallery.php:137

filterscript_loader_tagincludes/class-portfolio-filter-gallery.php:140

actionwp_headincludes/class-portfolio-filter-gallery.php:143

actioninitincludes/class-portfolio-filter-gallery.php:146

actionadmin_initincludes/class-portfolio-filter-gallery.php:164

actionpfg_continue_migrationincludes/class-portfolio-filter-gallery.php:167

actionplugins_loadedportfolio-filter-gallery.php:100

Scheduled Events 1

pfg_continue_migration

Maintenance & Trust

Portfolio Filter Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 8, 2026

PHP min version7.4

Downloads1.1M

Community Trust

Rating96/100

Number of ratings341

Active installs20K

Alternatives

Portfolio Filter Gallery Alternatives

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery

gallery-videos

Gallery is a user-friendly plugin to display user or hashtag-based gallery feeds as a responsive customizable gallery.

10K 5 CVEs

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio

portfolio-wp

100

Portfolio, gallery, product catalog, teams, logos and more. All-in-one - Grid Kit Portfolio Gallery plugin!

6K 1 CVE

Photo Gallery for Images

new-photo-gallery

Display photos in responsive grid and lightbox layouts. Build image galleries, portfolios, and video galleries.

1K 1 CVE

Ultimate Portfolio

ultimate-portfolio

100

Build portfolio galleries with category filters, image sliders, and post grids using Gutenberg blocks.

100 No CVEs

Spartan Gallery

spartan-gallery

Spartan Gallery allows you to create gallery very very easily. Spartan Gallery is a responsive and multipurpose portfolio gallery plugin.

0 No CVEs

Developer Profile

Portfolio Filter Gallery Developer Profile

A WP Life

65 plugins · 90K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

266 days

View full developer profile

Detection Fingerprints

How We Detect Portfolio Filter Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/portfolio-filter-gallery/admin/css/pfg-admin.css/wp-content/plugins/portfolio-filter-gallery/admin/js/pfg-admin.js/wp-content/plugins/portfolio-filter-gallery/public/css/pfg-public.css/wp-content/plugins/portfolio-filter-gallery/public/js/pfg-public.js

Script Paths

/wp-content/plugins/portfolio-filter-gallery/admin/js/pfg-admin.js/wp-content/plugins/portfolio-filter-gallery/public/js/pfg-public.js

Version Parameters

portfolio-filter-gallery/admin/css/pfg-admin.css?ver=portfolio-filter-gallery/admin/js/pfg-admin.js?ver=portfolio-filter-gallery/public/css/pfg-public.css?ver=portfolio-filter-gallery/public/js/pfg-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

pfg-gallery-containerpfg-gallery-filterpfg-gallery-itempfg-gallery-filter-list

HTML Comments

+41 more

Data Attributes

data-filterdata-category

JS Globals

pfg_admin_paramspfg_public_params

Shortcode Output

[portfolio_gallery

FAQ