Does Portfolio Grid have any unpatched vulnerabilities?

No. All known vulnerabilities in Portfolio Grid have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is Portfolio Grid updated?

Portfolio Grid was last updated on Feb 8, 2012. Frequent updates are generally a positive security signal.

What is Portfolio Grid's security score?

Portfolio Grid has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Portfolio Grid Security & Risk Analysis

wordpress.org/plugins/portfolio-grid

Portfolio Plugin allows you to display portfolio items in a grid with a interactive filtering system.

10 active installs v1.2.1 PHP + WP 3.3.1+ Updated Feb 8, 2012

filtergridportfolioportfolio-grid

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Portfolio Grid Safe to Use in 2026?

Generally Safe

Score 85/100

Portfolio Grid has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "portfolio-grid" v1.2.1 plugin exhibits a mixed security posture. While the absence of known CVEs and the use of prepared statements for SQL queries are positive indicators, significant concerns arise from the static analysis. The low percentage of properly escaped output (18%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis reveals a critical flow with an unsanitized path, indicating a potential for arbitrary file access or other sensitive operations if exploited.

The plugin's attack surface appears minimal, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events, which is a strong point for reducing attack vectors. However, the lack of capability checks on any potential entry points, combined with the identified unsanitized taint flow, means that even a seemingly small attack surface could be leveraged if an attacker can find a way to trigger that flow. The single nonce check is insufficient given the other identified risks.

In conclusion, "portfolio-grid" v1.2.1 has some fundamental security strengths, particularly in its handling of SQL queries and limited attack surface. However, the critical taint flow and severely inadequate output escaping present significant and immediate risks that outweigh these positives. The absence of past vulnerabilities is a good sign, but it does not negate the current concerning findings in the code analysis.

Key Concerns

Critical taint flow with unsanitized path
Low percentage of properly escaped output
No capability checks on potential entry points

Vulnerabilities

None known

Portfolio Grid Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Portfolio Grid Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

18% escaped22 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<ajax> (ajax.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Portfolio Grid Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

actioninitwp_portolio.php:12

actioninitwp_portolio.php:77

actionpost_edit_form_tagwp_portolio.php:113

actionadmin_initwp_portolio.php:206

actionsave_postwp_portolio.php:214

actionadmin_print_scriptswp_portolio.php:276

actionadmin_print_styleswp_portolio.php:277

actionmanage_posts_custom_columnwp_portolio.php:286

filtermanage_edit-portfolio_columnswp_portolio.php:287

filtersanitize_file_namewp_portolio.php:347

actionadmin_menuwp_portolio.php:366

filterpage_templatewp_portolio.php:371

filtersingle_templatewp_portolio.php:381

filternav_menu_css_classwp_portolio.php:391

Maintenance & Trust

Portfolio Grid Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedFeb 8, 2012

PHP min version

Downloads8K

Community Trust

Rating40/100

Number of ratings1

Active installs10

Alternatives

Portfolio Grid Alternatives

GS Portfolio – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more

gs-portfolio

Showcase your work with GS Portfolio – create filterable grids, sliders & stylish layouts anywhere on your site using simple shortcodes.

300 2 CVEs

Responsive Filterable Portfolio

responsive-filterable-portfolio

This is a beautiful responsive portfolio with responsive lightbox plugin for WordPress blogs and sites. Admin can manage any number of videos, images, …

1K 4 CVEs

Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

advance-portfolio-grid

Create responsive and customizable portfolio grids to showcase projects, case studies, and creative work on your WordPress site.

900 1 CVE

Portfolio X

portfolio-x

100

Portfolio X is a responsive portfolio gallery plugin for project portfolio with unique photo gallery styles, portfolio widgets and project showcase.

200 No CVEs

Portfolio Wall

portfolio-wall

This WordPress plugin gives you the opportunity to display your portfolio details. The plugin is as easy to use by shortcode.

10 No CVEs

Developer Profile

Portfolio Grid Developer Profile

dmregister

2 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Portfolio Grid

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/portfolio-grid/images/Briefcase16.png

HTML / DOM Fingerprints

CSS Classes

portfolio_uploaded_img_

HTML Comments

Data Attributes

enctype="multipart/form-data"

FAQ