Does Portfolio Light have any unpatched vulnerabilities?

No. All known vulnerabilities in Portfolio Light have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Portfolio Light compatible with WordPress 6.9.4?

According to WordPress.org data, Portfolio Light 1.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Portfolio Light updated?

Portfolio Light was last updated on Dec 27, 2025. Frequent updates are generally a positive security signal.

What is Portfolio Light's security score?

Portfolio Light has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Portfolio Light Security & Risk Analysis

wordpress.org/plugins/portfolio-light

The plugin allows you to create a portfolio page in a grid format.

0 active installs v1.0.2 PHP + WP 6.0+ Updated Dec 27, 2025

portfolio

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Portfolio Light Safe to Use in 2026?

Generally Safe

Score 100/100

Portfolio Light has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The plugin 'portfolio-light' version 1.0.2 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. There are no detected SQL injection risks, file operations, external HTTP requests, or critical taint flows, which are common sources of vulnerabilities. The code also demonstrates good practices in output escaping, with a high percentage of outputs properly escaped. Furthermore, the absence of any known CVEs and a clean vulnerability history indicate a lack of previously identified security flaws.

Despite these strengths, there are a few areas that warrant attention. The plugin lacks nonce and capability checks on its entry points, including the single shortcode. This absence of authentication and authorization checks, even on a single shortcode, represents a potential attack vector. While the attack surface is small, any unprotected entry point can be a point of exploitation. Therefore, while the plugin is currently secure based on the absence of reported vulnerabilities and critical code issues, the lack of robust authorization mechanisms on its entry points is a notable weakness that could be exploited in future scenarios or if the plugin's functionality were to be expanded in a way that handles sensitive data.

Key Concerns

Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

Portfolio Light Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Portfolio Light Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

83% escaped23 total outputs

Attack Surface

Portfolio Light Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[portfolio_light] includes\class-shortcode.php:30

WordPress Hooks 10

actionplugins_loadedactions.php:21

actionplugins_loadedactions.php:22

actionplugins_loadedactions.php:23

actionplugins_loadedactions.php:24

actioninitactions.php:25

actioninitactions.php:26

actionwp_enqueue_scriptsincludes\class-assets.php:29

actionadmin_enqueue_scriptsincludes\class-assets.php:30

actionadd_meta_boxesincludes\class-post-type.php:32

actionpre_get_postsincludes\class-pre-get-posts.php:29

Maintenance & Trust

Portfolio Light Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 27, 2025

PHP min version

Downloads376

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Portfolio Light Alternatives

WP Show Posts

wp-show-posts

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

Modern photo gallery and portfolio plugin with advanced layouts editor. Clean gallery styles with powerful settings in the Gutenberg block.

60K 4 CVEs

Portfolio Post Type

portfolio-post-type

This plugin registers a custom post type for portfolio items. It also registers separate portfolio taxonomies for tags and categories.

50K No CVEs

Premium Portfolio Features for Phlox theme

auxin-portfolio

Showcase your projects beautifully in Phlox theme

40K 4 CVEs

Themify Portfolio Post

themify-portfolio-post

Add a simple Portfolio post type to your site.

30K 6 CVEs

Developer Profile

Portfolio Light Developer Profile

Pavel

8 plugins · 30 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Portfolio Light

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/portfolio-light/assets/css/style.css/wp-content/plugins/portfolio-light/assets/css/admin-style.css

Version Parameters

portfolio-light/assets/css/style.css?ver=portfolio-light/assets/css/admin-style.css?ver=

HTML / DOM Fingerprints

Data Attributes

name="_plugin_portfolio_light[link]"name="_plugin_portfolio_light[created]"name="_plugin_portfolio_light[position]"

Shortcode Output

<div class="portfolio-light-wrap"><div class="portfolio-light-item"><a href="" class="portfolio-light-link">

FAQ