WP-Safety

Behance Portfolio Manager Security & Risk Analysis

wordpress.org/plugins/portfolio-manager-powered-by-behance

Show Behance Projects to Your WordPress Website

400 active installs v1.8.0 PHP + WP 3.8+ Updated Mar 4, 2026
behanceportfolioproject-management
42
D · High Risk
CVEs total6
Unpatched6
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is Behance Portfolio Manager Safe to Use in 2026?

High Risk

Score 42/100

Behance Portfolio Manager carries significant security risk with 6 known CVEs, 6 still unpatched. Consider switching to a maintained alternative.

6 known CVEs 6 unpatched Last CVE: Dec 31, 2025Updated 1mo ago
Risk Assessment

The "portfolio-manager-powered-by-behance" v1.8.0 plugin exhibits a concerning security posture despite some positive indicators. While it shows good practices in areas like SQL query preparation (76%) and output escaping (89%), the presence of two AJAX handlers without authentication checks is a significant risk. This directly creates an attack surface that could be exploited by unauthenticated users.

The taint analysis reveals a high number of flows with unsanitized paths (10 out of 14), with all 10 classified as high severity. This strongly suggests a propensity for sensitive data to be improperly handled, potentially leading to various injection vulnerabilities if not mitigated at the endpoint. The vulnerability history further exacerbates these concerns, with 6 known CVEs, all of which are currently unpatched. The types of past vulnerabilities, including CSRF, XSS, missing authorization, and SQL injection, align with the potential risks identified in the taint analysis and the unprotected AJAX handlers, indicating a pattern of recurring security weaknesses.

In conclusion, while the plugin demonstrates some diligent coding practices in specific areas, the combination of unprotected entry points, critical taint flows, and a history of unpatched vulnerabilities, particularly those related to input validation and authorization, presents a substantial security risk. The plugin requires immediate attention to address the identified vulnerabilities and to implement robust authorization and sanitization checks for all entry points.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • 6 unpatched CVEs
  • Bundled outdated library (TinyMCE v1.0)
Vulnerabilities
6

Behance Portfolio Manager Security Vulnerabilities

CVEs by Year

6 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2025-59137medium · 4.3Cross-Site Request Forgery (CSRF)

Behance Portfolio Manager <= 1.7.5 - Cross-Site Request Forgery

Dec 31, 2025Unpatched
CVE-2025-59135medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Behance Portfolio Manager <= 1.7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 31, 2025Unpatched
CVE-2025-57913medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Behance Portfolio Manager <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
CVE-2025-29010medium · 4.3Missing Authorization

Behance Portfolio Manager <= 1.7.4 - Missing Authorization

Jun 5, 2025Unpatched
CVE-2025-32124medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Behance Portfolio Manager <= 1.7.4 - Authenticated (Administrator+) SQL Injection

Apr 4, 2025Unpatched
CVE-2025-31526medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Behance Portfolio Manager <= 1.7.4 - Authenticated (Contributor+) SQL Injection

Mar 31, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Behance Portfolio Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
15
47 prepared
Unescaped Output
77
656 escaped
Nonce Checks
15
Capability Checks
6
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

TinyMCE1.0

SQL Query Safety

76% prepared62 total queries

Output Escaping

89% escaped733 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

14 flows10 with unsanitized paths
save_category (classes\eds-bpm-db.php:295)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Behance Portfolio Manager Attack Surface

Entry Points8
Unprotected2

AJAX Handlers 4

authwp_ajax_eds_bpm_get_popupclasses\eds-bpm-loader.php:87
authwp_ajax_eds_bpm_get_layout_dataclasses\eds-bpm-loader.php:88
authwp_ajax_eds_bpm_import_projectsclasses\eds-bpm-loader.php:91
authwp_ajax_eds_bpm_save_imported_projectsclasses\eds-bpm-loader.php:92

Shortcodes 4

[edsbportman] classes\eds-bpm-loader.php:120
[edsbportmansp] classes\eds-bpm-loader.php:121
[edsbportmansc] classes\eds-bpm-loader.php:122
[edsbportmanmc] classes\eds-bpm-loader.php:123
WordPress Hooks 26
actionplugins_loadedclasses\eds-bpm-loader.php:29
actionplugins_loadedclasses\eds-bpm-loader.php:32
actionwp_loadedclasses\eds-bpm-loader.php:40
filterrewrite_rules_arrayclasses\eds-bpm-loader.php:41
actionwp_loadedclasses\eds-bpm-loader.php:43
filterrewrite_rules_arrayclasses\eds-bpm-loader.php:44
filterquery_varsclasses\eds-bpm-loader.php:48
actioninitclasses\eds-bpm-loader.php:57
actioninitclasses\eds-bpm-loader.php:60
actionadmin_noticesclasses\eds-bpm-loader.php:63
actioninitclasses\eds-bpm-loader.php:67
actionadmin_initclasses\eds-bpm-loader.php:70
actioninitclasses\eds-bpm-loader.php:74
actionadmin_initclasses\eds-bpm-loader.php:75
actionadmin_initclasses\eds-bpm-loader.php:76
actionadmin_initclasses\eds-bpm-loader.php:77
actioninitclasses\eds-bpm-loader.php:83
filtertiny_mce_versionclasses\eds-bpm-loader.php:84
actioneds_bpm_load_admin_scripts_on_pageclasses\eds-bpm-loader.php:96
actioneds_bpm_load_admin_styles_on_pageclasses\eds-bpm-loader.php:97
actionadmin_menuclasses\eds-bpm-loader.php:101
actioninitclasses\eds-bpm-loader.php:112
actionwp_enqueue_scriptsclasses\eds-bpm-loader.php:115
actionwp_footerclasses\eds-bpm-loader.php:118
filtermce_external_pluginsclasses\eds-bpm-tinymce.php:38
filtermce_buttonsclasses\eds-bpm-tinymce.php:39
Maintenance & Trust

Behance Portfolio Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version
Downloads36K

Community Trust

Rating96/100
Number of ratings18
Active installs400
Alternatives

Behance Portfolio Manager Alternatives

GS Behance Portfolio – Display Projects, Gallery & Slider

GS Behance Portfolio – Display Projects, Gallery & Slider

gs-behance-portfolio

A
100

Showcase Behance projects on your site with GS Behance Portfolio. Display in Grid, Slider, Gallery & more responsive layouts.

400 No CVEs
WP Show Posts

WP Show Posts

wp-show-posts

A
90

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs
Visual Portfolio, Photo Gallery & Post Grid

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

A
98

Modern photo gallery and portfolio plugin with advanced layouts editor. Clean gallery styles with powerful settings in the Gutenberg block.

60K 3 CVEs
Portfolio Post Type

Portfolio Post Type

portfolio-post-type

A
85

This plugin registers a custom post type for portfolio items. It also registers separate portfolio taxonomies for tags and categories.

50K No CVEs
Premium Portfolio Features for Phlox theme

Premium Portfolio Features for Phlox theme

auxin-portfolio

A
89

Showcase your projects beautifully in Phlox theme

40K 4 CVEs
Developer Profile

Behance Portfolio Manager Developer Profile

eleopard

3 plugins · 30K total installs

62
trust score
Avg Security Score
75/100
Avg Patch Time
1397 days
View full developer profile
Detection Fingerprints

How We Detect Behance Portfolio Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/portfolio-manager-powered-by-behance/css/project_view.css/wp-content/plugins/portfolio-manager-powered-by-behance/css/project_view_responsive.css/wp-content/plugins/portfolio-manager-powered-by-behance/css/bootstrap.min.css/wp-content/plugins/portfolio-manager-powered-by-behance/css/font-awesome.min.css/wp-content/plugins/portfolio-manager-powered-by-behance/js/plugins.js/wp-content/plugins/portfolio-manager-powered-by-behance/js/custom.js/wp-content/plugins/portfolio-manager-powered-by-behance/js/bootstrap.min.js
Script Paths
/wp-content/plugins/portfolio-manager-powered-by-behance/js/plugins.js/wp-content/plugins/portfolio-manager-powered-by-behance/js/custom.js/wp-content/plugins/portfolio-manager-powered-by-behance/js/bootstrap.min.js
Version Parameters
portfolio-manager-powered-by-behance/css/project_view.css?ver=portfolio-manager-powered-by-behance/css/project_view_responsive.css?ver=portfolio-manager-powered-by-behance/css/bootstrap.min.css?ver=portfolio-manager-powered-by-behance/css/font-awesome.min.css?ver=portfolio-manager-powered-by-behance/js/plugins.js?ver=portfolio-manager-powered-by-behance/js/custom.js?ver=portfolio-manager-powered-by-behance/js/bootstrap.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
eds-bpm-project-itemeds-bpm-project-metaeds-bpm-project-titleeds-bpm-project-descriptioneds-bpm-project-likeseds-bpm-project-viewseds-bpm-project-commentseds-bpm-project-created
Data Attributes
data-behance-api-keydata-behance-usernamedata-behance-project-iddata-behance-project-titledata-behance-project-descriptiondata-behance-project-url+5 more
JS Globals
EDS_BPM_AJAX_URLEDS_BPM_DATA
Shortcode Output
[edsbportman][edsbportmansp][edsbportmansc][edsbportmanmc]
FAQ

Frequently Asked Questions about Behance Portfolio Manager