WP-Safety

Portfolio Responsive Gallery Security & Risk Analysis

wordpress.org/plugins/portfolio-responsive-gallery

Best portfolio and photo gallery plugin to create advanced projects. Showcase powerful catalogs with an unlimited number of images.

200 active installs v1.5.1 PHP + WP 4.0+ Updated Jun 27, 2025
image-galleryportfolioportfolio-galleryportfolio-pluginwordpress-portfolio-plugin
99
A · Safe
CVEs total2
Unpatched0
Last CVEJun 29, 2021
Plugin page Download
Safety Verdict

Is Portfolio Responsive Gallery Safe to Use in 2026?

Generally Safe

Score 99/100

Portfolio Responsive Gallery has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 29, 2021Updated 9mo ago
Risk Assessment

The "portfolio-responsive-gallery" plugin v1.5.1 presents a moderate security risk due to significant vulnerabilities in its attack surface and code handling. While the plugin avoids dangerous functions and file operations, and has a reasonable SQL query preparation rate, the high number of unprotected AJAX handlers (6 out of 6) is a major concern. These unprotected entry points, combined with a substantial number of unsanitized taint flows (7 out of 11), including 4 classified as high severity, indicate a strong possibility of exploitable vulnerabilities like Cross-Site Scripting (XSS) and potential for SQL injection if user input is not handled carefully. The plugin's vulnerability history, with two known CVEs (one high, one medium severity) for XSS and SQL injection, further reinforces these concerns, suggesting recurring weaknesses in input validation and output escaping. Although there are no currently unpatched vulnerabilities and some good practices like nonce and capability checks are present, the sheer number of unprotected AJAX endpoints and high-severity taint flows overshadow these positives, necessitating caution.

Key Concerns

  • High number of unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Vulnerability history with XSS and SQLi
  • Low percentage of properly escaped output
  • Bundled library (Select2) may be outdated
Vulnerabilities
2

Portfolio Responsive Gallery Security Vulnerabilities

CVEs by Year

2 CVEs in 2021
2021
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

WF-06d374b0-a4a6-4f0e-af85-66b3a50b1354-portfolio-responsive-gallerymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Portfolio Responsive Gallery <= 1.1.7 - Cross-Site Scripting

Jun 29, 2021 Patched in 1.1.8 (938d)
CVE-2021-24457high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Portfolio Responsive Gallery <= 1.1.7 - Blind SQL Injection

Jun 29, 2021 Patched in 1.1.8 (938d)
Code Analysis
Analyzed Mar 16, 2026

Portfolio Responsive Gallery Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
18 prepared
Unescaped Output
228
118 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

82% prepared22 total queries

Output Escaping

34% escaped346 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

11 flows7 with unsanitized paths
prg_deactivate_plugin_option (admin\class-portfolio-responsive-gallery-admin.php:328)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Portfolio Responsive Gallery Attack Surface

Entry Points7
Unprotected6

AJAX Handlers 6

authwp_ajax_ays_get_attr_for_projectincludes\class-portfolio-responsive-gallery.php:179
noprivwp_ajax_ays_get_attr_for_projectincludes\class-portfolio-responsive-gallery.php:180
authwp_ajax_prg_deactivate_plugin_optionincludes\class-portfolio-responsive-gallery.php:187
noprivwp_ajax_prg_deactivate_plugin_optionincludes\class-portfolio-responsive-gallery.php:188
authwp_ajax_ays_portfolio_load_projectincludes\class-portfolio-responsive-gallery.php:208
noprivwp_ajax_ays_portfolio_load_projectincludes\class-portfolio-responsive-gallery.php:209

Shortcodes 1

[portfolio_responsive_gallery] public\class-portfolio-responsive-gallery-public.php:54
WordPress Hooks 14
filterset-screen-optionadmin\class-portfolio-responsive-gallery-admin.php:58
actionplugins_loadedincludes\class-portfolio-responsive-gallery.php:156
actionadmin_enqueue_scriptsincludes\class-portfolio-responsive-gallery.php:171
actionadmin_enqueue_scriptsincludes\class-portfolio-responsive-gallery.php:172
actionadmin_enqueue_scriptsincludes\class-portfolio-responsive-gallery.php:173
actionadmin_menuincludes\class-portfolio-responsive-gallery.php:176
actionadmin_noticesincludes\class-portfolio-responsive-gallery.php:190
actionin_admin_footerincludes\class-portfolio-responsive-gallery.php:192
actionwp_enqueue_scriptsincludes\class-portfolio-responsive-gallery.php:211
actionwp_enqueue_scriptsincludes\class-portfolio-responsive-gallery.php:212
actionadmin_noticesincludes\lists\class-portfolio-responsive-gallery-attributes-list-table.php:15
actionadmin_noticesincludes\lists\class-portfolio-responsive-gallery-list-table.php:15
actionplugins_loadedportfolio-responsive-gallery.php:74
actionadmin_noticesportfolio-responsive-gallery.php:92
Maintenance & Trust

Portfolio Responsive Gallery Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 27, 2025
PHP min version
Downloads9K

Community Trust

Rating60/100
Number of ratings2
Active installs200
Alternatives

Portfolio Responsive Gallery Alternatives

Radius Portfolio – Filterable Grid, Gallery & Slider Portfolio

Radius Portfolio – Filterable Grid, Gallery & Slider Portfolio

tlp-portfolio

A
99

A simple and powerful WordPress portfolio plugin to showcase your creative work beautifully with different ways.

8K 2 CVEs
Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

advance-portfolio-grid

A
99

Create responsive and customizable portfolio grids to showcase projects, case studies, and creative work on your WordPress site.

900 1 CVE
Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery

gallery-videos

A
95

Gallery is a user-friendly plugin to display user or hashtag-based gallery feeds as a responsive customizable gallery.

10K 5 CVEs
Portfolio, Gallery, Product Catalog – Grid KIT Portfolio

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio

portfolio-wp

A
100

Portfolio, gallery, product catalog, teams, logos and more. All-in-one - Grid Kit Portfolio Gallery plugin!

6K 1 CVE
Photo Gallery for Images

Photo Gallery for Images

new-photo-gallery

A
98

Display photos in responsive grid and lightbox layouts. Build image galleries, portfolios, and video galleries.

2K 1 CVE
Developer Profile

Portfolio Responsive Gallery Developer Profile

Ays Pro

18 plugins · 111K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
216 days
View full developer profile
Detection Fingerprints

How We Detect Portfolio Responsive Gallery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/portfolio-responsive-gallery/admin/css/main.css/wp-content/plugins/portfolio-responsive-gallery/admin/css/style.css/wp-content/plugins/portfolio-responsive-gallery/admin/images/portfolio_icon.png/wp-content/plugins/portfolio-responsive-gallery/admin/images/icons/lightning.svg/wp-content/plugins/portfolio-responsive-gallery/admin/images/icons/lightning-white.svg/wp-content/plugins/portfolio-responsive-gallery/public/css/slick.css/wp-content/plugins/portfolio-responsive-gallery/public/css/slick-theme.css/wp-content/plugins/portfolio-responsive-gallery/public/css/style.css+3 more
Script Paths
/wp-content/plugins/portfolio-responsive-gallery/admin/js/main.js/wp-content/plugins/portfolio-responsive-gallery/admin/js/script.js/wp-content/plugins/portfolio-responsive-gallery/public/js/slick.js/wp-content/plugins/portfolio-responsive-gallery/public/js/slick.min.js/wp-content/plugins/portfolio-responsive-gallery/public/js/script.js
Version Parameters
/wp-content/plugins/portfolio-responsive-gallery/admin/css/main.css?ver=/wp-content/plugins/portfolio-responsive-gallery/admin/css/style.css?ver=/wp-content/plugins/portfolio-responsive-gallery/public/css/slick.css?ver=/wp-content/plugins/portfolio-responsive-gallery/public/css/slick-theme.css?ver=/wp-content/plugins/portfolio-responsive-gallery/public/css/style.css?ver=/wp-content/plugins/portfolio-responsive-gallery/public/js/slick.js?ver=/wp-content/plugins/portfolio-responsive-gallery/public/js/slick.min.js?ver=/wp-content/plugins/portfolio-responsive-gallery/public/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
ays-notice-bannerays-portfolio-logo-container-upgradeays-portfolio-upgrade-containerportfolio-upgrade-to-proays-portfolio-logo-container-one-time-textays_ask_question_contentportfolio-gallery-wrap
Data Attributes
data-expanded
JS Globals
AYS_PRG_BASE_URLAYS_PRG_ADMIN_URLAYS_PRG_PUBLIC_URLPRG_NAME_VERSIONPRG_NAME
Shortcode Output
[portfolio_gallery]
FAQ

Frequently Asked Questions about Portfolio Responsive Gallery