Does Portfolio, Gallery, Product Catalog – Grid KIT Portfolio have any unpatched vulnerabilities?

No. All known vulnerabilities in Portfolio, Gallery, Product Catalog – Grid KIT Portfolio have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Portfolio, Gallery, Product Catalog – Grid KIT Portfolio compatible with WordPress 6.8.5?

According to WordPress.org data, Portfolio, Gallery, Product Catalog – Grid KIT Portfolio 2.2.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio Security & Risk Analysis

wordpress.org/plugins/portfolio-wp

Portfolio, gallery, product catalog, teams, logos and more. All-in-one - Grid Kit Portfolio Gallery plugin!

6K active installs v2.2.2 PHP + WP 4.0+ Updated Aug 12, 2025

galleryphoto-galleryportfolioportfolio-galleryportfolio-plugin

A · Safe

CVEs total1

Unpatched0

Last CVEMar 15, 2022

Plugin page Download

Safety Verdict

Is Portfolio, Gallery, Product Catalog – Grid KIT Portfolio Safe to Use in 2026?

Generally Safe

Score 100/100

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 15, 2022Updated 7mo ago

Risk Assessment

The "portfolio-wp" plugin version 2.2.2 exhibits a generally good security posture with several strengths. The code analysis reveals a commendable 100% usage of prepared statements for SQL queries and a near-perfect 99% of outputs being properly escaped, significantly mitigating the risk of SQL injection and cross-site scripting (XSS) vulnerabilities originating from direct database interaction or content rendering.

However, there are notable concerns. The plugin exposes two AJAX handlers that lack authentication checks, creating a significant attack surface. While no critical or high severity taint flows were identified, the presence of unprotected entry points is a primary risk factor. The plugin has a history of one medium-severity vulnerability related to Cross-site Scripting, which, despite being patched, highlights a potential area for developer oversight. The overall risk is moderate, stemming from the unprotected AJAX handlers which could be leveraged for various attacks if not properly secured, despite the otherwise robust coding practices in other areas.

Key Concerns

AJAX handlers without authentication checks
History of medium severity XSS vulnerability

Vulnerabilities

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2021-25090medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GridKit Portfolio <= 2.0.0 - Subscriber+ Stored Cross-Site Scripting

Mar 15, 2022 Patched in 2.1.0 (679d)

Code Analysis

Analyzed Mar 16, 2026

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio Code Analysis

Dangerous Functions

Raw SQL Queries

31 prepared

Unescaped Output

282 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared31 total queries

Output Escaping

99% escaped284 total outputs

Data Flows

All sanitized

Data Flow Analysis

11 flows

wp_ajax_crp_get_portfolio (classes\crp-ajax.php:3)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 2

authwp_ajax_crp_get_portfolioportfolio-wp.php:42

authwp_ajax_crp_save_portfolioportfolio-wp.php:43

Shortcodes 2

[crp_portfolio] portfolio-wp.php:38

[gkit] portfolio-wp.php:39

WordPress Hooks 10

actioninitportfolio-wp.php:26

actionadmin_enqueue_scriptsportfolio-wp.php:27

actionwp_enqueue_scriptsportfolio-wp.php:28

actionadmin_menuportfolio-wp.php:29

actionadmin_headportfolio-wp.php:30

actionadmin_footerportfolio-wp.php:31

actionupgrader_process_completeportfolio-wp.php:32

actionplugins_loadedportfolio-wp.php:33

filtermce_external_pluginsportfolio-wp.php:223

filtermce_buttonsportfolio-wp.php:224

Maintenance & Trust

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 12, 2025

PHP min version

Downloads413K

Community Trust

Rating88/100

Number of ratings300

Active installs6K

Alternatives

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio Alternatives

Radius Portfolio – Filterable Grid, Gallery & Slider Portfolio

tlp-portfolio

A simple and powerful WordPress portfolio plugin to showcase your creative work beautifully with different ways.

8K 2 CVEs

Photo Gallery for Images

new-photo-gallery

Display photos in responsive grid and lightbox layouts. Build image galleries, portfolios, and video galleries.

2K 1 CVE

Filterable Portfolio

filterable-portfolio

100

A WordPress Portfolio plugin to display portfolio/project images to your site.

1K No CVEs

Responsive Filterable Portfolio

responsive-filterable-portfolio

This is a beautiful responsive portfolio with responsive lightbox plugin for WordPress blogs and sites. Admin can manage any number of videos, images, …

1K 4 CVEs

Advance Portfolio Grid, Slider and Gallery – Showcase Projects, Images and Videos

advance-portfolio-grid

Create responsive and customizable portfolio grids to showcase projects, case studies, and creative work on your WordPress site.

900 1 CVE

Developer Profile

Portfolio, Gallery, Product Catalog – Grid KIT Portfolio Developer Profile

PORTFOLIO GALLERY TEAM

1 plugin · 6K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

679 days

View full developer profile

Detection Fingerprints

How We Detect Portfolio, Gallery, Product Catalog – Grid KIT Portfolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/portfolio-wp/js/crp-admin-script.js/wp-content/plugins/portfolio-wp/js/crp-front-script.js/wp-content/plugins/portfolio-wp/js/crp-tc-buttons.js/wp-content/plugins/portfolio-wp/css/crp-front-style.css/wp-content/plugins/portfolio-wp/css/crp-admin-style.css/wp-content/plugins/portfolio-wp/css/gkit-admin-editor-block.css

Script Paths

/wp-content/plugins/portfolio-wp/js/crp-admin-script.js/wp-content/plugins/portfolio-wp/js/crp-front-script.js/wp-content/plugins/portfolio-wp/js/crp-tc-buttons.js

Version Parameters

portfolio-wp/css/gkit-admin-editor-block.css?ver=

HTML / DOM Fingerprints

CSS Classes

crp-portfolio-wrapcrp-portfolio-gridcrp-portfolio-itemgkit-admin-editor-block

Data Attributes

data-crp-id

JS Globals

crp_obj

Shortcode Output

[crp_portfolio[gkit

FAQ