WP-Safety

Realmagic Portfolio Security & Risk Analysis

wordpress.org/plugins/realmagic-portfolio

A free, fully featured portfolio display plugin for WordPress. Start with a simple grid layout, with upcoming features like filterable views, sliders, …

0 active installs v1.0.1 PHP 7.2+ WP 5.0+ Updated Aug 10, 2025
gallerygridportfolioprojectsshowcase
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Realmagic Portfolio Safe to Use in 2026?

Generally Safe

Score 100/100

Realmagic Portfolio has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "realmagic-portfolio" v1.0.1 plugin exhibits a generally strong security posture, primarily due to the absence of known vulnerabilities and good implementation practices observed in the static analysis. The plugin correctly utilizes prepared statements for all SQL queries, demonstrates a high rate of output escaping (87%), and implements nonce and capability checks on all identified entry points. The complete lack of dangerous functions, file operations, and external HTTP requests further contributes to its secure foundation.

However, a closer look at the taint analysis reveals two flows with unsanitized paths. While these did not escalate to critical or high severity, they represent potential weaknesses that could be exploited if they interact with sensitive operations or user-controlled input in a detrimental way. The vulnerability history being entirely clean is a significant positive indicator, suggesting a well-maintained and likely secure codebase over time. Nevertheless, the presence of unsanitized paths, even if currently benign, warrants attention.

In conclusion, "realmagic-portfolio" v1.0.1 is a plugin with a robust security foundation, marked by the absence of historical vulnerabilities and sound coding practices. The primary area of concern lies in the two identified taint flows with unsanitized paths, which, while not currently rated as severe, represent a latent risk. Addressing these specific flows would further solidify the plugin's security, leading to a near-perfect security profile.

Key Concerns

  • Taint flows with unsanitized paths detected
Vulnerabilities
None known

Realmagic Portfolio Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Realmagic Portfolio Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
86 escaped
Nonce Checks
3
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

87% escaped99 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
load_more_items (includes\class-shortcode.php:345)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Realmagic Portfolio Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_smart_portfolio_load_moreincludes\class-shortcode.php:15
noprivwp_ajax_smart_portfolio_load_moreincludes\class-shortcode.php:16

Shortcodes 1

[smart_portfolio] includes\class-shortcode.php:14
WordPress Hooks 22
actionadmin_menuincludes\class-admin.php:16
actionadmin_initincludes\class-admin.php:17
actionadmin_enqueue_scriptsincludes\class-admin.php:18
actionadmin_footerincludes\class-admin.php:19
actionplugins_loadedincludes\class-elementor.php:52
actionadmin_noticesincludes\class-elementor.php:61
actionadmin_noticesincludes\class-elementor.php:67
actionelementor/widgets/registerincludes\class-elementor.php:72
actionelementor/controls/registerincludes\class-elementor.php:75
actionelementor/frontend/after_enqueue_stylesincludes\class-elementor.php:78
actionelementor/frontend/after_enqueue_scriptsincludes\class-elementor.php:79
actioninitincludes\class-post-type.php:14
actioninitincludes\class-post-type.php:15
actionadd_meta_boxesincludes\class-post-type.php:16
actionsave_postincludes\class-post-type.php:17
actioninitrealmagic-portfolio.php:73
actionwp_enqueue_scriptsrealmagic-portfolio.php:74
actionadmin_enqueue_scriptsrealmagic-portfolio.php:75
filtersingle_templaterealmagic-portfolio.php:76
filterpost_row_actionsrealmagic-portfolio.php:252
actionadmin_action_smart_portfolio_duplicate_postrealmagic-portfolio.php:259
actionwp_enqueue_scriptsrealmagic-portfolio.php:390
Maintenance & Trust

Realmagic Portfolio Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 10, 2025
PHP min version7.2
Downloads789

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Realmagic Portfolio Alternatives

Portfolio Block – The Ultimate Project & Portfolio Builder

Portfolio Block – The Ultimate Project & Portfolio Builder

portfolio-block

A
100

Portfolio Block helps you create and display modern, responsive portfolios with multiple layouts, filters, and full design control.

700 No CVEs
Portfolio Awesome – Responsive WordPress Porfolio Plugin

Portfolio Awesome – Responsive WordPress Porfolio Plugin

portfolio-builder-awesome

A
92

Create Grid Portfolio, Masonry Portfolio, Carousel portfolio, Slider Portfolio and Other stunning portfolio template with this portfolio plugin for Wo …

400 No CVEs
Portfolio X

Portfolio X

portfolio-x

A
100

Portfolio X is a responsive portfolio gallery plugin for project portfolio with unique photo gallery styles, portfolio widgets and project showcase.

200 No CVEs
Portfolio Pro Advance

Portfolio Pro Advance

portfolio-pro-advance

A
100

Advanced portfolio management with multiple layouts and pro features.

0 No CVEs
WPZOOM Portfolio Lite – Filterable Portfolio Plugin

WPZOOM Portfolio Lite – Filterable Portfolio Plugin

wpzoom-portfolio

A
99

Portfolio plugin for WordPress. Create filterable portfolio grids with masonry layouts and lightbox. Ideal for photographers, designers, agencies.

20K 2 CVEs
Developer Profile

Realmagic Portfolio Developer Profile

Vashudev Vishwas

2 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Realmagic Portfolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/realmagic-portfolio/assets/css/smart-portfolio.css/wp-content/plugins/realmagic-portfolio/assets/js/smart-portfolio.js/wp-content/plugins/realmagic-portfolio/assets/js/isotope.pkgd.min.js/wp-content/plugins/realmagic-portfolio/assets/css/slick.css/wp-content/plugins/realmagic-portfolio/assets/js/slick.min.js/wp-content/plugins/realmagic-portfolio/assets/css/owl.carousel.min.css/wp-content/plugins/realmagic-portfolio/assets/js/owl.carousel.min.js/wp-content/plugins/realmagic-portfolio/assets/css/smart-portfolio-admin.css+1 more
Script Paths
/wp-content/plugins/realmagic-portfolio/assets/js/smart-portfolio.js/wp-content/plugins/realmagic-portfolio/assets/js/isotope.pkgd.min.js/wp-content/plugins/realmagic-portfolio/assets/js/slick.min.js/wp-content/plugins/realmagic-portfolio/assets/js/owl.carousel.min.js/wp-content/plugins/realmagic-portfolio/assets/js/smart-portfolio-admin.js
Version Parameters
realmagic-portfolio/assets/css/smart-portfolio.css?ver=realmagic-portfolio/assets/js/smart-portfolio.js?ver=realmagic-portfolio/assets/js/isotope.pkgd.min.js?ver=realmagic-portfolio/assets/css/slick.css?ver=realmagic-portfolio/assets/js/slick.min.js?ver=realmagic-portfolio/assets/css/owl.carousel.min.css?ver=realmagic-portfolio/assets/js/owl.carousel.min.js?ver=realmagic-portfolio/assets/css/smart-portfolio-admin.css?ver=realmagic-portfolio/assets/js/smart-portfolio-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
smart-portfolio-slidersmart-portfolio-carousel
Data Attributes
data-smart-portfolio-id
JS Globals
smartPortfolio
Shortcode Output
[smart_portfoliolayout="isotope"layout="slider"layout="carousel"
FAQ

Frequently Asked Questions about Realmagic Portfolio