Does Sherky Simple Portfolio have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Sherky Simple Portfolio compatible with WordPress 4.2.39?

According to WordPress.org data, Sherky Simple Portfolio 1.2 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is Sherky Simple Portfolio updated?

Sherky Simple Portfolio was last updated on May 15, 2015. Frequent updates are generally a positive security signal.

What is Sherky Simple Portfolio's security score?

Sherky Simple Portfolio has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sherky Simple Portfolio Security & Risk Analysis

wordpress.org/plugins/sherky-simple-portfolio

Creates simple yet elegant responsive portfolio using shortcode into your page. Work samples are displayed using a fancy jquery plugin jportilio.

10 active installs v1.2 PHP + WP 3.0.1+ Updated May 15, 2015

add-portfolioscreate-portfoliosportfolioportfoliosskills

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Sherky Simple Portfolio Safe to Use in 2026?

Generally Safe

Score 85/100

Sherky Simple Portfolio has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The sherky-simple-portfolio plugin v1.2 presents a mixed security posture. On the positive side, it has a very small attack surface with only one entry point (a shortcode) and no known historical vulnerabilities. This suggests a potentially well-maintained codebase. However, the static analysis reveals significant security concerns. The complete lack of output escaping for all identified outputs is a critical flaw, making it highly susceptible to Cross-Site Scripting (XSS) attacks. Additionally, the presence of unsanitized paths in taint analysis, even if not classified as critical or high, indicates potential for file path manipulation vulnerabilities.

While the plugin has no reported CVEs, this does not guarantee its security, especially given the identified code signals. The use of `move_uploaded_file` without associated capability checks or proper sanitization for the destination path is a significant risk. The absence of nonce checks, capability checks, and proper output escaping on the single entry point, the shortcode, creates a substantial risk profile. The plugin's strength lies in its limited attack surface and clean vulnerability history, but this is overshadowed by the critical lack of output escaping and potential path traversal issues.

Key Concerns

0% output escaping
Unsanitized paths in taint analysis
Dangerous function move_uploaded_file
No nonce checks
No capability checks
Taint flow high severity

Vulnerabilities

None known

Sherky Simple Portfolio Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Sherky Simple Portfolio Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Sherky Simple Portfolio Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

move_uploaded_fileif(move_uploaded_file ($_FILES['screenshot']['tmp_name'], $filename)){classes/HelperFunctions.php:187

SQL Query Safety

57% prepared7 total queries

Output Escaping

0% escaped29 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<createportfolio> (forms/createportfolio.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Sherky Simple Portfolio Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[sherkyportfolio] classes/SherkyPortfolioShortcode.php:6

WordPress Hooks 4

actionadmin_menuSherkPortfolio.php:59

actioninitSherkPortfolio.php:97

actionwp_enqueue_scriptsclasses/SherkyPortfolioCssJsScripts.php:16

actionadmin_enqueue_scriptsclasses/SherkyPortfolioCssJsScripts.php:18

Maintenance & Trust

Sherky Simple Portfolio Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedMay 15, 2015

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Sherky Simple Portfolio Alternatives

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

cozy-essential-addons

100

Cozy Essential Addons is the free WordPress plugin for Custom post type and provides basic skeletal for custom post type list.

7K No CVEs

Portfolios

portfolios

Adds a "Portfolio Item" custom post type with associated "Portfolio" and "Porfolio Tag" taxonomies.

700 No CVEs

Gravitation Portfolios

gravitation-portfolios

A Plugin to integrate portfolios

10 No CVEs

CB Portfolio Work For Elementor

cb-portfolio-work

Show your works history as a portfolio on your website by using elementor widget or shortcode [cb-pwork-our-works]

0 No CVEs

WP Show Posts

wp-show-posts

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs

Developer Profile

Sherky Simple Portfolio Developer Profile

SherkSpear

6 plugins · 60 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sherky Simple Portfolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sherky-simple-portfolio/scripts/datetimepicker.js/wp-content/plugins/sherky-simple-portfolio/scripts/js/bootstrap.min.js/wp-content/plugins/sherky-simple-portfolio/scripts/js/jportilio.js/wp-content/plugins/sherky-simple-portfolio/scripts/js/sherkportfolio.js/wp-content/plugins/sherky-simple-portfolio/scripts/css/bootstrap.min.css/wp-content/plugins/sherky-simple-portfolio/scripts/css/jportilio.css/wp-content/plugins/sherky-simple-portfolio/scripts/css/sherkportfolio.css/wp-content/plugins/sherky-simple-portfolio/scripts/css/sherkportfolio-edit.css+1 more

Script Paths

Version Parameters

/wp-content/plugins/sherky-simple-portfolio/scripts/datetimepicker.js?ver=/wp-content/plugins/sherky-simple-portfolio/scripts/js/bootstrap.min.js?ver=/wp-content/plugins/sherky-simple-portfolio/scripts/js/jportilio.js?ver=/wp-content/plugins/sherky-simple-portfolio/scripts/js/sherkportfolio.js?ver=/wp-content/plugins/sherky-simple-portfolio/scripts/css/bootstrap.min.css?ver=/wp-content/plugins/sherky-simple-portfolio/scripts/css/jportilio.css?ver=/wp-content/plugins/sherky-simple-portfolio/scripts/css/sherkportfolio.css?ver=/wp-content/plugins/sherky-simple-portfolio/scripts/css/sherkportfolio-edit.css?ver=/wp-content/plugins/sherky-simple-portfolio/scripts/js/admin-sherkportfolio.js?ver=

HTML / DOM Fingerprints

CSS Classes

container-fluidsherky_portfolio_shortcode

Data Attributes

id="sherky_portfolio_shortcode"

JS Globals

WP_PLUGIN_URL

Shortcode Output

<section class="container-fluid" id="sherky_portfolio_shortcode">

FAQ