WP-Safety

Sight – Professional Image Gallery and Portfolio Security & Risk Analysis

wordpress.org/plugins/sight

Introducing Sight — a fast & simple way to create professional looking portfolios and neatly stunning image and video galleries — all with zero co …

4K active installs v1.1.6 PHP 5.4+ WP 4.0+ Updated Dec 3, 2025
galleryimageportfolioprojectsresponsive
99
A · Safe
CVEs total1
Unpatched0
Last CVESep 25, 2024
Download
Safety Verdict

Is Sight – Professional Image Gallery and Portfolio Safe to Use in 2026?

Generally Safe

Score 99/100

Sight – Professional Image Gallery and Portfolio has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 25, 2024Updated 4mo ago
Risk Assessment

The "sight" plugin v1.1.7 exhibits a generally strong security posture based on the static analysis. The code demonstrates excellent adherence to secure coding practices, with 100% of SQL queries using prepared statements and 99% of output being properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further mitigates common attack vectors. Crucially, all identified entry points, including AJAX handlers and REST API routes, appear to have proper authorization and capability checks, which is a significant strength.

However, the plugin's vulnerability history reveals a single medium-severity CVE, which was a "Missing Authorization" vulnerability, last patched on 2024-09-25. While this vulnerability is currently patched, its existence suggests that authorization checks, despite appearing robust in the current static analysis, have been a past area of concern. This past issue, even though resolved, warrants continued vigilance. The lack of any critical or high-severity issues in the past, combined with the current clean static analysis, suggests that the developers are responsive to security. The overall risk is considered moderate due to the historical medium vulnerability, but the current implementation shows significant improvements.

Key Concerns

  • Previous medium severity CVE (Missing Authorization)
Vulnerabilities
1

Sight – Professional Image Gallery and Portfolio Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-9025medium · 5.3Missing Authorization

Sight – Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handler_post_title

Sep 25, 2024 Patched in 1.1.3 (1d)
Code Analysis
Analyzed Mar 16, 2026

Sight – Professional Image Gallery and Portfolio Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
1
95 escaped
Nonce Checks
4
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

99% escaped96 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
handler_post_title (elementor\helper.php:74)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Sight – Professional Image Gallery and Portfolio Attack Surface

Entry Points9
Unprotected0

AJAX Handlers 8

authwp_ajax_handler_custom_postselementor\helper.php:21
noprivwp_ajax_handler_custom_postselementor\helper.php:22
authwp_ajax_handler_post_titleelementor\helper.php:23
noprivwp_ajax_handler_post_titleelementor\helper.php:24
authwp_ajax_sight_render_thumbnailgutenberg\block-portfolio.php:21
noprivwp_ajax_sight_render_thumbnailgutenberg\block-portfolio.php:22
authwp_ajax_sight_portfolio_ajax_load_morerender\sight-load-more.php:277
noprivwp_ajax_sight_portfolio_ajax_load_morerender\sight-load-more.php:278

REST API Routes 1

GET/wp-json/sight/v1/portfolio-more-postsrender\sight-load-more.php:303
WordPress Hooks 25
actionrest_api_initcore\block-renderer-controller.php:178
actionsight_plugin_activationcore\class-sight.php:89
actionplugins_loadedcore\class-sight.php:90
actioninitcore\class-sight.php:91
actionsight-categories_add_form_fieldscore\core-register-category-fields.php:20
actionsight-categories_edit_form_fieldscore\core-register-category-fields.php:21
actioncreated_sight-categoriescore\core-register-category-fields.php:22
actionedited_sight-categoriescore\core-register-category-fields.php:23
actionadmin_enqueue_scriptscore\core-register-category-fields.php:24
actioninitcore\core-register-post-types.php:49
actioninitcore\core-register-post-types.php:92
actioninitcore\core-video-settings.php:19
actionenqueue_block_editor_assetscore\core-video-settings.php:20
actionelementor/controls/controls_registeredelementor\integration.php:75
actionelementor/widgets/widgets_registeredelementor\integration.php:76
actionsight/widget/fields/general/afterelementor\widget-portfolio.php:1023
actioninitgutenberg\block-portfolio.php:20
actionpre_get_postsrender\sight-load-more.php:113
filterfound_postsrender\sight-load-more.php:132
actionrest_api_initrender\sight-load-more.php:315
actionadmin_enqueue_scriptsrender\sight-render.php:20
actionwp_enqueue_scriptsrender\sight-render.php:21
filterpowerkit_pinit_exclude_selectorsrender\sight-render.php:22
filterpowerkit_lightbox_exclude_selectorsrender\sight-render.php:23
filterpk_toc_excluderender\sight-render.php:24
Maintenance & Trust

Sight – Professional Image Gallery and Portfolio Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version5.4
Downloads55K

Community Trust

Rating0/100
Number of ratings0
Active installs4K
Alternatives

Sight – Professional Image Gallery and Portfolio Alternatives

WPZOOM Portfolio Lite – Filterable Portfolio Plugin

WPZOOM Portfolio Lite – Filterable Portfolio Plugin

wpzoom-portfolio

A
99

Portfolio plugin for WordPress. Create filterable portfolio grids with masonry layouts and lightbox. Ideal for photographers, designers, agencies.

20K 2 CVEs
PowerFolio – Portfolio & Image Gallery for Elementor

PowerFolio – Portfolio & Image Gallery for Elementor

portfolio-elementor

A
96

A powerful portfolio and gallery plugin for WP, Elementor and Gutenberg. Create portfolio and image galleries in seconds using any page builder!

10K 4 CVEs
Filter Gallery

Filter Gallery

filter-gallery

A
100

Build a responsive filter gallery for your portfolio. Organize images with filters in a stunning grid or masonry layout easily.

3K 1 CVE
Photo Gallery for Images

Photo Gallery for Images

new-photo-gallery

A
98

Display photos in responsive grid and lightbox layouts. Build image galleries, portfolios, and video galleries.

2K 1 CVE
Grid Gallery for Images

Grid Gallery for Images

new-grid-gallery

A
98

Create responsive grid galleries with hover effects and smooth animations. Easy shortcode integration for pages and posts.

1K 2 CVEs
Developer Profile

Sight – Professional Image Gallery and Portfolio Developer Profile

codesupplyco

5 plugins · 111K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
1041 days
View full developer profile
Detection Fingerprints

How We Detect Sight – Professional Image Gallery and Portfolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sight/assets/css/sight-admin.css/wp-content/plugins/sight/assets/js/sight-admin.js
Script Paths
/wp-content/plugins/sight/assets/js/sight-admin.js
Version Parameters
sight/assets/css/sight-admin.css?ver=sight/assets/js/sight-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
sight-featured-imagesight-uploaded-imagesight-uploaded-img-idsight-upload-img-linksight-delete-img-link
Data Attributes
data-frame-titledata-frame-btn-text
JS Globals
portfolioFeaturedContainerportfolioFeaturedFrame
FAQ

Frequently Asked Questions about Sight – Professional Image Gallery and Portfolio