[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fe4841kuWa-W4Bkcr4x5fyF9X0_Pmymiy90yhYB99EJE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":107,"crawl_stats":37,"alternatives":113,"analysis":203,"fingerprints":669},"themify-portfolio-post","Themify Portfolio Post","1.3.1","themifyme","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemifyme\u002F","\u003Cp>Themify Portfolio Posts is a simple plugin that allows you to showcase your projects info in a clean layout. Minimal and sleek, you can click on each image of your gallery portfolio and opt to show further details such as the project type, client name, and commission date – or edit each heading and name your own.\u003C\u002Fp>\n\u003Cp>Themify Portfolio Post plugin is compatible with any theme and users can install it on their WordPress admin dashboard like all other plugins.\u003C\u002Fp>\n","Add a simple Portfolio post type to your site.",30000,666543,100,1,"2025-12-05T01:54:00.000Z","6.9.0","5.2","7.2",[20,21,22,23],"portfolio","post","post-type","showcase","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthemify-portfolio-post.1.3.1.zip",95,6,0,"2025-12-15 00:00:00","2026-03-15T15:16:48.613Z",[32,47,61,72,83,96],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-67533","themify-portfolio-post-authenticated-author-stored-cross-site-scripting","Themify Portfolio Post \u003C= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting","The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.3.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-12-19 17:00:12",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7eb0b413-d165-4b4f-9eda-49df664f0473?source=api-prod",5,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":37,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":42,"published_date":56,"updated_date":57,"references":58,"days_to_patch":60},"CVE-2022-32970","themify-portfolio-post-authenticated-editor-stored-cross-site-scripting","Themify Portfolio Post \u003C= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting","The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.2.4","1.2.5",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-04-18 00:00:00","2024-01-22 19:56:02",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0f3c3629-b7a9-4f83-a821-64119ed662ce?source=api-prod",280,{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":37,"affected_versions":66,"patched_in_version":67,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":68,"updated_date":57,"references":69,"days_to_patch":71},"CVE-2023-0362","themify-portfolio-post-authenticated-contributor-stored-cross-site-scripting-via-shortcode-2","Themify Portfolio Post \u003C= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page","\u003C=1.2.1","1.2.2","2023-01-19 00:00:00",[70],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd3bb5bb0-2c70-4416-8ee1-97aba100cc1d?source=api-prod",369,{"id":73,"url_slug":74,"title":75,"description":76,"plugin_slug":4,"theme_slug":37,"affected_versions":77,"patched_in_version":78,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":79,"updated_date":57,"references":80,"days_to_patch":82},"CVE-2022-4464","themify-portfolio-post-authenticated-contributor-stored-cross-site-scripting-via-shortcode","Themify Portfolio Post \u003C= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The Themify Portfolio Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page","\u003C=1.2.0","1.2.1","2022-12-23 00:00:00",[81],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa67df40b-7179-47a7-9cde-1c512ecc2253?source=api-prod",396,{"id":84,"url_slug":85,"title":86,"description":87,"plugin_slug":4,"theme_slug":37,"affected_versions":88,"patched_in_version":89,"severity":39,"cvss_score":90,"cvss_vector":91,"vuln_type":42,"published_date":92,"updated_date":57,"references":93,"days_to_patch":95},"CVE-2022-0200","themify-portfolio-post-reflected-cross-site-scripting","Themify Portfolio Post \u003C= 1.1.6 - Reflected Cross-Site Scripting","Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting","\u003C=1.1.6","1.1.7",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2022-01-14 00:00:00",[94],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdf9b0578-d5fb-459b-b857-d907e4ca22b4?source=api-prod",739,{"id":97,"url_slug":98,"title":99,"description":100,"plugin_slug":4,"theme_slug":37,"affected_versions":101,"patched_in_version":102,"severity":39,"cvss_score":90,"cvss_vector":91,"vuln_type":42,"published_date":103,"updated_date":57,"references":104,"days_to_patch":106},"CVE-2021-24129","themify-portfolio-post-authenticated-stored-cross-site-scripting","Themify Portfolio Post \u003C= 1.1.5 - Authenticated Stored Cross-Site Scripting","Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.","\u003C=1.1.5","1.1.6","2020-12-04 00:00:00",[105],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F71d916aa-5382-495b-8142-80de0a0912e7?source=api-prod",1145,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":108,"total_installs":109,"avg_security_score":26,"avg_patch_time_days":110,"trust_score":111,"computed_at":112},10,139500,145,76,"2026-04-04T02:43:21.119Z",[114,133,149,170,185],{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":24,"tags":129,"homepage":130,"download_link":131,"security_score":132,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"portfolio-post-type","Portfolio Post Type","1.0.1","Devin Price","https:\u002F\u002Fprofiles.wordpress.org\u002Fdownstairsdev\u002F","\u003Cp>This plugin registers a custom post type for portfolio items.  It also registers separate portfolio taxonomies for tags and categories.  If featured images are selected, they will be displayed in the column view.\u003C\u002Fp>\n\u003Cp>This plugin doesn’t change how portfolio items are displayed in your theme.  You’ll need to add templates for archive-portfolio.php and single-portfolio.php if you want to customize the display of portfolio items.\u003C\u002Fp>\n","This plugin registers a custom post type for portfolio items.  It also registers separate portfolio taxonomies for tags and categories.",50000,878190,94,14,"2020-08-29T18:37:00.000Z","5.5.18","3.8",[20,22],"https:\u002F\u002Fwptheming.com\u002Fportfolio-post-type\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fportfolio-post-type.1.0.1.zip",85,{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":13,"num_ratings":14,"last_updated":143,"tested_up_to":144,"requires_at_least":145,"requires_php":24,"tags":146,"homepage":24,"download_link":148,"security_score":132,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"portfolio-toolkit","Portfolio Toolkit","0.1.8","Dmitry Mayorov","https:\u002F\u002Fprofiles.wordpress.org\u002Fiamdmitrymayorov\u002F","\u003Cp>Portfolio Toolkit adds ‘portfolio’ post type with two taxonomies (Category and Tag). It also adds custom metabox with three fields: ‘Client’, ‘Date’ and ‘URL’.\u003Cbr \u002F>\nCheck out \u003Ca href=\"http:\u002F\u002Fdmitrymayorov.com\u002F2015\u002F06\u002F16\u002Fintroducing-portfolio-toolkit\u002F\" rel=\"nofollow ugc\">my website\u003C\u002Fa> for more info about the plugin.\u003C\u002Fp>\n\u003Ch3>0.1.8\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed: Make portfolio taxonomies appear in the editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.1.7\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added: Set ‘show_in_rest’ key to true so Gutenberg is enabled by default\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.1.6\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added: Compatibility with WordPress 5.0\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.1.5\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed: Minor Codesniffer warnings\u003C\u002Fli>\n\u003Cli>Changed: Portfolio taxonomy labels\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.1.4\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed: Minor Codesniffer warnings\u003C\u002Fli>\n\u003Cli>Added: Compatibility with WordPress 4.5\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.1.3\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed: Minor improvements and bug fixes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.1.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added: Compatibility with WordPress 4.3\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.1.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed: Minor codesniffer warnings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>0.1.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Initial Release\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds portfolio functionality to your WordPress website.",600,19433,"2020-03-31T14:39:00.000Z","5.4.19","4.1",[147,20,22],"cpt","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fportfolio-toolkit.0.1.8.zip",{"slug":150,"name":151,"version":152,"author":153,"author_profile":154,"description":155,"short_description":156,"active_installs":157,"downloaded":158,"rating":13,"num_ratings":159,"last_updated":160,"tested_up_to":161,"requires_at_least":162,"requires_php":24,"tags":163,"homepage":168,"download_link":169,"security_score":132,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"zillaportfolio","Zilla Portfolio","1.0","marksouthard","https:\u002F\u002Fprofiles.wordpress.org\u002Fmbsatunc\u002F","\u003Cp>This plugin adds the portfolio custom post type to your WordPress blog. By default, the plugin will append portfolio meta information (client, date, and project URL) to the portfolio post. It will prepend media elements (gallery, audio and video media) to portfolio posts.\u003C\u002Fp>\n\u003Ch3>Creating Themes for this Plugin\u003C\u002Fh3>\n\u003Cp>There are several handy bits that you can use within your theme:\u003Cbr \u002F>\n1. By default, the portfolio posts are displayed in the portfolio archive. However, you may want to create a custom page template that will display your portfolio posts. As such, you’ll need to disable the archives. In your theme’s function file, use the following code: \u003Ccode>\u003C?php if( !defined('TZP_DISABLE_ARCHIVE') ) define('TZP_DISABLE_ARCHIVE', TRUE); ?>\u003C\u002Fcode>\u003Cbr \u002F>\nThis will enable child themes to enable the portfolio archives if desired.\u003Cbr \u002F>\n2. Set custom slugs for ‘portfolio’ and ‘portfolio-type’ by defining constants for: \u003Ccode>TZP_SLUG\u003C\u002Fcode> and \u003Ccode>TZP_TAX_SLUG\u003C\u002Fcode>. After defining the constants, save the Permalink Settings. Also, define the constants as above to allow a child theme to customize the slugs.\u003Cbr \u002F>\n3. There are several actions and filters available for adding additional custom fields to the existings metaboxes. Have a look through metaboxes.php to see how these all play together.\u003Cbr \u002F>\n4. To prevent the media and meta from being added to the_content(), remove these filters: \u003Ccode>tzp_add_portfolio_post_media\u003C\u002Fcode> and \u003Ccode>tzp_add_portfolio_post_meta\u003C\u002Fcode>\u003Cbr \u002F>\n5. To update the image size used for galleries add a filter to ‘tzp_set_gallery_image_size’. Pass the string name or an array of the image size to be used.\u003C\u002Fp>\n\u003Ch3>Complete List of Constants and Actions\u002FFilters\u003C\u002Fh3>\n\u003Cp>\u003Cem>Constants\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>TZP_DISABLE_CSS\u003C\u002Fcode> set to true to prevent plugin from loading basic CSS\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_PORTFOLIO_ORDER\u003C\u002Fcode> default is ‘ASC’\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_PORTFOLIO_ORDERBY\u003C\u002Fcode> default is ‘menu_order’\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_DISABLE_ARCHIVE\u003C\u002Fcode> default is false\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_SLUG\u003C\u002Fcode> default is ‘portfolio’\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_DISABLE_REWRITE\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_TAX_SLUG\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>TZP_DISABLE_MEDIAELEMENT_STYLE\u003C\u002Fcode> prevent the plugin from loading the default mediaelement stylesheet\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Actions\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tzp_portfolio_settings_meta_box_fields\u003C\u002Fcode> add meta fields to the settings section\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_gallery_meta_box_fields\u003C\u002Fcode> add meta fields to the gallery section\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_audio_meta_box_fields\u003C\u002Fcode> add meta fields to the audio section\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_video_meta_box_fields\u003C\u002Fcode> add meta fields to the video section\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Actions added in plugin that you may want to remove\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tzp_add_custom_css\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolios_display_order\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Filters\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tzp_metabox_fields_save\u003C\u002Fcode> add fields to be saved (use url, html, checkbox, or images for sanitization)\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_gallery_classes\u003C\u002Fcode> class added to gallery; default is tzp-portfolio-gallery\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_set_gallery_image_size\u003C\u002Fcode> default image size is ‘full’\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_labels\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_supports\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_post_type_args\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_type_labels\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_portfolio_type_args\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Filters applied in plugin that you may want to remove\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tzp_add_portfolio_post_media\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tzp_add_portfolio_post_meta\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n","A complete portfolio plugin for creative folks",400,13543,2,"2016-03-31T15:27:00.000Z","4.5.33","3.5",[164,165,20,166,167],"custom-post-type","custom-taxonomy","theme-zilla","themezilla","http:\u002F\u002Fthemezilla.com\u002Fplugins\u002Fzilla-portfolio","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzillaportfolio.zip",{"slug":171,"name":172,"version":173,"author":174,"author_profile":175,"description":176,"short_description":177,"active_installs":178,"downloaded":179,"rating":28,"num_ratings":28,"last_updated":180,"tested_up_to":161,"requires_at_least":181,"requires_php":24,"tags":182,"homepage":183,"download_link":184,"security_score":132,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"m4wp-portfolio","M4WP Portfolio","1.0.2","Bobby Gunawan","https:\u002F\u002Fprofiles.wordpress.org\u002Fhelloguna1\u002F","\u003Cp>A plugin which adds portfolio custom post type for WordPress themes \u003Ca href=\"https:\u002F\u002Fmade4wp.com\" rel=\"nofollow ugc\">by Made4WP\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin adds a custom post type “portfolio” and other portfolio related backend features like taxonomies and meta boxes.\u003C\u002Fp>\n\u003Cp>This plugin DOES NOT add any front end display. You will need to add\u002Fedit your own “single-portfolio.php”, “archive-portfolio.php” or make a custom query for the post type “portfolio” to display the portfolio items.\u003C\u002Fp>\n\u003Cp>Although this plugin is meant to be used with Made4WP themes, please feel free to use it for your own themes as well.\u003C\u002Fp>\n\u003Cp>** UPDATE NOTICE **\u003Cbr \u002F>\nThe taxonomy “type” has been changed to “category”. If you had any portfolio items using the type taxonomy, you will need to recreate and switch them to use categories instead.\u003C\u002Fp>\n","A Made4WP plugin. This plugin adds the custom post type \"Portfolio\" and it's related features such as taxonomies or meta boxes.",300,14674,"2016-04-13T04:25:00.000Z","4.3.0",[164,20,22],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fm4wp-portfolio\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fm4wp-portfolio.zip",{"slug":186,"name":187,"version":188,"author":189,"author_profile":190,"description":191,"short_description":192,"active_installs":178,"downloaded":193,"rating":28,"num_ratings":28,"last_updated":194,"tested_up_to":195,"requires_at_least":196,"requires_php":17,"tags":197,"homepage":201,"download_link":202,"security_score":132,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"portfolio-cpt","Portfolio CPT","1.0.0","DannyCooper","https:\u002F\u002Fprofiles.wordpress.org\u002Fdannycooper\u002F","\u003Cp>Enables a \u003Cstrong>Portfolio\u003C\u002Fstrong> post type and \u003Cstrong>Portfolio Tags\u003C\u002Fstrong> taxonomy.\u003C\u002Fp>\n\u003Cp>The plugin adds a Portfolio tab to your admin menu, which allows you to add Items just as you would regular posts. This allows you to keep your work even if you change theme.\u003C\u002Fp>\n\u003Ch4>Bugs\u003C\u002Fh4>\n\u003Cp>If you find an issue, let us know \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fportfolio-cpt\" rel=\"ugc\">here\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>Contributions\u003C\u002Fh4>\n\u003Cp>Anyone is welcome to contribute to the Knowledge Base CPT plugin.\u003C\u002Fp>\n\u003Cp>There are various ways you can contribute:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Raise an \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fportfolio-cpt\" rel=\"ugc\">Issue\u003C\u002Fa> on GitHub\u003C\u002Fli>\n\u003Cli>Translate the Knowledge Base CPT plugin into \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fportfolio-cpt\" rel=\"nofollow ugc\">different languages\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Enables a 'Portfolio' type and 'Portfolio Tags' taxonomy.",5017,"2018-08-30T17:50:00.000Z","4.9.29","4.0",[198,164,199,20,200],"art-portfolio","photography-portfolio","projects","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fportfolio-cpt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fportfolio-cpt.zip",{"attackSurface":204,"codeSignals":403,"taintFlows":545,"riskAssessment":657,"analyzedAt":668},{"hooks":205,"ajaxHandlers":372,"restRoutes":395,"shortcodes":396,"cronEvents":401,"entryPointCount":402,"unprotectedCount":159},[206,212,215,219,223,226,230,234,238,241,244,247,251,253,257,262,266,270,274,277,281,284,289,292,294,297,300,304,309,313,316,320,324,328,332,335,338,340,342,345,348,352,354,356,360,363,366,370],{"type":207,"name":208,"callback":209,"file":210,"line":211},"action","admin_init","manage_and_filter","includes\\admin.php",11,{"type":213,"name":214,"callback":214,"priority":108,"file":210,"line":125},"filter","attachment_fields_to_edit",{"type":207,"name":216,"callback":217,"priority":108,"file":210,"line":218},"edit_attachment","attachment_fields_to_save",15,{"type":207,"name":220,"callback":221,"file":210,"line":222},"init","setup_portfolio_metabox",22,{"type":213,"name":224,"callback":224,"file":210,"line":225},"themify_do_metaboxes",30,{"type":207,"name":227,"callback":228,"file":210,"line":229},"load-edit.php","filter_load",57,{"type":213,"name":231,"callback":232,"priority":108,"file":210,"line":233},"post_row_actions","remove_quick_edit",58,{"type":207,"name":235,"callback":236,"file":210,"line":237},"restrict_manage_posts","get_select",67,{"type":207,"name":220,"callback":220,"file":239,"line":240},"includes\\system.php",19,{"type":213,"name":242,"callback":242,"priority":108,"file":239,"line":243},"plugin_row_meta",20,{"type":213,"name":245,"callback":246,"file":239,"line":222},"builder_is_portfolio_active","__return_true",{"type":207,"name":248,"callback":249,"priority":13,"file":239,"line":250},"after_setup_theme","admin",23,{"type":207,"name":248,"callback":252,"priority":218,"file":239,"line":225},"load_dependencies",{"type":213,"name":254,"callback":255,"file":239,"line":256},"the_content","default_template",31,{"type":213,"name":258,"callback":259,"priority":108,"file":260,"line":261},"image_resize_dimensions","themify_img_resize_dimensions","includes\\themify\\img.php",109,{"type":213,"name":263,"callback":264,"file":265,"line":225},"themify_metaboxes","themify_metabox_example_meta_box","includes\\themify-metabox\\example-functions.php",{"type":213,"name":267,"callback":268,"priority":108,"file":265,"line":269},"themify_metabox\u002Ffields\u002Ftm-example","themify_metabox_example_meta_box_fields",229,{"type":213,"name":271,"callback":272,"file":265,"line":273},"themify_metabox\u002Fuser\u002Ffields","themify_metabox_example_user_fields",259,{"type":213,"name":275,"callback":276,"priority":108,"file":265,"line":60},"themify_metabox\u002Ftaxonomy\u002Fcategory\u002Ffields","themify_metabox_example_category_fields",{"type":207,"name":220,"callback":278,"priority":13,"file":279,"line":280},"hooks","includes\\themify-metabox\\includes\\themify-metabox-core.php",17,{"type":207,"name":282,"callback":282,"file":279,"line":283},"admin_menu",27,{"type":207,"name":285,"callback":286,"priority":287,"file":279,"line":288},"pre_post_update","save_postdata",101,28,{"type":207,"name":290,"callback":286,"priority":287,"file":279,"line":291},"save_post",29,{"type":207,"name":293,"callback":293,"priority":211,"file":279,"line":225},"admin_enqueue_scripts",{"type":213,"name":295,"callback":296,"priority":108,"file":279,"line":256},"is_protected_meta","protected_meta",{"type":207,"name":208,"callback":298,"priority":108,"file":279,"line":299},"themify_export_colors",35,{"type":213,"name":290,"callback":301,"priority":302,"file":279,"line":303},"page_options_updated",102,40,{"type":207,"name":305,"callback":306,"priority":307,"file":279,"line":308},"add_meta_boxes","remove_extra_meta_boxes",99,44,{"type":207,"name":310,"callback":311,"priority":307,"file":279,"line":312},"admin_head","remove_help",45,{"type":207,"name":293,"callback":314,"priority":13,"file":279,"line":315},"dequeue_scripts",46,{"type":207,"name":317,"callback":318,"priority":108,"file":279,"line":319},"template_redirect","page_options_init",50,{"type":207,"name":321,"callback":322,"priority":108,"file":279,"line":323},"wp_before_admin_bar_render","add_meta_options_menu",697,{"type":207,"name":325,"callback":326,"priority":108,"file":279,"line":327},"wp_enqueue_scripts","page_options_enqueue",698,{"type":213,"name":329,"callback":330,"file":279,"line":331},"use_block_editor_for_post","__return_false",728,{"type":213,"name":333,"callback":330,"file":279,"line":334},"screen_options_show_screen",730,{"type":207,"name":220,"callback":336,"priority":108,"file":279,"line":337},"get_instance",772,{"type":207,"name":220,"callback":220,"priority":13,"file":339,"line":222},"includes\\themify-metabox\\includes\\themify-term-fields.php",{"type":207,"name":293,"callback":341,"file":339,"line":250},"enqueue",{"type":207,"name":343,"callback":344,"priority":108,"file":339,"line":299},"created_term","save_fields",{"type":207,"name":346,"callback":344,"priority":108,"file":339,"line":347},"edited_term",36,{"type":207,"name":349,"callback":350,"file":351,"line":222},"show_user_profile","user_fields","includes\\themify-metabox\\includes\\themify-user-fields.php",{"type":207,"name":353,"callback":350,"file":351,"line":250},"edit_user_profile",{"type":207,"name":293,"callback":341,"file":351,"line":355},24,{"type":207,"name":357,"callback":358,"file":351,"line":359},"personal_options_update","save_user_field",25,{"type":207,"name":361,"callback":358,"file":351,"line":362},"edit_user_profile_update",26,{"type":207,"name":248,"callback":364,"priority":243,"file":365,"line":299},"themify_metabox_bootstrap","includes\\themify-metabox\\themify-metabox.php",{"type":207,"name":248,"callback":367,"priority":125,"file":368,"line":369},"themify_portfolio_post_setup","themify-portfolio-post.php",60,{"type":207,"name":220,"callback":371,"priority":13,"file":368,"line":237},"flush_rewrite_rules",[373,379,383,386,389,392],{"action":374,"nopriv":375,"callback":374,"hasNonce":376,"hasCapCheck":376,"file":377,"line":378},"themify_metabox_media_lib_browse",false,true,"includes\\themify-metabox\\includes\\themify-field-types.php",8,{"action":380,"nopriv":375,"callback":381,"hasNonce":376,"hasCapCheck":376,"file":377,"line":382},"themify_plupload","themify_wp_ajax_plupload_image",9,{"action":384,"nopriv":375,"callback":385,"hasNonce":375,"hasCapCheck":375,"file":377,"line":108},"themify_create_inner_popup_page","themify_ajax_create_inner_page",{"action":387,"nopriv":375,"callback":388,"hasNonce":375,"hasCapCheck":375,"file":377,"line":211},"themify_create_popup_page_pagination","themify_ajax_create_page_pagination",{"action":390,"nopriv":375,"callback":390,"hasNonce":376,"hasCapCheck":375,"file":279,"line":391},"themify_import_colors",33,{"action":393,"nopriv":375,"callback":393,"hasNonce":376,"hasCapCheck":375,"file":279,"line":394},"themify_save_colors",34,[],[397],{"tag":398,"callback":399,"file":239,"line":400},"themify_portfolio_posts","shortcode",49,[],7,{"dangerousFunctions":404,"sqlUsage":412,"outputEscaping":414,"fileOperations":28,"externalRequests":28,"nonceChecks":46,"capabilityChecks":402,"bundledLibraries":544},[405,409],{"fn":406,"file":279,"line":407,"context":408},"unserialize",562,"$new_data = unserialize( $fileContent , ['allowed_classes' => false] );",{"fn":406,"file":279,"line":410,"context":411},572,"$currentSwatches = unserialize( get_option( 'themify_saved_' . $type, serialize( array() ) ) );",{"prepared":159,"raw":28,"locations":413},[],{"escaped":415,"rawEcho":416,"locations":417},265,64,[418,420,422,423,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,455,457,459,461,463,465,467,469,471,473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,529,530,532,535,538,539,541,542],{"file":210,"line":124,"context":419},"raw output",{"file":377,"line":421,"context":419},32,{"file":377,"line":124,"context":419},{"file":377,"line":424,"context":419},117,{"file":377,"line":426,"context":419},144,{"file":377,"line":428,"context":419},167,{"file":377,"line":430,"context":419},194,{"file":377,"line":432,"context":419},243,{"file":377,"line":434,"context":419},274,{"file":377,"line":436,"context":419},326,{"file":377,"line":438,"context":419},419,{"file":377,"line":440,"context":419},461,{"file":377,"line":442,"context":419},499,{"file":377,"line":444,"context":419},528,{"file":377,"line":446,"context":419},560,{"file":377,"line":448,"context":419},599,{"file":377,"line":450,"context":419},632,{"file":377,"line":452,"context":419},660,{"file":377,"line":454,"context":419},700,{"file":377,"line":456,"context":419},720,{"file":377,"line":458,"context":419},740,{"file":377,"line":460,"context":419},804,{"file":377,"line":462,"context":419},1084,{"file":377,"line":464,"context":419},1153,{"file":377,"line":466,"context":419},1157,{"file":377,"line":468,"context":419},1200,{"file":377,"line":470,"context":419},1201,{"file":377,"line":472,"context":419},1221,{"file":377,"line":474,"context":419},1241,{"file":377,"line":476,"context":419},1286,{"file":377,"line":478,"context":419},1312,{"file":377,"line":480,"context":419},1362,{"file":377,"line":482,"context":419},1365,{"file":377,"line":484,"context":419},1383,{"file":377,"line":486,"context":419},1444,{"file":377,"line":488,"context":419},1463,{"file":377,"line":490,"context":419},1466,{"file":377,"line":492,"context":419},1507,{"file":377,"line":494,"context":419},1510,{"file":377,"line":496,"context":419},1571,{"file":377,"line":498,"context":419},1586,{"file":279,"line":500,"context":419},258,{"file":279,"line":502,"context":419},269,{"file":279,"line":504,"context":419},335,{"file":279,"line":506,"context":419},344,{"file":279,"line":508,"context":419},346,{"file":279,"line":510,"context":419},379,{"file":279,"line":512,"context":419},385,{"file":279,"line":514,"context":419},387,{"file":279,"line":516,"context":419},679,{"file":339,"line":518,"context":419},70,{"file":339,"line":520,"context":419},71,{"file":339,"line":522,"context":419},127,{"file":339,"line":524,"context":419},129,{"file":351,"line":526,"context":419},55,{"file":351,"line":528,"context":419},56,{"file":351,"line":233,"context":419},{"file":351,"line":531,"context":419},89,{"file":533,"line":534,"context":419},"templates\\default.php",38,{"file":536,"line":537,"context":419},"templates\\shortcode.php",18,{"file":536,"line":225,"context":419},{"file":536,"line":540,"context":419},43,{"file":536,"line":528,"context":419},{"file":536,"line":543,"context":419},81,[],[546,562,572,581,590,600,615,626,641],{"entryPoint":547,"graph":548,"unsanitizedCount":14,"severity":39},"get_select (includes\\admin.php:83)",{"nodes":549,"edges":560},[550,555],{"id":551,"type":552,"label":553,"file":210,"line":554},"n0","source","$_GET",90,{"id":556,"type":557,"label":558,"file":210,"line":124,"wp_function":559},"n1","sink","echo() [XSS]","echo",[561],{"from":551,"to":556,"sanitized":375},{"entryPoint":563,"graph":564,"unsanitizedCount":14,"severity":39},"themify_ajax_create_page_pagination (includes\\themify-metabox\\includes\\themify-field-types.php:737)",{"nodes":565,"edges":570},[566,569],{"id":551,"type":552,"label":567,"file":377,"line":568},"$_POST",738,{"id":556,"type":557,"label":558,"file":377,"line":458,"wp_function":559},[571],{"from":551,"to":556,"sanitized":375},{"entryPoint":573,"graph":574,"unsanitizedCount":14,"severity":39},"themify_ajax_create_inner_page (includes\\themify-metabox\\includes\\themify-field-types.php:797)",{"nodes":575,"edges":579},[576,578],{"id":551,"type":552,"label":567,"file":377,"line":577},803,{"id":556,"type":557,"label":558,"file":377,"line":460,"wp_function":559},[580],{"from":551,"to":556,"sanitized":375},{"entryPoint":582,"graph":583,"unsanitizedCount":14,"severity":589},"\u003Cadmin> (includes\\admin.php:0)",{"nodes":584,"edges":587},[585,586],{"id":551,"type":552,"label":553,"file":210,"line":554},{"id":556,"type":557,"label":558,"file":210,"line":124,"wp_function":559},[588],{"from":551,"to":556,"sanitized":375},"low",{"entryPoint":591,"graph":592,"unsanitizedCount":28,"severity":589},"themify_wp_ajax_plupload_image (includes\\themify-metabox\\includes\\themify-field-types.php:1224)",{"nodes":593,"edges":598},[594,597],{"id":551,"type":552,"label":595,"file":377,"line":596},"$_FILES (x2)",1237,{"id":556,"type":557,"label":558,"file":377,"line":474,"wp_function":559},[599],{"from":551,"to":556,"sanitized":376},{"entryPoint":601,"graph":602,"unsanitizedCount":28,"severity":589},"\u003Cthemify-field-types> (includes\\themify-metabox\\includes\\themify-field-types.php:0)",{"nodes":603,"edges":612},[604,606,607,610],{"id":551,"type":552,"label":605,"file":377,"line":568},"$_POST (x3)",{"id":556,"type":557,"label":558,"file":377,"line":458,"wp_function":559},{"id":608,"type":552,"label":609,"file":377,"line":596},"n2","$_FILES (x3)",{"id":611,"type":557,"label":558,"file":377,"line":474,"wp_function":559},"n3",[613,614],{"from":551,"to":556,"sanitized":376},{"from":608,"to":611,"sanitized":376},{"entryPoint":616,"graph":617,"unsanitizedCount":28,"severity":589},"themify_import_colors (includes\\themify-metabox\\includes\\themify-metabox-core.php:556)",{"nodes":618,"edges":624},[619,622],{"id":551,"type":552,"label":620,"file":279,"line":621},"$_FILES",561,{"id":556,"type":557,"label":623,"file":279,"line":407,"wp_function":406},"unserialize() [Object Injection]",[625],{"from":551,"to":556,"sanitized":376},{"entryPoint":627,"graph":628,"unsanitizedCount":28,"severity":589},"themify_export_colors (includes\\themify-metabox\\includes\\themify-metabox-core.php:663)",{"nodes":629,"edges":638},[630,632,636,637],{"id":551,"type":552,"label":553,"file":279,"line":631},668,{"id":556,"type":557,"label":633,"file":279,"line":634,"wp_function":635},"header() [Header Injection]",675,"header",{"id":608,"type":552,"label":553,"file":279,"line":631},{"id":611,"type":557,"label":558,"file":279,"line":516,"wp_function":559},[639,640],{"from":551,"to":556,"sanitized":376},{"from":608,"to":611,"sanitized":376},{"entryPoint":642,"graph":643,"unsanitizedCount":28,"severity":589},"\u003Cthemify-metabox-core> (includes\\themify-metabox\\includes\\themify-metabox-core.php:0)",{"nodes":644,"edges":653},[645,646,647,648,649,651],{"id":551,"type":552,"label":620,"file":279,"line":621},{"id":556,"type":557,"label":623,"file":279,"line":407,"wp_function":406},{"id":608,"type":552,"label":553,"file":279,"line":631},{"id":611,"type":557,"label":633,"file":279,"line":634,"wp_function":635},{"id":650,"type":552,"label":553,"file":279,"line":631},"n4",{"id":652,"type":557,"label":558,"file":279,"line":516,"wp_function":559},"n5",[654,655,656],{"from":551,"to":556,"sanitized":376},{"from":608,"to":611,"sanitized":376},{"from":650,"to":652,"sanitized":376},{"summary":658,"deductions":659},"The 'themify-portfolio-post' plugin v1.3.1 presents a mixed security posture. While it demonstrates strengths in areas like the exclusive use of prepared statements for SQL queries and a relatively high percentage of properly escaped output, there are significant concerns regarding its attack surface and historical vulnerability patterns. The presence of 6 AJAX handlers, with 2 lacking authentication checks, creates direct entry points for potential exploitation. Furthermore, the use of the `unserialize` function, identified as a dangerous function, can lead to vulnerabilities if not handled with extreme care, especially when processing untrusted input. The plugin's history of 6 known medium-severity CVEs, all of which are reportedly patched, highlights a recurring trend of vulnerabilities. The commonality of Cross-Site Scripting (XSS) in past issues suggests a historical weakness in input sanitization and output escaping, despite the current static analysis showing an 81% proper escaping rate.\n\nOverall, while the current version appears to have addressed past vulnerabilities, the inherent risks associated with unprotected AJAX endpoints and the legacy of XSS issues warrant caution. The use of `unserialize` also remains a potential point of failure if not meticulously secured against user-controlled data. The plugin's attack surface, particularly its unprotected AJAX handlers, combined with the historical precedent of XSS, suggests that users should remain vigilant and ensure the plugin is consistently updated to the latest secure versions, even if current analyses indicate no critical or high-severity issues.",[660,662,664,666],{"reason":661,"points":108},"Unprotected AJAX handlers found",{"reason":663,"points":378},"Dangerous function 'unserialize' used",{"reason":665,"points":218},"History of 6 medium CVEs, XSS common",{"reason":667,"points":378},"Unsanitized paths found in taint analysis","2026-03-16T17:24:24.054Z",{"wat":670,"direct":688},{"assetPaths":671,"generatorPatterns":679,"scriptPaths":680,"versionParams":681},[672,673,674,675,676,677,678],"\u002Fwp-content\u002Fplugins\u002Fthemify-portfolio-post\u002Fthemify-portfolio-post.php","\u002Fwp-content\u002Fplugins\u002Fthemify-portfolio-post\u002Fincludes\u002Fsystem.php","\u002Fwp-content\u002Fplugins\u002Fthemify-portfolio-post\u002Fincludes\u002Fthemify-metabox\u002Fthemify-metabox.php","\u002Fwp-content\u002Fplugins\u002Fthemify-portfolio-post\u002Fincludes\u002Fthemify-metabox\u002Fassets\u002Fcss\u002Fthemify-metabox.css","\u002Fwp-content\u002Fplugins\u002Fthemify-portfolio-post\u002Fincludes\u002Fthemify-metabox\u002Fassets\u002Fjs\u002Fthemify-metabox.js","\u002Fwp-content\u002Fplugins\u002Fthemify-portfolio-post\u002Fincludes\u002Fthemify-metabox\u002Fincludes\u002Fthemify-field-types.php","\u002Fwp-content\u002Fplugins\u002Fthemify-portfolio-post\u002Fincludes\u002Fthemify-metabox\u002Fassets\u002Fimages\u002Fui-icons.png",[],[676],[682,683,684,685,686,687],"themify-portfolio-post\u002Fthemify-portfolio-post.php?ver=","themify-portfolio-post\u002Fincludes\u002Fsystem.php?ver=","themify-portfolio-post\u002Fincludes\u002Fthemify-metabox\u002Fthemify-metabox.php?ver=","themify-portfolio-post\u002Fincludes\u002Fthemify-metabox\u002Fassets\u002Fcss\u002Fthemify-metabox.css?ver=","themify-portfolio-post\u002Fincludes\u002Fthemify-metabox\u002Fassets\u002Fjs\u002Fthemify-metabox.js?ver=","themify-portfolio-post\u002Fincludes\u002Fthemify-metabox\u002Fincludes\u002Fthemify-field-types.php?ver=",{"cssClasses":689,"htmlComments":726,"htmlAttributes":730,"restEndpoints":757,"jsGlobals":758,"shortcodeOutput":759},[690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725],"themify_featimg_remove","themify_upload_preview","themify_input_field","themify_upload_field","themify_upload_buttons","themify_field_description","themify_video_remove","themify_custom_panel_nonce","themify_metabox_wrap","themify_metabox_field","themify_field_label","themify_field_control","themify_metabox_slider","themify_metabox_colorpicker","themify_metabox_range","themify_metabox_textarea","themify_metabox_textbox","themify_metabox_dropdown","themify_metabox_checkbox","themify_metabox_radio","themify_metabox_separator","themify_metabox_gallery_shortcode","themify_metabox_query_category","themify_metabox_assignments","themify_metabox_repeater","themify_metabox_image_radio","themify_metabox_hidden","themify_metabox_audio","themify_metabox_video","themify_plupload_filelist","themify_plupload_file","themify_plupload_file_name","themify_plupload_file_size","themify_plupload_file_progress","themify_plupload_file_cancel","themify_plupload_file_error",[727,728,729,727,728,729,727,728,729],"\u003C!-- Field storing URL -->","\u003C!-- Parameters for the uploader @var Array -->","\u003C!-- meta_box description -->",[731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756],"data-attachid","data-audio-remove","name=\"themify_metabox_post_thumbnail\"","name=\"themify_metabox_post_slider_images\"","name=\"themify_metabox_post_gallery_images\"","name=\"themify_metabox_post_audio\"","name=\"themify_metabox_post_video\"","name=\"themify_metabox_post_color\"","name=\"themify_metabox_post_layout\"","name=\"themify_metabox_post_meta\"","name=\"themify_metabox_post_id_info\"","name=\"themify_metabox_post_multi\"","name=\"themify_metabox_post_date\"","name=\"themify_metabox_post_dropdown\"","name=\"themify_metabox_post_dropdownbutton\"","name=\"themify_metabox_post_textbox\"","name=\"themify_metabox_post_textarea\"","name=\"themify_metabox_post_checkbox\"","name=\"themify_metabox_post_separator\"","name=\"themify_metabox_post_radio\"","name=\"themify_metabox_post_gallery_shortcode\"","name=\"themify_metabox_post_query_category\"","name=\"themify_metabox_post_assignments\"","name=\"themify_metabox_post_repeater\"","name=\"themify_metabox_post_image_radio\"","name=\"themify_metabox_post_hidden\"",[],[697],[]]