Does WEBphysiology Portfolio have any unpatched vulnerabilities?

No. All known vulnerabilities in WEBphysiology Portfolio have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WEBphysiology Portfolio compatible with WordPress 3.5.2?

According to WordPress.org data, WEBphysiology Portfolio 1.4.8 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is WEBphysiology Portfolio updated?

WEBphysiology Portfolio was last updated on Mar 24, 2013. Frequent updates are generally a positive security signal.

What is WEBphysiology Portfolio's security score?

WEBphysiology Portfolio has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WEBphysiology Portfolio Security & Risk Analysis

wordpress.org/plugins/webphysiology-portfolio

Allows for the creation of an expanded-list styled or a grid-styled page containing images and supporting detail, perfect for a portfolio presentation …

80 active installs v1.4.8 PHP + WP 3.1.0+ Updated Mar 24, 2013

galleryimageportfolioscreenshotwebsite

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WEBphysiology Portfolio Safe to Use in 2026?

Generally Safe

Score 85/100

WEBphysiology Portfolio has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "webphysiology-portfolio" plugin version 1.4.8 presents a mixed security posture. On the positive side, it has a very small attack surface with only one shortcode as an entry point, and crucially, no unprotected AJAX handlers or REST API routes. The absence of known CVEs and a clean vulnerability history are also strong indicators of good security practices in the past. However, the static analysis reveals significant concerns within the codebase itself. The presence of dangerous functions like `create_function` and `unserialize` is a red flag, as these can be exploited if user-supplied data is not rigorously sanitized. Furthermore, a low percentage (31%) of SQL queries using prepared statements, combined with a very low rate (6%) of properly escaped output, suggests a high risk of SQL injection and cross-site scripting (XSS) vulnerabilities respectively. The taint analysis indicating flows with unsanitized paths, although not flagged as critical or high severity in this specific analysis, reinforces the potential for these types of vulnerabilities to exist.

Key Concerns

Dangerous function: unserialize
Dangerous function: create_function
Low percentage of prepared SQL statements
Very low percentage of properly escaped output
Taint analysis shows unsanitized paths

Vulnerabilities

None known

WEBphysiology Portfolio Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WEBphysiology Portfolio Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

150

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'register_widget("webphys_portfolio_widget");' ) );function.php:2706

unserialize$array = @unserialize(trim($contents));function.php:3457

SQL Query Safety

31% prepared16 total queries

Output Escaping

6% escaped159 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

get_Loop_Site_Image (function.php:3162)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WEBphysiology Portfolio Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[webphysiology_portfolio] portfolio-main.php:288

WordPress Hooks 45

actionadmin_print_styles-post.phpfunction.php:250

filterwidget_tag_cloud_argsfunction.php:2628

actionwidgets_initfunction.php:2706

actionwp_print_stylesfunction.php:2744

filtertemplate_includefunction.php:2749

actionwp_print_stylesfunction.php:2750

actionwp_print_stylesfunction.php:2798

actionwp_headfunction.php:2821

actionwp_print_scriptsfunction.php:2822

actionwp_print_scriptsfunction.php:2823

actionwp_footerfunction.php:2886

actioninitportfolio-main.php:206

filterpost_updated_messagesportfolio-main.php:207

actioninitportfolio-main.php:210

actioninitportfolio-main.php:214

actionwp_logoutportfolio-main.php:215

actionwp_loginportfolio-main.php:216

actionadmin_menuportfolio-main.php:225

actioninitportfolio-main.php:227

actionadmin_print_scriptsportfolio-main.php:228

actionadmin_print_stylesportfolio-main.php:229

actionadmin_noticesportfolio-main.php:230

actionadmin_menuportfolio-main.php:231

filtermanage_edit-webphys_portfolio_columnsportfolio-main.php:232

actionmanage_posts_custom_columnportfolio-main.php:233

filtermanage_edit-webphys_portfolio_sortable_columnsportfolio-main.php:234

filterrequestportfolio-main.php:236

actionadmin_head-edit.phpportfolio-main.php:237

actionsave_postportfolio-main.php:241

actionsave_postportfolio-main.php:242

actionadmin_enqueue_scriptsportfolio-main.php:246

actionafter_plugin_row_webphysiology-portfolio/portfolio-main.phpportfolio-main.php:249

filterplugin_row_metaportfolio-main.php:253

filterozh_adminmenu_iconportfolio-main.php:256

actioninitportfolio-main.php:265

actioninitportfolio-main.php:268

actionadmin_enqueue_scriptsportfolio-main.php:271

actioninitportfolio-main.php:278

actioninitportfolio-main.php:280

actionadmin_footerportfolio-main.php:283

actionadmin_footerportfolio-main.php:284

actionwpportfolio-main.php:289

filterquery_varsportfolio-main.php:290

filterposts_joinportfolio-main.php:291

filterposts_whereportfolio-main.php:292

Maintenance & Trust

WEBphysiology Portfolio Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedMar 24, 2013

PHP min version

Downloads53K

Community Trust

Rating82/100

Number of ratings9

Active installs80

Alternatives

WEBphysiology Portfolio Alternatives

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

Modern photo gallery and portfolio plugin with advanced layouts editor. Clean gallery styles with powerful settings in the Gutenberg block.

60K 4 CVEs

WPZOOM Portfolio Lite – Filterable Portfolio Plugin

wpzoom-portfolio

Portfolio plugin for WordPress. Create filterable portfolio grids with masonry layouts and lightbox. Ideal for photographers, designers, agencies.

20K 2 CVEs

Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery

gallery-videos

Gallery is a user-friendly plugin to display user or hashtag-based gallery feeds as a responsive customizable gallery.

10K 5 CVEs

PowerFolio – Portfolio & Image Gallery for Elementor

portfolio-elementor

A powerful portfolio and gallery plugin for WP, Elementor and Gutenberg. Create portfolio and image galleries in seconds using any page builder!

10K 4 CVEs

Photoswipe Masonry Gallery

photoswipe-masonry

100

PhotoSwipe Masonry takes advantage of the built in gallery features of WordPress. The gallery is built using PhotoSwipe from Dmitry Semenov.

7K 1 CVE

Developer Profile

WEBphysiology Portfolio Developer Profile

Jeff Lambert

1 plugin · 80 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WEBphysiology Portfolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/webphysiology-portfolio/css/webphysiology-portfolio.css/wp-content/plugins/webphysiology-portfolio/js/webphysiology-portfolio.js/wp-content/plugins/webphysiology-portfolio/js/file_loader.js

Script Paths

/wp-content/plugins/webphysiology-portfolio/js/webphysiology-portfolio.js/wp-content/plugins/webphysiology-portfolio/js/file_loader.js

Version Parameters

webphysiology-portfolio/css/webphysiology-portfolio.css?ver=webphysiology-portfolio/js/webphysiology-portfolio.js?ver=webphysiology-portfolio/js/file_loader.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpp-thickbox

Shortcode Output

[portfolio]

FAQ