PowerFolio – Portfolio & Image Gallery for Elementor

Vulnerabilities 9Slug portfolio-elementorLatest version 3.2.5WordPress.org →

Minimum safe version

3.2.2

Update to 3.2.2 or later to address 9 fixable vulnerabilities

Latest available3.2.5 ✓

Medium 6.5

2025-09-22< 3.2.2

PowerFolio <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence EUVD CVE

Medium 6.4

2025-07-07< 3.2.1

WordPress Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Patchstack EUVD Wordfence CVE

Medium 6.3

2024-10-16< 2.1.7

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE

Medium 6.5

2024-01-31< 3.1.1

CVE-2024-22150

CVE Wordfence Patchstack WPScan

N/A

2023-07-18< 3.0.3

WordPress Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio Plugin < 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE

Medium 5.4

2023-01-30< 2.3.1

CVE-2022-4765

CVE Patchstack Wordfence WPScan

N/A

2022-03-04< 2.1.7

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence

N/A

2022-02-28< 2.1.7

WordPress Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio plugin <= 2.1.6 - Sensitive Information Disclosure vulnerability

Patchstack

N/A

2022-02-28< 2.1.7

WordPress Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio plugin <= 2.1.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack