Does Hide Text Shortcode have any unpatched vulnerabilities?

Yes — Hide Text Shortcode currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Hide Text Shortcode compatible with WordPress 4.8.28?

According to WordPress.org data, Hide Text Shortcode 1.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Hide Text Shortcode updated?

Hide Text Shortcode was last updated on Jun 16, 2016. Frequent updates are generally a positive security signal.

What is Hide Text Shortcode's security score?

Hide Text Shortcode has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hide Text Shortcode Security & Risk Analysis

wordpress.org/plugins/hide-text-shortcode

Shortcode to hide text

400 active installs v1.1 PHP + WP 3.9+ Updated Jun 16, 2016

hide-textjavascriptshortcode

C · Use Caution

CVEs total1

Unpatched1

Last CVEAug 13, 2025

Plugin page Download

Safety Verdict

Is Hide Text Shortcode Safe to Use in 2026?

Use With Caution

Score 63/100

Hide Text Shortcode has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 13, 2025Updated 9yr ago

Risk Assessment

The "hide-text-shortcode" v1.1 plugin exhibits a generally good security posture in its current code analysis. It correctly avoids dangerous functions, uses prepared statements for all SQL queries, and properly escapes all output. There are no identified file operations or external HTTP requests, and the attack surface appears to be minimal and protected. The absence of taint analysis findings further suggests a lack of immediate, exploitable vulnerabilities within the provided code snapshot.

However, a significant concern arises from the plugin's vulnerability history. The presence of one unpatched medium severity CVE, specifically related to Cross-Site Scripting (XSS), is a critical red flag. This indicates that the plugin, in its past versions, has had a known flaw that allows for arbitrary code execution within a user's browser. The fact that this vulnerability remains unpatched for this version is a serious oversight and presents a clear and present danger.

In conclusion, while the static code analysis of v1.1 shows promising security practices, the unpatched historical vulnerability drastically outweighs these positive indicators. Users of this plugin are at risk of XSS attacks unless they can confirm that the specific CVE affecting this plugin has been addressed in a way not reflected in the provided data or that they are using a version that has since been patched. The plugin's strengths in code hygiene are overshadowed by the critical need to address the known security flaw.

Key Concerns

Unpatched CVE

Vulnerabilities

Hide Text Shortcode Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-49051medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Hide Text Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 13, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Hide Text Shortcode Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Hide Text Shortcode Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[htsP] hide_text_shortcode.php:12

Maintenance & Trust

Hide Text Shortcode Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJun 16, 2016

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs400

Alternatives

Hide Text Shortcode Alternatives

Shortcoder — Create Shortcodes for Anything

shortcoder

Create custom "Shortcodes" easily for HTML, JavaScript, CSS code snippets and use the shortcodes within posts, pages & widgets

100K 2 CVEs

Slideshow

slideshow

A shortcode for displaying a slideshow of image attachments for a post.

1K No CVEs

Same Height

same-height

Force different parts of your content to the same height. Very useful if you want to present to boxes side by side. Responsive and bootstrap-friendly.

100 No CVEs

Pym.js Embeds

pym-shortcode

A WordPress block and shortcode for embedding iframes that are responsive horizontally and vertically, using the NPR Visuals Team's Pym.js.

90 No CVEs

Insert Title

insert-title

This plugin simply Insert post's or page's title in content area. If you are really sick of copying and pasting title in content again and a …

30 No CVEs

Developer Profile

Hide Text Shortcode Developer Profile

biscia7

4 plugins · 420 total installs

trust score

Avg Security Score

80/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hide Text Shortcode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

hide-text-shortcode/style.css?ver=

HTML / DOM Fingerprints

JS Globals

visualizza

Shortcode Output

<div id="testohtsP"><a href="#" onclick="visualizza('bodyhtsP'); return false"><div id="bodyhtsP" style="display:none">

FAQ