Does Show Fit File have any unpatched vulnerabilities?

No. All known vulnerabilities in Show Fit File have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Show Fit File compatible with WordPress 6.5.8?

According to WordPress.org data, Show Fit File 1.2.3 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Show Fit File compatible with PHP 7.4+?

Show Fit File requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Show Fit File updated?

Show Fit File was last updated on Mar 25, 2024. Frequent updates are generally a positive security signal.

What is Show Fit File's security score?

Show Fit File has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Show Fit File Security & Risk Analysis

wordpress.org/plugins/show-fit-file

A plugin to display fit, gpx and tcx files.

100 active installs v1.2.3 PHP 7.4+ WP 5.8+ Updated Mar 25, 2024

cyclefitgarmingpxtcx

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Show Fit File Safe to Use in 2026?

Generally Safe

Score 85/100

Show Fit File has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "show-fit-file" plugin v1.2.3 exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, file operations, external HTTP requests, and the complete use of prepared statements for SQL queries are strong indicators of secure coding practices. Furthermore, the lack of any recorded vulnerabilities, including critical and high severity ones, suggests a history of responsible development and maintenance. The plugin's attack surface is minimal, with only one shortcode, and importantly, no AJAX handlers or REST API routes appear to be unprotected. This indicates a careful approach to integrating with WordPress, minimizing potential entry points for attackers.

Key Concerns

One shortcode, no specified auth check
Only 67% of outputs properly escaped
No nonce checks present
No capability checks present

Vulnerabilities

None known

Show Fit File Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Show Fit File Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped3 total outputs

Attack Surface

Show Fit File Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[showfitfile] showfitfile.php:34

WordPress Hooks 7

actionwp_enqueue_scriptsshowfitfile.php:37

filterupload_mimesshowfitfile.php:40

filterwp_handle_upload_prefiltershowfitfile.php:43

filterwp_handle_uploadshowfitfile.php:44

actionenqueue_block_editor_assetsshowfitfile.php:47

actioninitshowfitfile.php:67

filterupload_dirshowfitfile.php:778

Maintenance & Trust

Show Fit File Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedMar 25, 2024

PHP min version7.4

Downloads3K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Show Fit File Alternatives

Garmin Connect

garmin-connect

Provides a widget for displaying latest activities from Garmin Connect on your site

20 No CVEs

Gpx2Graphics

gpx2graphics

Create a Google Map, Elevation image or Speed image from your (Garmin) GpX files.

10 No CVEs

Tracking Code Manager

tracking-code-manager

A plugin to manage ALL of your tracking code and conversion pixels. Compatible with Facebook Ads, Google Adwords, WooCommerce, Easy Digital Downloads, …

100K 6 CVEs

Cost of Goods: Product Cost & Profit Calculator for WooCommerce

cost-of-goods-for-woocommerce

Unlock detailed insights into products profitability, calculate COGS & profit margins, and get a better financial analytics insights with our Cost …

10K 4 CVEs

OSM – OpenStreetMap

osm

Customize maps in your post, pages and widgets. GPX, KML and more. The easy way to map!

10K 7 CVEs

Developer Profile

Show Fit File Developer Profile

Stuart Tevendale

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Show Fit File

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/show-fit-file/leaflet.js/wp-content/plugins/show-fit-file/leaflet.css/wp-content/plugins/show-fit-file/style.css/wp-content/plugins/show-fit-file/images/trend-up.svg/wp-content/plugins/show-fit-file/images/trend-down.svg

Script Paths

/wp-content/plugins/show-fit-file/leaflet.js/wp-content/plugins/show-fit-file/build/index.js

Version Parameters

show-fit-file/leaflet.js?ver=show-fit-file/leaflet.css?ver=show-fit-file/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

sff_dataCellsff_dataTitlesff_dataItemsff_trendsff_dataTablesff_altitudeGraphsff_routeMap

HTML Comments

This is separate to Shortcode functions so that I can add extra functionality
to the block without breaking the Shortcode version
The alternative is splitting the plugin into 2 separate plugins

Add code for Block+1 more

Data Attributes

id="mapid-class="sff_routeMap"class="sff_altitudeGraph"id="altitude"class="sff_dataTable"class="sff_dataCell"+3 more

JS Globals

L.mapL.TileLayerL.polylineL.markerL.circleMarkergreenIcon+14 more

Shortcode Output

<table class="sff_dataTable"<div id="mapid-<canvas id="altitude">

FAQ