Show Template Security & Risk Analysis
wordpress.org/plugins/show-templatePrints an html comment in the footer of every page letting you know which template file of your theme was used for the display.
Is Show Template Safe to Use in 2026?
Generally Safe
Score 85/100Show Template has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "show-template" v1.1 plugin exhibits a seemingly robust security posture based on the static analysis provided. It boasts a zero-attack surface in terms of common entry points like AJAX handlers, REST API routes, shortcodes, and cron events, with no unprotected handlers or routes identified. The code also demonstrates good practices by using prepared statements for all SQL queries and refraining from dangerous functions, file operations, or external HTTP requests. The absence of any recorded vulnerabilities, CVEs, or taint analysis findings further strengthens this positive impression.
However, a significant concern arises from the output escaping analysis, which indicates that 100% of the detected outputs are not properly escaped. This represents a considerable risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or dynamic content could be injected into the output without proper sanitization, potentially leading to malicious code execution in the user's browser. The lack of any capability checks or nonce checks, while not directly linked to the attack surface, also indicates a potential for insecure handling of operations if they were to be introduced in future versions. Despite the strengths in preventing direct code execution vulnerabilities, the unescaped output is a critical weakness that must be addressed.
Key Concerns
- 100% of outputs unescaped
Show Template Security Vulnerabilities
Show Template Code Analysis
Output Escaping
Show Template Attack Surface
WordPress Hooks 2
Maintenance & Trust
Show Template Maintenance & Trust
Maintenance Signals
Community Trust
Show Template Alternatives
Category Template Hierarchy
category-template-hierarchy
Adds parent-category.php, child-category.php, and child-category-{slug|id} templates to the hierarchy and conditional tags to match.
What Template Am I Using
what-template-am-i-using
This plugin is intended for theme developers to use. It shows the current template being used to render the page, current post type, and much more.
Current Page Template Viewer
current-page-template-viewer
Display current template file and directory name on screen for WordPress development.
Current Template Insights
current-template-insights
Quickly view the active template file and important page information directly in your WordPress admin bar.
What The File
what-the-file
What The File is the best tool to find out what template parts are used to display the page you're currently viewing!
Show Template Developer Profile
12 plugins · 5K total installs
How We Detect Show Template
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
<!-- Active Template: {$this->template} --><!--
The template loader logic has chosen a different template than what was used.
Chosen Template: {$this->template}
Actual Template: $fudge
This will usually occur if the template file was overriden using an action on template_redirect.
This is a best effort guess to catch such scenarios as mentioned above but can be incorrect.
-->