Does Show/Hide Shortcode have any unpatched vulnerabilities?

No. All known vulnerabilities in Show/Hide Shortcode have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Show/Hide Shortcode compatible with WordPress 6.7.5?

According to WordPress.org data, Show/Hide Shortcode 1.0.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Show/Hide Shortcode compatible with PHP 7.3+?

Show/Hide Shortcode requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Show/Hide Shortcode updated?

Show/Hide Shortcode was last updated on Jan 3, 2025. Frequent updates are generally a positive security signal.

What is Show/Hide Shortcode's security score?

Show/Hide Shortcode has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Show/Hide Shortcode Security & Risk Analysis

wordpress.org/plugins/showhide-shortcode

Small and efficient plugin implementing dynamic "Show more..." links. Just use the [showhide] shortcode, there is no addition to the backend.

300 active installs v1.0.1 PHP 7.3+ WP 5.7+ Updated Jan 3, 2025

expanderread-lessread-moreshow-lessshow-more

A · Safe

CVEs total1

Unpatched0

Last CVEJan 24, 2025

Plugin page Download

Safety Verdict

Is Show/Hide Shortcode Safe to Use in 2026?

Generally Safe

Score 91/100

Show/Hide Shortcode has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 24, 2025Updated 1yr ago

Risk Assessment

The 'showhide-shortcode' plugin v1.0.1 exhibits a generally good security posture in its static analysis, with no detected dangerous functions, all SQL queries using prepared statements, and all output properly escaped. The attack surface is minimal, consisting of a single shortcode, and importantly, there are no unprotected entry points found in the static analysis, which is a significant strength. The absence of any taint analysis findings further suggests that readily exploitable vulnerabilities within the code itself are unlikely at this version. However, the plugin's vulnerability history is a major concern. It has a known CVE with a history of Cross-Site Scripting (XSS) vulnerabilities. Although there are no currently unpatched CVEs, the past occurrence of a medium-severity XSS vulnerability, especially one that has been fixed, indicates a tendency for such issues to arise. This suggests that while the current version might be clean, careful monitoring and prompt updates are essential, as future versions could potentially reintroduce similar flaws if not rigorously tested.

Key Concerns

Known medium severity XSS vulnerability in history
No nonce checks on shortcode entry point
No capability checks on shortcode entry point

Vulnerabilities

Show/Hide Shortcode Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-24687medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Show/Hide Shortcode <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 24, 2025 Patched in 1.0.1 (5d)

Code Analysis

Analyzed Mar 16, 2026

Show/Hide Shortcode Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped2 total outputs

Attack Surface

Show/Hide Shortcode Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[showhide] show-hide-shortcode.php:31

WordPress Hooks 1

actioninitshow-hide-shortcode.php:17

Maintenance & Trust

Show/Hide Shortcode Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 3, 2025

PHP min version7.3

Downloads3K

Community Trust

Rating100/100

Number of ratings3

Active installs300

Alternatives

Show/Hide Shortcode Alternatives

FR Read More

fr-read-more

Create expandable content sections on WordPress. Let visitors reveal hidden content with a click.

0 No CVEs

Webspero Read More Toggle

webspero-read-more-toggle

100

Adds a simple "Read More / Read Less" toggle to long content using lightweight JavaScript. Ideal for blogs, FAQs, or excerpts.

0 No CVEs

KM-ShowHide

km-showhide

This simple plugin allows you to toggle your content inside shortcode.

30 No CVEs

Developer Profile

Show/Hide Shortcode Developer Profile

Lars Wallenborn

1 plugin · 300 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

5 days

View full developer profile

Detection Fingerprints

How We Detect Show/Hide Shortcode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/showhide-shortcode/script.js

Script Paths

/wp-content/plugins/showhide-shortcode/script.js

Version Parameters

showhide-shortcode/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

showhideshortcode-content

Data Attributes

data-show-captiondata-hide-caption

Shortcode Output

<div class="showhideshortcode-content"><p><a href="#" data-show-caption=""></a></p><div style="display: none;">

FAQ