WP-Safety

WP-ShowHide Security & Risk Analysis

wordpress.org/plugins/wp-showhide

Allows you to embed content within your blog post via WordPress ShortCode API and toggling the visibility of the content via a link.

10K active installs v1.06 PHP + WP 3.0+ Updated Nov 28, 2025
contenthidepress-releaseshowvisibility
98
A · Safe
CVEs total2
Unpatched0
Last CVEDec 15, 2025
Plugin page Download
Safety Verdict

Is WP-ShowHide Safe to Use in 2026?

Generally Safe

Score 98/100

WP-ShowHide has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Dec 15, 2025Updated 5mo ago
Risk Assessment

The "wp-showhide" plugin, version 1.06, exhibits a generally good security posture based on the provided static analysis. All identified output is properly escaped, and SQL queries are exclusively handled via prepared statements, indicating a strong understanding of secure coding practices in these areas. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests minimizes common attack vectors. The plugin also benefits from a very small attack surface, with only one shortcode as an entry point and no unprotected handlers.

Key Concerns

  • Two medium severity CVEs in history
  • No nonce checks implemented
  • No capability checks implemented
Vulnerabilities
2 published

WP-ShowHide Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-67541medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP-ShowHide <= 1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 15, 2025 Patched in 1.06 (5d)
CVE-2022-4825medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP-ShowHide <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 10, 2023 Patched in 1.05 (378d)
Version History

WP-ShowHide Release Timeline

v1.06Current
v1.042 CVEs
CVE-2025-67541 CVE-2022-4825
v1.032 CVEs
CVE-2025-67541 CVE-2022-4825
v1.022 CVEs
CVE-2025-67541 CVE-2022-4825
v1.012 CVEs
CVE-2025-67541 CVE-2022-4825
v1.002 CVEs
CVE-2025-67541 CVE-2022-4825
Code Analysis
Analyzed Mar 16, 2026

WP-ShowHide Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
9 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped9 total outputs
Attack Surface

WP-ShowHide Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[showhide] wp-showhide.php:44
WordPress Hooks 3
actionwp_enqueue_scriptswp-showhide.php:32
actionplugins_loadedwp-showhide.php:38
actionwp_footerwp-showhide.php:83
Maintenance & Trust

WP-ShowHide Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 28, 2025
PHP min version
Downloads142K

Community Trust

Rating84/100
Number of ratings43
Active installs10K
Alternatives

WP-ShowHide Alternatives

Responsive Visibility for Blocks Editor (Hide/Show Blocks for Devices)

Responsive Visibility for Blocks Editor (Hide/Show Blocks for Devices)

responsive-visibility

A
100

🌟 Enhance Your WordPress Site with Responsive Visibility for Gutenberg Blocks

60 No CVEs
Hide Posts

Hide Posts

whp-hide-posts

A
100

Allows you to hide any posts on the home page, category page, search page, tags page, authors page, RSS Feed, REST API, XML sitemaps, SEO integrations &hellip;

20K No CVEs
Show-Hide / Collapse-Expand

Show-Hide / Collapse-Expand

show-hidecollapse-expand

B
84

Save space on your pages, posts, sidebars. Hide the content before user clicks to see it. Collapse long lists, create FAQs & more.

10K 2 CVEs
WP Hide Post — Hide Posts, Pages, Custom Post Types, and Control Products Visibility for WooCommerce

WP Hide Post — Hide Posts, Pages, Custom Post Types, and Control Products Visibility for WooCommerce

wp-post-hide

A
99

Want to hide WordPress posts, pages, custom post types, and WooCommerce products from the homepage, archives, search, RSS, and REST API? Check out WP &hellip;

3K 1 CVE
Content Visibility for Divi Builder

Content Visibility for Divi Builder

content-visibility-for-divi-builder

A
100

Content Visibility for Divi Builder.

2K No CVEs
Developer Profile

WP-ShowHide Developer Profile

Lester Chan

20 plugins · 888K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
1377 days
View full developer profile
Detection Fingerprints

How We Detect WP-ShowHide

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
sh-linksh-contentsh-hidesh-show
Data Attributes
aria-expanded
JS Globals
showhide_toggle
Shortcode Output
<div id="-link-" class="sh-link -link
FAQ

Frequently Asked Questions about WP-ShowHide