VYPR

Wp Showhide

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-67541MedDec 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-ShowHide wp-showhide allows Stored XSS.This issue affects WP-ShowHide: from n/a through <= 1.05.

  • CVE-2022-4825MedFeb 6, 2023
    risk 0.35cvss 5.4epss 0.01

    The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used…