Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Heateor — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting Heateor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Heateor develops social media and engagement plugins for WordPress websites, with its core use case being enhancing user interaction through sharing and following features. Historically, the product has been associated with multiple remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from insufficient input validation and improper access controls. The 8 recorded CVEs highlight recurring issues in sanitizing user-supplied data and managing permissions, though no major public security incidents have been widely documented. The plugin's widespread adoption in the WordPress ecosystem has made it a consistent target for exploitation, emphasizing the need for regular updates and security hardening by users.

Top products by Heateor: Social Sharing Plugin – Sassy Social Share Heateor Social Login WordPress Heateor Login – Social Login Plugin
CVE IDTitleCVSSSeverityPublished
CVE-2025-9857 Heateor Login – Social Login Plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Heateor Login – Social Login PluginCWE-79 6.4 Medium2025-09-10
CVE-2025-5528 Social Sharing Plugin – Sassy Social Share <= 3.3.75 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter — Social Sharing Plugin – Sassy Social ShareCWE-79 6.1 Medium2025-06-07
CVE-2024-11252 Social Sharing Plugin – Sassy Social Share <= 3.3.69 - Reflected Cross-Site Scripting via heateor_mastodon_share Parameter — Social Sharing Plugin – Sassy Social ShareCWE-79 6.1 Medium2024-11-30
CVE-2024-10020 Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass via Disqus OAuth provider — Heateor Social Login WordPressCWE-287 8.1 High2024-11-06
CVE-2022-4971 Sassy Social Share <= 3.3.3 - Reflected Cross-Site Scripting — Social Sharing Plugin – Sassy Social ShareCWE-79 6.1 Medium2024-10-16
CVE-2024-32674 WordPress Plugin Heator Social Login 跨站脚本漏洞 — Heateor Social Login WordPress 6.1AIMediumAI2024-05-08
CVE-2024-1989 Social Sharing Plugin – Sassy Social Share <= 3.3.58 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Social Sharing Plugin – Sassy Social ShareCWE-79 6.4 Medium2024-03-06
CVE-2024-1448 Sassy Social Share <= 3.3.56 - Authenticated (Contributor+) Stored Cross-Site Scripting — Social Sharing Plugin – Sassy Social ShareCWE-79 6.4 Medium2024-02-20

This page lists every published CVE security advisory associated with Heateor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.