Team Heateor — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting Team Heateor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Team Heateor develops WordPress plugins for social media integration and marketing tools, with 8 CVEs recorded in their history. Their vulnerabilities have primarily involved stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Notable characteristics include vulnerabilities in their social sharing and contact form plugins that allowed attackers to execute arbitrary code or compromise administrative accounts. While no major public incidents have been widely documented, their consistent vulnerability patterns highlight ongoing security challenges in their plugin development lifecycle, requiring improved sanitization and permission management practices.

Top products by Team Heateor: Fancy Comments WordPress Super Socializer Heateor Social Login WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments Heateor Social Login WordPress

CVEs 8

CVE ID	Title	CVSS	Severity	Published
CVE-2023-41802	WordPress Super Socializer plugin <= 7.13.54 - Broken Access Control vulnerability — Super SocializerCWE-862	4.3	Medium	2024-12-13
CVE-2024-35706	WordPress Heateor Social Login WordPress plugin <= 1.1.32 - Cross Site Scripting (XSS) vulnerability — Heateor Social LoginCWE-79	7.1	High	2024-06-08
CVE-2024-35707	WordPress Heateor Social Login WordPress plugin <= 1.1.32 - Cross Site Scripting (XSS) vulnerability — Heateor Social LoginCWE-79	6.5	Medium	2024-06-08
CVE-2024-29804	WordPress Fancy Comments WordPress plugin <= 1.2.14 - Cross Site Scripting (XSS) vulnerability — Fancy Comments WordPressCWE-79	6.5	Medium	2024-03-27
CVE-2024-24712	WordPress Heateor Social Login Plugin <= 1.1.30 is vulnerable to Cross Site Scripting (XSS) — Heateor Social Login WordPressCWE-79	6.5	Medium	2024-02-10
CVE-2023-35882	WordPress Super Socializer Plugin <= 7.13.52 is vulnerable to Cross Site Scripting (XSS) — Super SocializerCWE-79	6.5	Medium	2023-06-20
CVE-2023-23977	WordPress Heateor Social Comments Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) — WordPress Social Comments Plugin for Vkontakte Comments and Disqus CommentsCWE-79	6.5	Medium	2023-04-04
CVE-2023-23670	WordPress Fancy Comments WordPress Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS) — Fancy Comments WordPressCWE-79	6.5	Medium	2023-03-30

This page lists every published CVE security advisory associated with Team Heateor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Team Heateor — Vulnerabilities & Security Advisories 8