Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

heroplugins — Vulnerabilities & Security Advisories 4

Browse all 4 CVE security advisories affecting heroplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HeroPlugins develops WordPress security and optimization plugins focused on enhancing website performance and protection. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, their cumulative CVE count of four indicates consistent security challenges. The plugins typically require elevated privileges to function, increasing potential impact if compromised. Security researchers have noted that some vulnerabilities remained unpatched for extended periods, leaving affected installations exposed to exploitation before updates were released.

Top products by heroplugins: Hero Mega Menu - Responsive WordPress Menu Plugin Hero Slider - WordPress Slider Plugin
CVE IDTitleCVSSSeverityPublished
CVE-2024-13809 Hero Slider - WordPress Slider Plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection — Hero Slider - WordPress Slider PluginCWE-89 6.5 Medium2025-03-05
CVE-2024-13778 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Authenticated (Subscriber+) SQL Injection — Hero Mega Menu - Responsive WordPress Menu PluginCWE-89 6.5 Medium2025-03-05
CVE-2024-13779 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Reflected Cross-Site Scripting — Hero Mega Menu - Responsive WordPress Menu PluginCWE-79 6.1 Medium2025-03-05
CVE-2024-13780 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion — Hero Mega Menu - Responsive WordPress Menu PluginCWE-862 6.5 Medium2025-03-05

This page lists every published CVE security advisory associated with heroplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.