WP-Safety

Hester Core Security & Risk Analysis

wordpress.org/plugins/hester-core

Hester Core is an optional companion plugin for Peregrine Themes theme. It adds additional features such as homepage sections, widgets, blocks and a c …

10K active installs v1.0.10 PHP 5.6+ WP 5.0+ Updated Jan 19, 2026
blockscustom-blocksdemo-templatedemoswidgets
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Hester Core Safe to Use in 2026?

Generally Safe

Score 100/100

Hester Core has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The hester-core plugin version 1.0.10 exhibits a generally good security posture, characterized by several strong security practices. The plugin demonstrates a commitment to secure coding with 100% of its SQL queries utilizing prepared statements and a high percentage (86%) of its output being properly escaped. Furthermore, the presence of nonce and capability checks on its identified entry points is a positive indicator of security awareness. The absence of any recorded vulnerabilities in its history, including critical and high severity CVEs, is a significant strength.

However, there are a few areas that warrant attention. The static analysis reveals the presence of dangerous functions such as 'unserialize' and 'assert', which can introduce security risks if not handled with extreme care and proper sanitization of their inputs. While the taint analysis found no unsanitized paths, the mere presence of these functions warrants a cautious approach. The plugin's attack surface is small and currently appears to be protected, but any future expansion of this surface without robust authentication would increase risk.

In conclusion, hester-core v1.0.10 is a relatively secure plugin due to its robust SQL handling, output escaping, and lack of historical vulnerabilities. The primary area of concern lies in the potential risks associated with the use of dangerous functions like 'unserialize' and 'assert'. Vigilance regarding input validation for these functions is paramount to maintaining its current strong security standing.

Key Concerns

  • Presence of dangerous functions (unserialize, assert)
Vulnerabilities
None known

Hester Core Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Hester Core Code Analysis

Dangerous Functions
9
Raw SQL Queries
0
4 prepared
Unescaped Output
63
383 escaped
Nonce Checks
6
Capability Checks
3
File Operations
28
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserializeupdate_post_meta($id, '_menu_item_mega', unserialize($_menu_item_mega));core\admin\demo-library\importers\class-wordpress-importer.php:1329
unserialize$_menu_item_mega_grid = unserialize($_menu_item_mega_grid);core\admin\demo-library\importers\class-wordpress-importer.php:1333
unserializeupdate_post_meta($id, '_menu_item_mega_tab', unserialize($_menu_item_mega_tab));core\admin\demo-library\importers\class-wordpress-importer.php:1350
assertassert($bin !== false);core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\brick\math\src\BigInteger.php:1002
assertassert($value instanceof static);core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\brick\math\src\BigNumber.php:68
assertassert($numerator !== null);core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\brick\math\src\BigNumber.php:107
assertassert($denominator !== null);core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\brick\math\src\BigNumber.php:108
assertassert( is_array( $codePoints[0] ) );core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\rowbot\idna\bin\RegexBuilder.php:191
assertassert( $parsedURL->url !== null );core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\rowbot\url\src\URL.php:84

SQL Query Safety

100% prepared4 total queries

Output Escaping

86% escaped446 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
import_demo_step (core\admin\demo-library\class-hester-demo-importer.php:97)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Hester Core Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_hester_core_import_stepcore\admin\demo-library\class-hester-demo-importer.php:85
authwp_ajax_hester-core-filter-demoscore\admin\demo-library\class-hester-demo-library.php:103
WordPress Hooks 34
actionafter_setup_themecore\admin\class-hester-core-admin.php:57
filterhester_recommended_pluginscore\admin\class-hester-core-admin.php:60
filterupload_mimescore\admin\class-hester-core-admin.php:63
actionadmin_noticescore\admin\class-hester-core-admin.php:92
actionadmin_menucore\admin\class-hester-core-admin.php:99
actionadmin_menucore\admin\class-hester-core-admin.php:100
actionadmin_enqueue_scriptscore\admin\class-hester-core-admin.php:109
actioninitcore\admin\demo-library\class-hester-demo-exporter.php:61
filterwp_import_post_data_rawcore\admin\demo-library\class-hester-demo-importer.php:88
actionadmin_menucore\admin\demo-library\class-hester-demo-library-page.php:58
actionadmin_enqueue_scriptscore\admin\demo-library\class-hester-demo-library.php:101
actionadmin_initcore\admin\demo-library\class-hester-demo-library.php:102
filterimport_post_meta_keycore\admin\demo-library\importers\class-wordpress-importer.php:136
filterhttp_request_timeoutcore\admin\demo-library\importers\class-wordpress-importer.php:137
filterhester_dynamic_stylescore\widgets\class-hester-core-custom-list-widget.php:51
filterhester_dynamic_stylescore\widgets\class-hester-core-posts-list-widget.php:54
actionwidgets_initcore\widgets\widgets.php:62
actionadmin_print_footer_scripts-widgets.phpcore\widgets\widgets.php:88
actionwp_enqueue_scriptscore\widgets\widgets.php:116
actionadmin_print_footer_scripts-widgets.phpcore\widgets\widgets.php:179
actionplugins_loadedhester-core.php:89
actionadmin_noticeshester-core.php:205
actioninitthemes\hester\customizer\customizer.php:54
filterhester_default_option_valuesthemes\hester\customizer\default.php:2
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-blog.php:3
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-extra.php:2
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-features.php:3
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-info.php:3
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-products.php:3
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-services.php:2
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-slider.php:3
actionwp_enqueue_scriptsthemes\hester\hester.php:17
actionafter_switch_themethemes\hester\hester.php:42
actionhester_before_home_order_sectionsthemes\hester\sections\section-slider.php:206
Maintenance & Trust

Hester Core Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 19, 2026
PHP min version5.6
Downloads95K

Community Trust

Rating0/100
Number of ratings0
Active installs10K
Alternatives

Hester Core Alternatives

Sinatra Core

Sinatra Core

sinatra-core

A
85

Sinatra Core is an optional companion plugin for Sinatra theme. It adds additional features such as widgets, blocks and a collection of pre-built webs …

9K No CVEs
Hawk Core

Hawk Core

hawk-core

A
100

Hawk Core is the official companion plugin for the Hawk Theme.

0 No CVEs
SiteOrigin Widgets Bundle

SiteOrigin Widgets Bundle

so-widgets-bundle

A
95

Essential elements for modern websites. Add buttons, sliders, heroes, maps, images, carousels, features, icons, more. Create dynamic pages easily.

400K 11 CVEs
Widget Logic

Widget Logic

widget-logic

A
95

Widget Logic lets you control on which pages widgets appear using WP's conditional tags.

100K 2 CVEs
Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

widget-options

B
83

0ddcemmihs4a843ekhaoofzosrunf4bl Widget Options gives you super powers to control your site’s sidebar widgets and all Gutenberg blocks on pages, posts …

100K 7 CVEs
Developer Profile

Hester Core Developer Profile

peregrinethemes

10 plugins · 38K total installs

97
trust score
Avg Security Score
96/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect Hester Core

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hester-core/admin/assets/css/hester-admin.css/wp-content/plugins/hester-core/assets/css/hester-frontend.css/wp-content/plugins/hester-core/assets/js/hester-frontend.js
Script Paths
/wp-content/plugins/hester-core/assets/js/hester-frontend.js
Version Parameters
hester-core/admin/assets/css/hester-admin.css?ver=hester-core/assets/css/hester-frontend.css?ver=hester-core/assets/js/hester-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
hester-sectionhester-rowhester-columnhester-buttonhester-image-boxhester-testimonial
Data Attributes
data-hester-elementdata-hester-settings
JS Globals
HesterFrontendhesterFrontend
Shortcode Output
[hester_section][/hester_section][hester_row][/hester_row]
FAQ

Frequently Asked Questions about Hester Core