WP-Safety

Hester Core Security & Risk Analysis

wordpress.org/plugins/hester-core

The official companion plugin for Peregrine Themes. Adds widgets, customization options, Elementor widgets, and demo import features.

10K active installs v1.1.2 PHP 7.4+ WP 5.9+ Updated Apr 15, 2026
demoselementorwidgetswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Hester Core Safe to Use in 2026?

Generally Safe

Score 100/100

Hester Core has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The hester-core plugin version 1.0.10 exhibits a generally good security posture, characterized by several strong security practices. The plugin demonstrates a commitment to secure coding with 100% of its SQL queries utilizing prepared statements and a high percentage (86%) of its output being properly escaped. Furthermore, the presence of nonce and capability checks on its identified entry points is a positive indicator of security awareness. The absence of any recorded vulnerabilities in its history, including critical and high severity CVEs, is a significant strength.

However, there are a few areas that warrant attention. The static analysis reveals the presence of dangerous functions such as 'unserialize' and 'assert', which can introduce security risks if not handled with extreme care and proper sanitization of their inputs. While the taint analysis found no unsanitized paths, the mere presence of these functions warrants a cautious approach. The plugin's attack surface is small and currently appears to be protected, but any future expansion of this surface without robust authentication would increase risk.

In conclusion, hester-core v1.0.10 is a relatively secure plugin due to its robust SQL handling, output escaping, and lack of historical vulnerabilities. The primary area of concern lies in the potential risks associated with the use of dangerous functions like 'unserialize' and 'assert'. Vigilance regarding input validation for these functions is paramount to maintaining its current strong security standing.

Key Concerns

  • Presence of dangerous functions (unserialize, assert)
Vulnerabilities
None known

Hester Core Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Hester Core Release Timeline

v1.1.2Current
v1.1.1
v1.1.0
v1.0.10
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Hester Core Code Analysis

Dangerous Functions
9
Raw SQL Queries
0
4 prepared
Unescaped Output
63
383 escaped
Nonce Checks
6
Capability Checks
3
File Operations
28
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserializeupdate_post_meta($id, '_menu_item_mega', unserialize($_menu_item_mega));core\admin\demo-library\importers\class-wordpress-importer.php:1329
unserialize$_menu_item_mega_grid = unserialize($_menu_item_mega_grid);core\admin\demo-library\importers\class-wordpress-importer.php:1333
unserializeupdate_post_meta($id, '_menu_item_mega_tab', unserialize($_menu_item_mega_tab));core\admin\demo-library\importers\class-wordpress-importer.php:1350
assertassert($bin !== false);core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\brick\math\src\BigInteger.php:1002
assertassert($value instanceof static);core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\brick\math\src\BigNumber.php:68
assertassert($numerator !== null);core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\brick\math\src\BigNumber.php:107
assertassert($denominator !== null);core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\brick\math\src\BigNumber.php:108
assertassert( is_array( $codePoints[0] ) );core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\rowbot\idna\bin\RegexBuilder.php:191
assertassert( $parsedURL->url !== null );core\admin\demo-library\importers\php-toolkit\DataLiberation\vendor-patched\rowbot\url\src\URL.php:84

SQL Query Safety

100% prepared4 total queries

Output Escaping

86% escaped446 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
import_demo_step (core\admin\demo-library\class-hester-demo-importer.php:97)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Hester Core Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_hester_core_import_stepcore\admin\demo-library\class-hester-demo-importer.php:85
authwp_ajax_hester-core-filter-demoscore\admin\demo-library\class-hester-demo-library.php:103
WordPress Hooks 34
actionafter_setup_themecore\admin\class-hester-core-admin.php:57
filterhester_recommended_pluginscore\admin\class-hester-core-admin.php:60
filterupload_mimescore\admin\class-hester-core-admin.php:63
actionadmin_noticescore\admin\class-hester-core-admin.php:92
actionadmin_menucore\admin\class-hester-core-admin.php:99
actionadmin_menucore\admin\class-hester-core-admin.php:100
actionadmin_enqueue_scriptscore\admin\class-hester-core-admin.php:109
actioninitcore\admin\demo-library\class-hester-demo-exporter.php:61
filterwp_import_post_data_rawcore\admin\demo-library\class-hester-demo-importer.php:88
actionadmin_menucore\admin\demo-library\class-hester-demo-library-page.php:58
actionadmin_enqueue_scriptscore\admin\demo-library\class-hester-demo-library.php:101
actionadmin_initcore\admin\demo-library\class-hester-demo-library.php:102
filterimport_post_meta_keycore\admin\demo-library\importers\class-wordpress-importer.php:136
filterhttp_request_timeoutcore\admin\demo-library\importers\class-wordpress-importer.php:137
filterhester_dynamic_stylescore\widgets\class-hester-core-custom-list-widget.php:51
filterhester_dynamic_stylescore\widgets\class-hester-core-posts-list-widget.php:54
actionwidgets_initcore\widgets\widgets.php:62
actionadmin_print_footer_scripts-widgets.phpcore\widgets\widgets.php:88
actionwp_enqueue_scriptscore\widgets\widgets.php:116
actionadmin_print_footer_scripts-widgets.phpcore\widgets\widgets.php:179
actionplugins_loadedhester-core.php:89
actionadmin_noticeshester-core.php:205
actioninitthemes\hester\customizer\customizer.php:54
filterhester_default_option_valuesthemes\hester\customizer\default.php:2
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-blog.php:3
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-extra.php:2
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-features.php:3
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-info.php:3
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-products.php:3
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-services.php:2
filterhester_customizer_optionsthemes\hester\customizer\settings\settings-slider.php:3
actionwp_enqueue_scriptsthemes\hester\hester.php:17
actionafter_switch_themethemes\hester\hester.php:42
actionhester_before_home_order_sectionsthemes\hester\sections\section-slider.php:206
Maintenance & Trust

Hester Core Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.4
Downloads104K

Community Trust

Rating0/100
Number of ratings0
Active installs10K
Alternatives

Hester Core Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs
Element Pack – Widgets, Templates & Addons for Elementor

Element Pack – Widgets, Templates & Addons for Elementor

bdthemes-element-pack-lite

A
89

Elementor addons with 300+ widgets, templates, WooCommerce widgets, mega menu, header footer builder, and powerful design extensions.

100K 38 CVEs
Exclusive Addons for Elementor

Exclusive Addons for Elementor

exclusive-addons-for-elementor

A
96

Exclusive Addons is one of the Best Elementor Addons With 90+ Elementor Free & Pro Widgets with all the customizations options you ever imagined.

60K 24 CVEs
RTMKit

RTMKit

rometheme-for-elementor

A
88

All-in-one toolkit for Elementor: advanced addons, theme builder, forms, icons & templates to build stunning sites fast and easy.

50K 14 CVEs
Bosa Elementor Addons and Templates for WooCommerce

Bosa Elementor Addons and Templates for WooCommerce

bosa-elementor-for-woocommerce

A
99

Elementor Addon with widgets and templates for WooCommerce.

30K 1 CVE
Developer Profile

Hester Core Developer Profile

peregrinethemes

10 plugins · 38K total installs

85
trust score
Avg Security Score
96/100
Avg Patch Time
47 days
View full developer profile
Detection Fingerprints

How We Detect Hester Core

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hester-core/admin/assets/css/hester-admin.css/wp-content/plugins/hester-core/assets/css/hester-frontend.css/wp-content/plugins/hester-core/assets/js/hester-frontend.js
Script Paths
/wp-content/plugins/hester-core/assets/js/hester-frontend.js
Version Parameters
hester-core/admin/assets/css/hester-admin.css?ver=hester-core/assets/css/hester-frontend.css?ver=hester-core/assets/js/hester-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
hester-sectionhester-rowhester-columnhester-buttonhester-image-boxhester-testimonial
Data Attributes
data-hester-elementdata-hester-settings
JS Globals
HesterFrontendhesterFrontend
Shortcode Output
[hester_section][/hester_section][hester_row][/hester_row]
FAQ

Frequently Asked Questions about Hester Core