Vulnerabilities and security researches forslider-hero slider-hero

Jun 16, 2026

CVE, Research URL: 20851a18-8309-4405-b85c-acaa047effa7
Home page URL: Security reports for Slider Hero with Animation, Video Background
Application: Slider Hero with Animation, Video Background
Date: -
Research Description: Slider Hero with Video Background, Animation [slider-hero] < 8.2.1 CSRF Bypass in Multiple Plugins Multiple plugins are affected by CSRF bypass as they do not properly check for the nonce due to a logic flaw. This could allow attackers to make logged in users do unwanted actions
Affected versions: max 8.2.1.
Status: vulnerable

CVE, Research URL: ec2738226d537a4c17dbff19a2e826361834f640
Home page URL: Security reports for Slider Hero with Animation, Video Background
Application: Slider Hero with Animation, Video Background
Date: Jul 05, 2021
Research Description: Slider Hero with Video Background, Animation [slider-hero] < 8.2.1 WordPress Slider Hero plugin < = 8.2.0 - Cross-Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Slider Hero plugin (versions < = 8.2.0).
Affected versions: max 8.2.1.
Status: vulnerable

CVE, Research URL: e03420c55099714ac90da016761d318e5e1cb6db
Home page URL: Security reports for Slider Hero with Animation, Video Background
Application: Slider Hero with Animation, Video Background
Date: -
Research Description: Slider Hero with Video Background, Animation [slider-hero] < 8.2.1 Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed.
Affected versions: max 8.2.1.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2024-29922
Home page URL: Security reports for Slider Hero with Animation, Video Background
Application: Slider Hero with Animation, Video Background
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1.
Affected versions: max 8.7.0.
Status: vulnerable

CVE, Research URL: CVE-2021-24506
Home page URL: Security reports for Slider Hero with Animation, Video Background
Application: Slider Hero with Animation, Video Background
Date: Aug 23, 2021
Research Description: The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.
Affected versions: max 8.2.7.
Status: vulnerable

CVE, Research URL: CVE-2022-3074
Home page URL: Security reports for Slider Hero with Animation, Video Background
Application: Slider Hero with Animation, Video Background
Date: Sep 26, 2022
Research Description: The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.
Affected versions: max 8.4.4.
Status: vulnerable

CVE, Research URL: -
Home page URL: Security reports for Slider Hero with Animation, Video Background
Application: Slider Hero with Animation, Video Background
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: max 8.2.1.
Status: vulnerable

CVE, Research URL: CVE-2021-4424
Home page URL: Security reports for Slider Hero with Animation, Video Background
Application: Slider Hero with Animation, Video Background
Date: Jul 12, 2023
Research Description: The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qc_slider_hero_duplicate() function. This makes it possible for unauthenticated attackers to duplicate slides via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 8.2.1.
Status: vulnerable