WP Beacon

Audits

11 benign audits. · 201 IOCs catalogued.

Verdict: All (38) Malicious (14) Cleaned (6) Suspicious (7) Inconclusive (0) Benign (11) In progress (0)
Benign

Audit #33 5-plugin suite — 370 combined installs

Verdict: BENIGN. Five plugins published by author Mathew (mathewt) on wp.org — add-as-preferred-source (90 installs), browser-address-bar-color-changer (50), image-zoom-on-hover (30), disable-right-click-content-copy-pr…

baseline 1.1 → head 1.2 Mathewt cluster · 1mo ago
Benign

Audit #31 WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping — 10k+ installs

Verdict: benign — wp.org guideline violation, not malware. WP Product Feed Manager (display name "WPMR Google Feed Manager for WooCommerce") was closed by wp.org on 2026-04-27 with the standard silent-closure notice ("T…

baseline 2.22.0 → head 2.23.1 Aukejomm cluster · 1mo ago
Benign

Audit #29 Greenshift – animation and page builder blocks — 70k+ installs

Verdict: benign — wp.org guideline violation, not malware. Greenshift was closed by wp.org twice in four months (2026-01-15 and 2026-04-29) over the same root cause: the free plugin shipped a full paid-license activatio…

baseline 12.5.7 → head 12.9.5 Wpsoul cluster · 1mo ago
Benign

Audit #18 WPBot – AI ChatBot for Live Support, Lead Generation, AI Services — 6k+ installs

Suspect-shape but multiply-unreachable dead code — benign. WPBot's includes/openai/plugin-upgrader/ and includes/integration/openai/plugin-upgrader/ directories ship a self-update class (QCLD_openaiaddon_AutoUpdate) who…

by quantumcloud · baseline 0.9.0 → head 8.2.4 1mo ago
Benign

Audit #17 YARPP – Yet Another Related Posts Plugin — 100k+ installs

Suspect-shape but structurally unreachable — benign with one regression to flag. YARPP's version_info() matches the high-confidence catalog IOC unserialize_after_remote_call (@unserialize of wp_remote_post body, hardcod…

by jeffparker · baseline 1.0 → head 5.30.11 1mo ago
Benign

Audit #16 Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more — 7k+ installs

Clean — no supply-chain anomaly. Full git-level audit of ilab-media-tools (Media Cloud by interfacelab) covering all 162 published versions back to 2016-07. Single committer for 8 years, zero detection events, zero IOC …

by interfacelab · baseline 1.0.0 → head 4.6.4 1mo ago
Benign

Audit #15 Content Egg – Affiliate Product Importer & Price Comparison — 10k+ installs

Historical PHP Object Injection chain in Admitad integration — gated since v6.0.0 (2023-08-21), endpoint dead. Two compounding patterns in application/libs/admitad/AdmitadProducts.php + application/libs/RestClient.php f…

by keywordrush · baseline 11.0.0 → head 11.0.0 3 IOCs · 1mo ago
Benign

Audit #30 Subscribe To Comments Reloaded — 10k+ installs

Verdict: benign — abandonment closure, not malware. Subscribe To Comments Reloaded was closed by wp.org on 2026-04-28 with the standard silent-closure notice ("This closure is temporary, pending a full review"). The clo…

baseline 220725 → head 240119 Wpkube cluster · 1mo ago
Benign

Audit #32 83-plugin suite — 203k+ combined installs

Verdict: benign — portfolio-wide guideline violation, not malware. On 2026-04-27 WordPress.org closed 83 plugins from WPFactory's family of author accounts (wpcodefactory, algoritmika, and woobewoo) in a single one-hour…

baseline 4.6.0 → head 4.6.2 Wpcodefactory cluster · 1mo ago
Benign

Audit #11 MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites — 700k+ installs

Who made the change. Committer thanghoang pushed their first commit to this plugin on 2024-07-09, when their WordPress.org account was only 12 days old (created 2024-06-27). New-account commits on established plugins ar…

by thanghoang · baseline 5.1 → head 5.1.1 1mo ago
Benign

Audit #6 Smash Balloon Social Photo Feed – Easy Social Feeds Plugin — 1M+ installs

Verdict: legitimate team onboarding — not a takeover. alexopen is a Smash Balloon employee ("Alex at Smash Balloon" display name), added as a committer to the five Smash Balloon social-feed plugins owned by Awesome Moti…

by alexopen · baseline 6.9.1 → head 6.10.0 1mo ago