Author: 10web – WP Beacon

Alerts (0)

No open alerts.

Show 7 resolved alerts

Critical code_scan_match Slider by 10Web – Responsive Image Slider Resolved · code_scan_fp_class_vendor_cdn_enqueue 17d ago

Slug slider-wd

Finding count 1

Findings

Pattern	Kind	File	Line	Snippet	Confidence	Details
`remote_enqueue`	`builtin`	`slider-wd.php`	886	wp_register_script($this->prefix . '_youtube', 'https://www.youtube.com/iframe_api');	`medium`	Url https://www.youtube.com/iframe_api Url host `www.youtube.com`

Resolved sha 78367a7f3dd9bac9b3460f7241461452d816f8eb

Serial offender note Severity bumped high→critical: author 10web has 6 prior security-issue closures on wp.org.

View raw JSON

{
    "slug": "slider-wd",
    "finding_count": 1,
    "findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "slider-wd.php",
            "line": 886,
            "snippet": "wp_register_script($this->prefix . '_youtube', 'https://www.youtube.com/iframe_api');",
            "confidence": "medium",
            "details": {
                "url": "https://www.youtube.com/iframe_api",
                "url_host": "www.youtube.com"
            }
        }
    ],
    "resolved_sha": "78367a7f3dd9bac9b3460f7241461452d816f8eb",
    "serial_offender_note": "Severity bumped high\u2192critical: author 10web has 6 prior security-issue closures on wp.org."
}

Critical code_scan_match Photo Gallery by 10Web – Mobile-Friendly Image Gallery Resolved · code_scan_fp_class_vendor_cdn_enqueue 17d ago

Slug photo-gallery

Finding count 6

Findings

Pattern	Kind	File	Line	Snippet	Confidence	Details
`remote_enqueue`	`builtin`	`frontend/views/view.php`	17	`wp_register_script( 'instagram-embed', 'https://www.instagram.com/embed.js' );`	`medium`	Url https://www.instagram.com/embed.js Url host `www.instagram.com`
`Validate_Path(`	`ioc:code_pattern`	`filemanager/controller.php`	45	$dir = str_replace(array('\\', '..'), '', WDWLibrary::validate_path($this->model->get_from_session('dir', '')));	`medium`	—
`Validate_Path(`	`ioc:code_pattern`	`filemanager/view.php`	77	var dir = "<?php echo(isset($_REQUEST['dir']) ? str_replace(array('\\', '..'), '', WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text_field', 'REQUEST'))) : ''); ?>";	`medium`	—
`Validate_Path(`	`ioc:code_pattern`	`filemanager/view.php`	78	var dirUrl = "<?php echo $this->controller->get_uploads_url() . (isset($_REQUEST['dir']) ? str_replace(array('\\', '..'), '', WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text	`medium`	—
`Validate_Path(`	`ioc:code_pattern`	`filemanager/UploadHandler.php`	915	$dir = isset($_REQUEST['dir']) ? WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text_field', 'REQUEST')) : '';	`medium`	—
`Validate_Path(`	`ioc:code_pattern`	`framework/WDWLibrary.php`	3,631	`public static function validate_path( $path = '' ) {`	`medium`	—

Resolved sha 55a3552b93ee701a8f4d46d0a6d6060a2c0b4aaf

Serial offender note Severity bumped high→critical: author 10web has 6 prior security-issue closures on wp.org.

View raw JSON

{
    "slug": "photo-gallery",
    "finding_count": 6,
    "findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "frontend/views/view.php",
            "line": 17,
            "snippet": "wp_register_script( 'instagram-embed', 'https://www.instagram.com/embed.js' );",
            "confidence": "medium",
            "details": {
                "url": "https://www.instagram.com/embed.js",
                "url_host": "www.instagram.com"
            }
        },
        {
            "pattern": "Validate_Path(",
            "kind": "ioc:code_pattern",
            "file": "filemanager/controller.php",
            "line": 45,
            "snippet": "$dir = str_replace(array('\\\\', '..'), '', WDWLibrary::validate_path($this->model->get_from_session('dir', '')));",
            "confidence": "medium"
        },
        {
            "pattern": "Validate_Path(",
            "kind": "ioc:code_pattern",
            "file": "filemanager/view.php",
            "line": 77,
            "snippet": "var dir = \"<?php echo(isset($_REQUEST['dir']) ? str_replace(array('\\\\', '..'), '', WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text_field', 'REQUEST'))) : ''); ?>\";",
            "confidence": "medium"
        },
        {
            "pattern": "Validate_Path(",
            "kind": "ioc:code_pattern",
            "file": "filemanager/view.php",
            "line": 78,
            "snippet": "var dirUrl = \"<?php echo $this->controller->get_uploads_url() . (isset($_REQUEST['dir']) ? str_replace(array('\\\\', '..'), '',  WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text",
            "confidence": "medium"
        },
        {
            "pattern": "Validate_Path(",
            "kind": "ioc:code_pattern",
            "file": "filemanager/UploadHandler.php",
            "line": 915,
            "snippet": "$dir = isset($_REQUEST['dir']) ? WDWLibrary::validate_path(WDWLibrary::get('dir', '', 'sanitize_text_field', 'REQUEST')) : '';",
            "confidence": "medium"
        },
        {
            "pattern": "Validate_Path(",
            "kind": "ioc:code_pattern",
            "file": "framework/WDWLibrary.php",
            "line": 3631,
            "snippet": "public static function validate_path( $path = '' ) {",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "55a3552b93ee701a8f4d46d0a6d6060a2c0b4aaf",
    "serial_offender_note": "Severity bumped high\u2192critical: author 10web has 6 prior security-issue closures on wp.org."
}

Critical code_scan_delta Slider by 10Web – Responsive Image Slider Resolved · false_positive_cdn_known_good 22d ago

Slug slider-wd

Previous version 1.2.62

Current version 1.2.62

New findings

Pattern	Kind	File	Line	Snippet	Confidence	Details
`remote_enqueue`	`builtin`	`slider-wd.php`	886	wp_register_script($this->prefix . '_youtube', 'https://www.youtube.com/iframe_api');	`medium`	Url https://www.youtube.com/iframe_api Url host `www.youtube.com`

New finding count 1

Serial offender note Severity bumped high→critical: author 10web has 6 prior security-issue closures on wp.org.

View raw JSON

{
    "slug": "slider-wd",
    "previous_version": "1.2.62",
    "current_version": "1.2.62",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "slider-wd.php",
            "line": 886,
            "snippet": "wp_register_script($this->prefix . '_youtube', 'https://www.youtube.com/iframe_api');",
            "confidence": "medium",
            "details": {
                "url": "https://www.youtube.com/iframe_api",
                "url_host": "www.youtube.com"
            }
        }
    ],
    "new_finding_count": 1,
    "serial_offender_note": "Severity bumped high\u2192critical: author 10web has 6 prior security-issue closures on wp.org."
}

Critical code_scan_delta Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Resolved · false_positive_cdn_known_good 22d ago

Slug form-maker

Previous version 1.15.42

Current version 1.15.43

New findings

Pattern	Kind	File	Line	Snippet	Confidence	Details
`remote_enqueue`	`builtin`	`form-maker.php`	1,161	wp_register_script($this->handle_prefix . '-g-recaptcha', 'https://www.google.com/recaptcha/api.js?hl='.$lng.'&onload=fmRecaptchaInit&render=explicit');	`medium`	Url https://www.google.com/recaptcha/api.js?hl= Url host `www.google.com`
`remote_enqueue`	`builtin`	`form-maker.php`	1,163	wp_register_script($this->handle_prefix . '-g-recaptcha-v3', 'https://www.google.com/recaptcha/api.js?hl='.$lng.'&onload=fmRecaptchaInit&render=' . $fm_settings['public_key']);	`medium`	Url https://www.google.com/recaptcha/api.js?hl= Url host `www.google.com`

New finding count 2

Serial offender note Severity bumped high→critical: author 10web has 6 prior security-issue closures on wp.org.

View raw JSON

{
    "slug": "form-maker",
    "previous_version": "1.15.42",
    "current_version": "1.15.43",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "form-maker.php",
            "line": 1161,
            "snippet": "wp_register_script($this->handle_prefix . '-g-recaptcha', 'https://www.google.com/recaptcha/api.js?hl='.$lng.'&onload=fmRecaptchaInit&render=explicit');",
            "confidence": "medium",
            "details": {
                "url": "https://www.google.com/recaptcha/api.js?hl=",
                "url_host": "www.google.com"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "form-maker.php",
            "line": 1163,
            "snippet": "wp_register_script($this->handle_prefix . '-g-recaptcha-v3', 'https://www.google.com/recaptcha/api.js?hl='.$lng.'&onload=fmRecaptchaInit&render=' . $fm_settings['public_key']);",
            "confidence": "medium",
            "details": {
                "url": "https://www.google.com/recaptcha/api.js?hl=",
                "url_host": "www.google.com"
            }
        }
    ],
    "new_finding_count": 2,
    "serial_offender_note": "Severity bumped high\u2192critical: author 10web has 6 prior security-issue closures on wp.org."
}

Critical code_scan_delta Photo Gallery by 10Web – Mobile-Friendly Image Gallery Resolved · false_positive_cdn_known_good 23d ago

Slug photo-gallery

Previous version 1.8.39

Current version 1.8.40

New findings

Pattern	Kind	File	Line	Snippet	Confidence	Details
`remote_enqueue`	`builtin`	`frontend/views/view.php`	17	`wp_register_script( 'instagram-embed', 'https://www.instagram.com/embed.js' );`	`medium`	Url https://www.instagram.com/embed.js Url host `www.instagram.com`

New finding count 1

Serial offender note Severity bumped high→critical: author 10web has 6 prior security-issue closures on wp.org.

View raw JSON

{
    "slug": "photo-gallery",
    "previous_version": "1.8.39",
    "current_version": "1.8.40",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "frontend/views/view.php",
            "line": 17,
            "snippet": "wp_register_script( 'instagram-embed', 'https://www.instagram.com/embed.js' );",
            "confidence": "medium",
            "details": {
                "url": "https://www.instagram.com/embed.js",
                "url_host": "www.instagram.com"
            }
        }
    ],
    "new_finding_count": 1,
    "serial_offender_note": "Severity bumped high\u2192critical: author 10web has 6 prior security-issue closures on wp.org."
}

Critical code_pattern Photo Gallery by 10Web – Mobile-Friendly Image Gallery Resolved · no_longer_matches 28d ago

Slug	photo-gallery
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`1.8.39`
Hit count	1
First hit	File `wd/includes/overview.php` Line 44 Snippet L41: $request = wp_remote_get(" http://api.wordpress.org/plugins/info/1.0/" . $plugin_wp_sl → L44: $body = unserialize($request['body']);
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.

View raw JSON

{
    "slug": "photo-gallery",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.8.39",
    "hit_count": 1,
    "first_hit": {
        "file": "wd/includes/overview.php",
        "line": 44,
        "snippet": "L41: $request = wp_remote_get(\" http://api.wordpress.org/plugins/info/1.0/\" . $plugin_wp_sl  \u2192  L44: $body = unserialize($request['body']);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}

Critical code_scan_delta Photo Gallery by 10Web – Mobile-Friendly Image Gallery Resolved · fp_wporg_official_api 28d ago

Slug photo-gallery

Previous version 1.8.39

Current version 1.8.39

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`wd/includes/overview.php`	44	L41: $request = wp_remote_get(" http://api.wordpress.org/plugins/info/1.0/" . $plugin_wp_sl → L44: $body = unserialize($request['body']);	`high`

New finding count 1

View raw JSON

{
    "slug": "photo-gallery",
    "previous_version": "1.8.39",
    "current_version": "1.8.39",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "wd/includes/overview.php",
            "line": 44,
            "snippet": "L41: $request = wp_remote_get(\" http://api.wordpress.org/plugins/info/1.0/\" . $plugin_wp_sl  \u2192  L44: $body = unserialize($request['body']);",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

Plugins authored (32)

Plugin	Version	Installs	Last updated	Status
Photo Gallery by 10Web – Mobile-Friendly Image Gallery ·`photo-gallery`	1.8.40	200k+	24d ago	Active
10Web Booster – Website speed optimization, Cache & Page Speed optimizer ·`tenweb-speed-optimizer`	2.32.21	80k+	25d ago	Active
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder ·`form-maker`	1.15.43	30k+	23d ago	Active
Slider by 10Web – Responsive Image Slider ·`slider-wd`	1.2.62	20k+	1y ago	Active
10WebSocial ·`wd-instagram-feed`	1.4.35	10k+	3y ago	Active
Image Optimizer by 10web – Image Optimizer and Compression plugin ·`image-optimizer-wd`	6.0.67	4k+	1y ago	Active
Z ·`zoom-widget`	1.2.8	600	6y ago	Active
Import to Photo Gallery from NextGen gallery ·`import-to-photo-gallery-from-nextgen-gallery`	1.0.5	500	7y ago	Active
10web-manager ·`10web-manager`	1.3.22	—	—	Closed
10Web Social Post Feed ·`wd-facebook-feed`	1.2.9	—	—	Closed
10WebAnalytics ·`wd-google-analytics`	1.2.12	—	—	Closed
WD WidgetTwitter ·`widget-twitter`	1.0.9	—	—	Closed
10Web Map Builder for Google Maps ·`wd-google-maps`	1.0.74	—	—	Closed
10Web Forms for MailChimp ·`wd-mailchimp`	1.1.4	—	—	Closed
10Web AI Assistant – AI content writing assistant ·`ai-assistant-by-10web`	1.0.19	—	—	Closed
AI Assistant by 10Web – SEO Pack ·`ai-assistant-by-10web-seo-pack`	1.0.5	—	—	Closed
10WebPlayer ·`wd-youtube`	1.0.36	—	—	Closed
SpiderContacts ·`spider-contacts`	1.1.7	—	—	Closed
SpiderCalendar ·`spider-event-calendar`	1.5.65	—	—	Closed
Ecommerce by 10Web – eCommerce shopping cart plugin ·`ecommerce-wd`	1.2.17	—	—	Closed
WDSocialWidgets ·`spider-facebook`	1.0.15	—	—	Closed
SpiderFAQ ·`spider-faq`	1.3.2	—	—	Closed
SpiderVPlayer ·`player`	1.5.22	—	—	Closed
EventCalendar ·`event-calendar-wd`	1.1.55	—	—	Closed
RPost ·`spider-random-post`	1.0.4	—	—	Closed
TeamBy10Web ·`staff-team`	1.1.7	—	—	Closed
10WebPostSlider ·`post-slider-wd`	1.0.60	—	—	Closed
SEO by 10Web ·`seo-by-10web`	1.2.9	—	—	Closed
10WebFAQ ·`faq-wd`	1.0.41	—	—	Closed
WDContactFormBuilder ·`contact-form-builder`	1.0.72	—	—	Closed
Contact Form by WD – responsive drag & drop contact form builder tool ·`contact-form-maker`	1.13.23	—	—	Closed
ad-manager-wd ·`ad-manager-wd`	1.0.14	—	—	Closed

SVN commit access (20)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
10Web Booster – Website speed optimization, Cache & Page Speed optimizer	10web	80k+	131	3y ago	1y ago	Active
10WebSocial	10web	10k+	99	6y ago	3y ago	Active
10Web Social Post Feed	10web	—	86	7y ago	3y ago	Closed
Slider by 10Web – Responsive Image Slider	10web	20k+	82	6y ago	1y ago	Active
SEO by 10Web	10web	—	81	7y ago	2y ago	Closed
EventCalendar	10web	—	55	6y ago	4y ago	Closed
10Web Map Builder for Google Maps	10web	—	44	6y ago	2y ago	Closed
10Web AI Assistant – AI content writing assistant	10web	—	36	3y ago	2y ago	Closed
10WebPlayer	10web	—	31	6y ago	4y ago	Closed
Image Optimizer by 10web – Image Optimizer and Compression plugin	10web	4k+	24	5y ago	2y ago	Active
AI Assistant by 10Web – SEO Pack	10web	—	17	3y ago	2y ago	Closed
10WebAnalytics	10web	—	10	6y ago	4y ago	Closed
Ecommerce by 10Web – eCommerce shopping cart plugin	10web	—	8	7y ago	4y ago	Closed
SpiderCalendar	10web	—	7	6y ago	4y ago	Closed
TeamBy10Web	10web	—	6	6y ago	4y ago	Closed
10Web Forms for MailChimp	10web	—	5	6y ago	6y ago	Closed
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder	10web	30k+	3	7y ago	23d ago	Active
Photo Gallery by 10Web – Mobile-Friendly Image Gallery	10web	200k+	2	7y ago	24d ago	Active
10WebPostSlider	10web	—	1	6y ago	6y ago	Closed
Contact Form by WD – responsive drag & drop contact form builder tool	10web	—	1	3y ago	3y ago	Closed