Author: aapanel – WP Beacon

Alerts (0)

No open alerts.

Show 1 resolved alert

Critical code_pattern aapanel WP Toolkit Resolved · false_positive_defensive_string_check 2d ago

Slug	aapanel-wp-toolkit
Pattern	`serialized_admin_role`
Kind	`builtin`
Version	`1.2`
Hit count	1
First hit	File `includes/class-aapanel-wp-toolkit-agent.php` Line 47 Snippet $user_id = $wpdb->get_var("select `user_id` from " . $wpdb->usermeta . " where `meta_key` = '" . $wpdb->prefix . "capabilities' and `meta_value` like '%s:13:\"administrator\";b:1;%'"); // retrieve s
Explanation	plugin source contains `s:13:"administrator"` — the PHP-serialized representation of the `administrator` role meta value. Used to bypass `wp_insert_user()` by writing directly to `wp_usermeta` with a hand-crafted capabilities string. Near-zero FP because legit code uses `WP_User::set_role()` instead of building the serialized form by hand.

View raw JSON

{
    "slug": "aapanel-wp-toolkit",
    "pattern": "serialized_admin_role",
    "kind": "builtin",
    "version": "1.2",
    "hit_count": 1,
    "first_hit": {
        "file": "includes/class-aapanel-wp-toolkit-agent.php",
        "line": 47,
        "snippet": "$user_id = $wpdb->get_var(\"select `user_id` from \" . $wpdb->usermeta . \" where `meta_key` = '\" . $wpdb->prefix . \"capabilities' and `meta_value` like '%s:13:\\\"administrator\\\";b:1;%'\"); // retrieve s"
    },
    "explanation": "plugin source contains `s:13:\"administrator\"` \u2014 the PHP-serialized representation of the `administrator` role meta value. Used to bypass `wp_insert_user()` by writing directly to `wp_usermeta` with a hand-crafted capabilities string. Near-zero FP because legit code uses `WP_User::set_role()` instead of building the serialized form by hand."
}

Plugins authored (1)

Plugin	Version	Installs	Last updated	Status
aapanel WP Toolkit ·`aapanel-wp-toolkit`	1.2	1k+	9mo ago	Active

SVN commit access (1)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
aapanel WP Toolkit	aapanel	1k+	14	1y ago	9mo ago	Active