WP Beacon

BoldGrid

@boldgrid · wordpress.org profile ↗
Member since
2017-11-10
Location
Virginia Beach, Virginia, USA
Employer
BoldGrid
Job title
Authored
15 (2 closed)
SVN commit access
8
Readme contributor
0
Combined install base
1.1M+ across 15 plugins

Alerts (0)

No open alerts.

Show 5 resolved alerts
Critical code_pattern W3 Total Cache Resolved · no_longer_matches 7d ago
Slugw3-total-cache
Patternunserialize_after_remote_call
Kindbuiltin
Version2.9.4
Hit count2
First hit
File
lib/Minify/Minify/Cache/File.php
Line
148
Snippet
L146: $data = @file_get_contents($path . '_meta'); → L148: $data = @unserialize($data);
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "w3-total-cache",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "2.9.4",
    "hit_count": 2,
    "first_hit": {
        "file": "lib/Minify/Minify/Cache/File.php",
        "line": 148,
        "snippet": "L146: $data = @file_get_contents($path . '_meta');  \u2192  L148: $data = @unserialize($data);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta W3 Total Cache Resolved · fp_local_disk_cache 7d ago
Slugw3-total-cache
Previous version2.9.4
Current version2.9.4
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinlib/Minify/Minify/Cache/File.php148L146: $data = @file_get_contents($path . '_meta'); → L148: $data = @unserialize($data);high
unserialize_after_remote_callbuiltinlib/Minify/Minify/Cache/File.php295L291: $data = @file_get_contents($full_path); → L295: $data = @unserialize($data);high
New finding count2
View raw JSON
{
    "slug": "w3-total-cache",
    "previous_version": "2.9.4",
    "current_version": "2.9.4",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "lib/Minify/Minify/Cache/File.php",
            "line": 148,
            "snippet": "L146: $data = @file_get_contents($path . '_meta');  \u2192  L148: $data = @unserialize($data);",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "lib/Minify/Minify/Cache/File.php",
            "line": 295,
            "snippet": "L291: $data = @file_get_contents($full_path);  \u2192  L295: $data = @unserialize($data);",
            "confidence": "high"
        }
    ],
    "new_finding_count": 2
}
High compromised_committer_burst W3 Total Cache Resolved · benign_release_burst 5d ago
Slugw3-total-cache
Author slugboldgrid
Burst start2026-03-31 19:37:48
Burst end2026-03-31 20:53:50
Burst commits12
Burst window minutes90
Tenure days504
Distinct messages4
Avg message length24
Top messageNew tag
Top message count4
Prt revert
ExplanationEstablished author committed 12 revisions inside a 90-minute window with low-entropy commit messages. Pattern matches the June 2024 wp.org credential-stuffing wave shape; bumped to critical when followed by a wp.org Plugin Review Team revert within 7 days.
View raw JSON
{
    "slug": "w3-total-cache",
    "author_slug": "boldgrid",
    "burst_start": "2026-03-31 19:37:48",
    "burst_end": "2026-03-31 20:53:50",
    "burst_commits": 12,
    "burst_window_minutes": 90,
    "tenure_days": 504,
    "distinct_messages": 4,
    "avg_message_length": 24.2,
    "top_message": "New tag",
    "top_message_count": 4,
    "prt_revert": null,
    "explanation": "Established author committed 12 revisions inside a 90-minute window with low-entropy commit messages. Pattern matches the June 2024 wp.org credential-stuffing wave shape; bumped to critical when followed by a wp.org Plugin Review Team revert within 7 days."
}
Medium committer_younger_than_plugin weForms – Easy Drag & Drop Contact Form Builder For WordPress Resolved · no_longer_matches 1d ago
Slugweforms
Committer slugwebacetechs
Committer display nameMahesh Pandey
Committer employer
Committer member since2020-06-26
Committer first commit2020-09-01 12:41:40
Committer commit count32
Plugin listed authorboldgrid
Earliest plugin commit2017-07-31 22:36:33
Plugin age at join days1,127
Committer age at join days67
Active installs10,000
View raw JSON
{
    "slug": "weforms",
    "committer_slug": "webacetechs",
    "committer_display_name": "Mahesh Pandey",
    "committer_employer": null,
    "committer_member_since": "2020-06-26",
    "committer_first_commit": "2020-09-01 12:41:40",
    "committer_commit_count": 32,
    "plugin_listed_author": "boldgrid",
    "earliest_plugin_commit": "2017-07-31 22:36:33",
    "plugin_age_at_join_days": 1127,
    "committer_age_at_join_days": 67,
    "active_installs": 10000
}
Medium committer_younger_than_plugin weForms – Easy Drag & Drop Contact Form Builder For WordPress Resolved · benign_company_employee 5d ago
Slugweforms
Committer slugavonville1
Committer display nameavonville1
Committer employer
Committer member since2021-05-20
Committer first commit2021-06-09 16:12:06
Committer commit count28
Plugin listed authorboldgrid
Earliest plugin commit2017-07-31 22:36:33
Plugin age at join days1,408
Committer age at join days20
Active installs10,000
View raw JSON
{
    "slug": "weforms",
    "committer_slug": "avonville1",
    "committer_display_name": "avonville1",
    "committer_employer": null,
    "committer_member_since": "2021-05-20",
    "committer_first_commit": "2021-06-09 16:12:06",
    "committer_commit_count": 28,
    "plugin_listed_author": "boldgrid",
    "earliest_plugin_commit": "2017-07-31 22:36:33",
    "plugin_age_at_join_days": 1408,
    "committer_age_at_join_days": 20,
    "active_installs": 10000
}

Plugins authored (15)

Plugin Version Installs Last updated Status
W3 Total Cache ·w3-total-cache 2.9.4 900k+ 1mo ago Active
BoldGrid Easy SEO – Simple and Effective SEO ·boldgrid-easy-seo 1.6.17 50k+ 5mo ago Active
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor ·post-and-page-builder 1.27.10 50k+ 4mo ago Active
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid ·boldgrid-backup 1.17.2 50k+ 1mo ago Active
weForms – Easy Drag & Drop Contact Form Builder For WordPress ·weforms 1.6.28 10k+ 1mo ago Active
Map Block ·easy-maps-block 1.0.1 6k+ 5mo ago Active
Help Scout ·help-scout 6.5.7 400 5mo ago Active
WP Forms + Sprout Invoices – Easy Invoice & Quote Submissions ·sprout-invoices-wp-forms 2.0 400 5mo ago Active
Formidable Forms + Sprout Invoices – Easy Invoice & Estimate Submissions ·sprout-invoices-formidable-forms 1.3 200 5mo ago Active
Gravity Forms + Sprout Invoices – Easy Invoice & Estimate Submissions ·sprout-invoices-gravity-forms 1.3.5 90 5mo ago Active
Ninja Forms + Sprout Invoices – Easy Invoice & Estimate Submissions ·sprout-invoices-ninja-forms 1.3.1 70 5mo ago Active
Sprout Clients – CRM and Lead Management ·sprout-clients 3.2.3 70 2mo ago Active
Theme Grep by BoldGrid ·theme-grep-by-boldgrid 1.0.0 30 5mo ago Active
WooCommerce Invoicing Payments w/ Sprout Invoices ·woo-invoicing-payments-w-sprout-invoices 1.0 Closed
Sprout Invoices – Client Invoicing & Estimates ·sprout-invoices 20.8.12 Closed

SVN commit access (8)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor boldgrid 50k+ 192 6y ago 10mo ago Active
Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid boldgrid 50k+ 190 5y ago 1y ago Active
W3 Total Cache boldgrid 900k+ 189 6y ago 1mo ago Active
BoldGrid Easy SEO – Simple and Effective SEO boldgrid 50k+ 65 8y ago 1y ago Active
Map Block boldgrid 6k+ 13 6y ago 1y ago Active
Help Scout boldgrid 400 9 6y ago 12mo ago Active
weForms – Easy Drag & Drop Contact Form Builder For WordPress boldgrid 10k+ 4 5y ago 4y ago Active
WP Forms + Sprout Invoices – Easy Invoice & Quote Submissions boldgrid 400 4 6y ago 4y ago Active