WP Beacon

Chouby

@chouby · wordpress.org profile ↗
Member since
2011-09-21
Location
France
Employer
WP SYNTEX
Job title
Authored
4 (1 closed)
SVN commit access
3
Readme contributor
1
Combined install base
818k+ across 5 plugins

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern Polylang Resolved · no_longer_matches 7d ago
Slugpolylang
Patternunserialize_after_remote_call
Kindbuiltin
Version3.8.2
Hit count3
First hit
File
src/install/plugin-updater.php
Line
635
Snippet
L617: $request = wp_remote_post( → L635: $request->sections = maybe_unserialize( $request->sections );
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`) is followed by `unserialize`/`maybe_unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. Legit plugins essentially never do this.
View raw JSON
{
    "slug": "polylang",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.8.2",
    "hit_count": 3,
    "first_hit": {
        "file": "src/install/plugin-updater.php",
        "line": 635,
        "snippet": "L617: $request = wp_remote_post(  \u2192  L635: $request->sections = maybe_unserialize( $request->sections );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`) is followed by `unserialize`/`maybe_unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. Legit plugins essentially never do this."
}
Critical code_scan_delta Polylang Resolved · fp_edd_updater_library 7d ago
Slugpolylang
Previous version3.8.2
Current version3.8.2
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinsrc/install/plugin-updater.php635L617: $request = wp_remote_post( → L635: $request->sections = maybe_unserialize( $request->sections );high
unserialize_after_remote_callbuiltinsrc/install/plugin-updater.php641L632: $request = json_decode( wp_remote_retrieve_body( $request ) ); → L641: $request->banners = maybe_unserialize( $request->banners );high
unserialize_after_remote_callbuiltinsrc/install/plugin-updater.php645L632: $request = json_decode( wp_remote_retrieve_body( $request ) ); → L645: $request->icons = maybe_unserialize( $request->icons );high
New finding count3
View raw JSON
{
    "slug": "polylang",
    "previous_version": "3.8.2",
    "current_version": "3.8.2",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "src/install/plugin-updater.php",
            "line": 635,
            "snippet": "L617: $request = wp_remote_post(  \u2192  L635: $request->sections = maybe_unserialize( $request->sections );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "src/install/plugin-updater.php",
            "line": 641,
            "snippet": "L632: $request = json_decode( wp_remote_retrieve_body( $request ) );  \u2192  L641: $request->banners = maybe_unserialize( $request->banners );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "src/install/plugin-updater.php",
            "line": 645,
            "snippet": "L632: $request = json_decode( wp_remote_retrieve_body( $request ) );  \u2192  L645: $request->icons = maybe_unserialize( $request->icons );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

Plugins authored (4)

Plugin Version Installs Last updated Status
Polylang ·polylang 3.8.3 800k+ 4d ago Active
WPML to Polylang ·wpml-to-polylang 0.6 6k+ 1y ago Active
Site Editor Classic Features ·fse-classic 1.0 2k+ 4mo ago Active
DynaMo ·dynamo 1.2 Closed

SVN commit access (3)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
WPML to Polylang chouby 6k+ 30 12y ago 1y ago Active
Polylang chouby 800k+ 1 12y ago 4d ago Active
Site Editor Classic Features chouby 2k+ 1 1y ago 1y ago Active

Contributor on other plugins (1)

Plugins where this account is listed in the readme contributors (distinct from SVN commit access).

Plugin Primary author Version Installs
Ray Enterprise Translation jirosas 1.7.3 10k+