WP Beacon

Daniel Iser

@danieliser · wordpress.org profile ↗
Member since
2010-06-15
Location
Florida, USA
Employer
Code Atlantic LLC
Job title
Founder & Lead Engineer
Authored
12 (2 closed)
SVN commit access
5
Readme contributor
0
Combined install base
830k+ across 13 plugins

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder Resolved · no_longer_matches 7d ago
Slugpopup-maker
Patternunserialize_after_remote_call
Kindbuiltin
Version1.22.0
Hit count3
First hit
File
classes/Extension/Updater.php
Line
670
Snippet
L652: $request = wp_remote_get(// Uses wp_remote_post() in EDD Sample. → L670: $request->sections = maybe_unserialize( $request->sections );
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`) is followed by `unserialize`/`maybe_unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. Legit plugins essentially never do this.
View raw JSON
{
    "slug": "popup-maker",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.22.0",
    "hit_count": 3,
    "first_hit": {
        "file": "classes/Extension/Updater.php",
        "line": 670,
        "snippet": "L652: $request = wp_remote_get(// Uses wp_remote_post() in EDD Sample.  \u2192  L670: $request->sections = maybe_unserialize( $request->sections );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`) is followed by `unserialize`/`maybe_unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. Legit plugins essentially never do this."
}
Critical code_scan_delta Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder Resolved · fp_edd_updater_library 7d ago
Slugpopup-maker
Previous version1.22.0
Current version1.22.0
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinclasses/Extension/Updater.php670L652: $request = wp_remote_get(// Uses wp_remote_post() in EDD Sample. → L670: $request->sections = maybe_unserialize( $request->sections );high
unserialize_after_remote_callbuiltinclasses/Extension/Updater.php676L667: $request = json_decode( wp_remote_retrieve_body( $request ) ); → L676: $request->banners = maybe_unserialize( $request->banners );high
unserialize_after_remote_callbuiltinclasses/Extension/Updater.php680L667: $request = json_decode( wp_remote_retrieve_body( $request ) ); → L680: $request->icons = maybe_unserialize( $request->icons );high
New finding count3
View raw JSON
{
    "slug": "popup-maker",
    "previous_version": "1.22.0",
    "current_version": "1.22.0",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "classes/Extension/Updater.php",
            "line": 670,
            "snippet": "L652: $request = wp_remote_get(// Uses wp_remote_post() in EDD Sample.  \u2192  L670: $request->sections = maybe_unserialize( $request->sections );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "classes/Extension/Updater.php",
            "line": 676,
            "snippet": "L667: $request = json_decode( wp_remote_retrieve_body( $request ) );  \u2192  L676: $request->banners = maybe_unserialize( $request->banners );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "classes/Extension/Updater.php",
            "line": 680,
            "snippet": "L667: $request = json_decode( wp_remote_retrieve_body( $request ) );  \u2192  L680: $request->icons = maybe_unserialize( $request->icons );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

Plugins authored (12)

Plugin Version Installs Last updated Status
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder ·popup-maker 1.22.0 700k+ 15d ago Active
User Menus – Nav Menu Visibility ·user-menus 1.3.2 80k+ 1y ago Active
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More ·content-control 2.6.5 40k+ 11mo ago Active
Easy Modal ·easy-modal 2.1.0 7k+ 8y ago Active
Vertical Menu Widget ·vertical-menu-widget 0.9 100 14y ago Active
Popup Maker – BuddyPress Integration ·popup-maker-buddypress-integration 1.0.0 100 7y ago Active
Recipe Manager ·recipe-manager 1.0.0 10 8y ago Active
HTML5 Widgets ·html5-widgets 0.9.1 10 14y ago Active
html5-widget-types ·html5-widget-types Closed
knowledge-base ·knowledge-base Closed
Tindeck ·tindeck 1 12y ago Active
Restrict Content Pro – Taxamo Integration ·rcp-taxamo 1.0.0 11y ago Active

SVN commit access (5)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Easy Modal danieliser 7k+ 185 14y ago 9y ago Active
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder danieliser 700k+ 143 11y ago 6mo ago Active
User Menus – Nav Menu Visibility danieliser 80k+ 56 9y ago 1y ago Active
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More danieliser 40k+ 49 9y ago 3y ago Active
Cooked – Recipe Management goratech 3k+ 6 12y ago 9y ago Active