Author: davidanderson

Alerts (0)

No open alerts.

Show 4 resolved alerts

Critical code_pattern UpdraftPlus: WP Backup & Migration Plugin Resolved · no_longer_matches 28d ago

Slug	updraftplus
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`1.26.3`
Hit count	1
First hit	File `backup.php` Line 3,604 Snippet L3604: $var = $updraftplus->unserialize(file_get_contents($cache_file_base.'-info.tmp')); → L3604: $var = $updraftplus->unserialize(file_get_contents($cache_file_base.'-info.tmp'));
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`) is followed by `unserialize`/`maybe_unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. Legit plugins essentially never do this.

View raw JSON

{
    "slug": "updraftplus",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.26.3",
    "hit_count": 1,
    "first_hit": {
        "file": "backup.php",
        "line": 3604,
        "snippet": "L3604: $var = $updraftplus->unserialize(file_get_contents($cache_file_base.'-info.tmp'));  \u2192  L3604: $var = $updraftplus->unserialize(file_get_contents($cache_file_base.'-info.tmp'));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`) is followed by `unserialize`/`maybe_unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. Legit plugins essentially never do this."
}

Critical code_scan_delta UpdraftPlus: WP Backup & Migration Plugin Resolved · fp_local_disk_cache 28d ago

Slug updraftplus

Previous version 1.26.3

Current version 1.26.3

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`backup.php`	3,604	L3604: $var = $updraftplus->unserialize(file_get_contents($cache_file_base.'-info.tmp')); → L3604: $var = $updraftplus->unserialize(file_get_contents($cache_file_base.'-info.tmp'));	`high`

New finding count 1

View raw JSON

{
    "slug": "updraftplus",
    "previous_version": "1.26.3",
    "current_version": "1.26.3",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "backup.php",
            "line": 3604,
            "snippet": "L3604: $var = $updraftplus->unserialize(file_get_contents($cache_file_base.'-info.tmp'));  \u2192  L3604: $var = $updraftplus->unserialize(file_get_contents($cache_file_base.'-info.tmp'));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

High domain_younger_than_plugin UpdraftPlus: WP Backup & Migration Plugin Resolved · no_longer_matches 28d ago

Slug	updraftplus
Domain	`ipvigilante.com`
Domain source	`c2_http_call`
Domain registered at	2025-03-22
Plugin earliest commit	2015-01-01 16:08:48
Plugin latest release	2026-04-23 16:51:10
Gap days	3,732
Domain age at release	397
Active installs	3,000,000

View raw JSON

{
    "slug": "updraftplus",
    "domain": "ipvigilante.com",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2025-03-22",
    "plugin_earliest_commit": "2015-01-01 16:08:48",
    "plugin_latest_release": "2026-04-23 16:51:10",
    "gap_days": 3732,
    "domain_age_at_release": 397,
    "active_installs": 3000000
}

Medium code_scan_match UpdraftPlus: WP Backup & Migration Plugin Resolved · fp:overgeneric_ioc 19d ago

Slug updraftplus

Finding count 9

Findings

Pattern	Kind	File	Line	Snippet	Confidence
`Upgrade`	`ioc:changelog_phrase`	`readme.txt`	220	`* TWEAK: Upgrade the common-libs tag version`	`low`
`Upgrade`	`ioc:changelog_phrase`	`readme.txt`	565	* TWEAK: Attempt to workaround some web hosts' opcode cache producing incorrect error upon upgrade	`low`
`Upgrade`	`ioc:changelog_phrase`	`readme.txt`	660	* TWEAK: Add admin notice to inform the user to upgrade their PHP to version 5.3 or higher due to changes in phpseclib requirements in future releases	`low`
`Upgrade`	`ioc:changelog_phrase`	`readme.txt`	870	`* REFACTOR: Upgrade AWS SDK from version 2.8 to 3`	`low`
`Upgrade`	`ioc:changelog_phrase`	`readme.txt`	983	`* TWEAK: Update shop links and upgrade prompts`	`low`
`Upgrade`	`ioc:changelog_phrase`	`readme.txt`	1,242	* TWEAK: Suppress message about how to upgrade an already-installed plugin when on WP 5.5+ (where it is no longer relevant)	`low`
`Upgrade`	`ioc:changelog_phrase`	`readme.txt`	1,475	* TWEAK: Upgraded the 'site-to-site' remote sending code to use the more recent UDRPC message format	`low`
`Upgrade`	`ioc:changelog_phrase`	`readme.txt`	1,849	* TWEAK: Add a sanity check to prevent some PHP debug notices being logged in an upgrade situation	`low`
`Upgrade`	`ioc:changelog_phrase`	`readme.txt`	2,151	`== Upgrade Notice ==`	`low`

Triage note 2026 05 03 updraftplus: 9 Upgrade hits, all readme.txt changelog mentions of normal upgrade events. UpdraftPlus is a well-known backup plugin.

View raw JSON

{
    "slug": "updraftplus",
    "finding_count": 9,
    "findings": [
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 220,
            "snippet": "* TWEAK: Upgrade the common-libs tag version",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 565,
            "snippet": "* TWEAK: Attempt to workaround some web hosts' opcode cache producing incorrect error upon upgrade",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 660,
            "snippet": "* TWEAK: Add admin notice to inform the user to upgrade their PHP to version 5.3 or higher due to changes in phpseclib requirements in future releases",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 870,
            "snippet": "* REFACTOR: Upgrade AWS SDK from version 2.8 to 3",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 983,
            "snippet": "* TWEAK: Update shop links and upgrade prompts",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 1242,
            "snippet": "* TWEAK: Suppress message about how to upgrade an already-installed plugin when on WP 5.5+ (where it is no longer relevant)",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 1475,
            "snippet": "* TWEAK: Upgraded the 'site-to-site' remote sending code to use the more recent UDRPC message format",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 1849,
            "snippet": "* TWEAK: Add a sanity check to prevent some PHP debug notices being logged in an upgrade situation",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 2151,
            "snippet": "== Upgrade Notice ==",
            "confidence": "low"
        }
    ],
    "triage_note_2026_05_03": "updraftplus: 9 Upgrade hits, all readme.txt changelog mentions of normal upgrade events. UpdraftPlus is a well-known backup plugin."
}

Plugins authored (19)

Plugin	Version	Installs	Last updated	Status
UpdraftPlus: WP Backup & Migration Plugin ·`updraftplus`	1.26.3	3M+	29d ago	Active
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance ·`wp-optimize`	4.5.3	1M+	23d ago	Active
All-In-One Security (AIOS) – Security and Firewall ·`all-in-one-wp-security-and-firewall`	5.4.7	1M+	24d ago	Active
Redux Framework ·`redux-framework`	4.5.11	1M+	1mo ago	Active
Easy Updates Manager ·`stops-core-theme-and-plugin-updates`	9.0.20	300k+	1mo ago	Active
Internal Link Juicer: SEO Auto Linker for WordPress ·`internal-links`	2.26.0	90k+	1mo ago	Active
Two Factor Authentication ·`two-factor-authentication`	1.16.0	20k+	1mo ago	Active
WPGet API – Connect to any external REST API ·`wpgetapi`	2.25.4	10k+	1mo ago	Active
Upload Larger Plugins ·`upload-larger-plugins`	2.0	7k+	1mo ago	Active
UpdraftCentral Dashboard ·`updraftcentral`	0.8.30	6k+	1mo ago	Active
European VAT Compliance Assistant for WooCommerce ·`woocommerce-eu-vat-compliance`	1.36.6	3k+	1mo ago	Active
Testimonial Slider ·`testimonial-slider`	1.3.3	3k+	1mo ago	Active
Use Administrator Password ·`use-administrator-password`	1.3.2	1k+	1mo ago	Active
No Weak Passwords ·`no-weak-passwords`	1.0.2	400	1mo ago	Active
Add Email Signature ·`add-email-signature`	1.0.4	200	1mo ago	Active
Simba Plugin Updates Manager ·`simba-plugin-updates-manager`	1.12.0	40	1mo ago	Active
Google Cloud Print Library ·`google-cloud-print-library`	0.8.13	—	—	Closed
Redux Converter ·`redux-converter`	1.1.3.1	—	—	Closed
Redux Developer Mode Disabler ·`redux-developer-mode-disabler`	1.0.1	—	—	Closed

SVN commit access (21)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
European VAT Compliance Assistant for WooCommerce	davidanderson	3k+	254	11y ago	1mo ago	Active
UpdraftPlus: WP Backup & Migration Plugin	davidanderson	3M+	200	11y ago	29d ago	Active
Simba Plugin Updates Manager	davidanderson	40	181	11y ago	1mo ago	Active
Two Factor Authentication	davidanderson	20k+	169	11y ago	1mo ago	Active
UpdraftCentral Dashboard	davidanderson	6k+	95	10y ago	1mo ago	Active
Google Cloud Print Library	davidanderson	—	93	13y ago	3y ago	Closed
Easy Updates Manager	davidanderson	300k+	58	8y ago	1mo ago	Active
Use Administrator Password	davidanderson	1k+	54	13y ago	1mo ago	Active
Upload Larger Plugins	davidanderson	7k+	51	12y ago	1mo ago	Active
No Weak Passwords	davidanderson	400	46	13y ago	1mo ago	Active
Add Email Signature	davidanderson	200	45	13y ago	1mo ago	Active
Keyy Two Factor Authentication (like Clef)	nexist	—	39	8y ago	6y ago	Closed
Testimonial Slider	davidanderson	3k+	30	7y ago	1mo ago	Active
Internal Link Juicer: SEO Auto Linker for WordPress	davidanderson	90k+	25	3y ago	1mo ago	Active
MetaSlider Gallery – Image Gallery, Lightbox Galleries, Modal Windows	metaslider	10k+	18	8y ago	5y ago	Active
WPGet API – Connect to any external REST API	davidanderson	10k+	18	2y ago	1mo ago	Active
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider	metaslider	500k+	7	8y ago	5y ago	Active
MetaSlider Schedule Slides	metaslider	—	7	7y ago	5y ago	Closed
SSH SFTP Updater Support	terrafrost	10k+	1	8y ago	19d ago	Active
All-In-One Security (AIOS) – Security and Firewall	davidanderson	1M+	1	4y ago	24d ago	Active
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance	davidanderson	1M+	1	9y ago	23d ago	Active

Contributor on other plugins (2)

Plugins where this account is listed in the readme contributors (distinct from SVN commit access).

Plugin	Primary author	Version	Installs
SSH SFTP Updater Support	terrafrost	1.1.2	10k+
MetaSlider Schedule Slides	metaslider	1.0.5	—

David Anderson / Team Updraft

Alerts (0)

Plugins authored (19)

SVN commit access (21)

Contributor on other plugins (2)