WP Beacon

Elementor

@elemntor · wordpress.org profile ↗
Member since
2018-05-10
Location
Employer
Elementor
Job title
Authored
14 (2 closed)
SVN commit access
0
Readme contributor
1
Combined install base
12.1M+ across 15 plugins

Alerts (0)

No open alerts.

Show 2 resolved alerts
High compromised_committer_burst Elementor Website Builder – more than just a page builder Resolved · benign_release_burst 25d ago
Slugelementor
Author slugkingyes
Burst start2026-04-13 15:21:03
Burst end2026-04-13 15:48:38
Burst commits6
Burst window minutes90
Tenure days343
Distinct messages6
Avg message length16
Top messageUpload v4.0.0-beta5
Top message count1
Prt revert
ExplanationEstablished author committed 6 revisions inside a 90-minute window with low-entropy commit messages. Pattern matches the June 2024 wp.org credential-stuffing wave shape; bumped to critical when followed by a wp.org Plugin Review Team revert within 7 days.
View raw JSON
{
    "slug": "elementor",
    "author_slug": "kingyes",
    "burst_start": "2026-04-13 15:21:03",
    "burst_end": "2026-04-13 15:48:38",
    "burst_commits": 6,
    "burst_window_minutes": 90,
    "tenure_days": 343,
    "distinct_messages": 6,
    "avg_message_length": 16.2,
    "top_message": "Upload v4.0.0-beta5",
    "top_message_count": 1,
    "prt_revert": null,
    "explanation": "Established author committed 6 revisions inside a 90-minute window with low-entropy commit messages. Pattern matches the June 2024 wp.org credential-stuffing wave shape; bumped to critical when followed by a wp.org Plugin Review Team revert within 7 days."
}
Medium code_scan_match Elementor Website Builder – more than just a page builder Resolved · fp:overgeneric_ioc 19d ago
Slugelementor
Finding count11
Findings
PatternKindFileLineSnippetConfidence
base64_decodebuiltincore/dynamic-tags/manager.php467$tag_name = base64_decode( $tag_key_parts[0] );medium
base64_decodebuiltincore/dynamic-tags/manager.php469$tag_settings = json_decode( urldecode( base64_decode( $tag_key_parts[1] ) ), true );medium
base64_decodebuiltincore/common/modules/connect/apps/library.php119$payload_json = base64_decode( strtr( $payload_encoded, '-_', '+/' ), true );medium
base64_decodebuiltincore/files/uploads-manager.php604$file_content = base64_decode( $file['fileData'] ); // phpcs:ignoremedium
base64_decodebuiltinincludes/template-library/manager.php924$raw_binary = base64_decode( substr( $data['screenshot'], strlen( 'data:image/png;base64,' ) ) );medium
base64_decodebuiltinincludes/utils.php967return base64_decode( $encoded_string, true ) ?? $fallback;medium
base64_decodebuiltinmodules/element-cache/module.php60$widget_data = json_decode( base64_decode( $atts['data'] ), true );medium
base64_decodebuiltinmodules/cloud-kit-library/module.php80$raw_screen_shot = base64_decode( substr( $settings['screenShotBlob'], strlen( 'data:image/png;base64,' ) ) );medium
base64_decodebuiltinmodules/ai/connect/ai.php622$img_content = base64_decode( $img_content );medium
eval_callbuiltinvendor_prefixed/twig/twig/twig/src/Environment.php350eval('?>' . $content);medium
Upgradeioc:changelog_phrasereadme.txt243> “I upgraded to the Pro version and just love this plugin!” – ★★★★★ *[Andybarn56](https://wordpress.org/support/topic/love-elementor-17/)*low
Triage note 2026 05 03elementor: base64_decode in legitimate uses (data URL parsing, dynamic-tag manager, screenshot upload) + eval in vendored Twig template engine.
View raw JSON
{
    "slug": "elementor",
    "finding_count": 11,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "core/dynamic-tags/manager.php",
            "line": 467,
            "snippet": "$tag_name = base64_decode( $tag_key_parts[0] );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "core/dynamic-tags/manager.php",
            "line": 469,
            "snippet": "$tag_settings = json_decode( urldecode( base64_decode( $tag_key_parts[1] ) ), true );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "core/common/modules/connect/apps/library.php",
            "line": 119,
            "snippet": "$payload_json = base64_decode( strtr( $payload_encoded, '-_', '+/' ), true );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "core/files/uploads-manager.php",
            "line": 604,
            "snippet": "$file_content = base64_decode( $file['fileData'] ); // phpcs:ignore",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "includes/template-library/manager.php",
            "line": 924,
            "snippet": "$raw_binary = base64_decode( substr( $data['screenshot'], strlen( 'data:image/png;base64,' ) ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "includes/utils.php",
            "line": 967,
            "snippet": "return base64_decode( $encoded_string, true ) ?? $fallback;",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "modules/element-cache/module.php",
            "line": 60,
            "snippet": "$widget_data = json_decode( base64_decode( $atts['data'] ), true );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "modules/cloud-kit-library/module.php",
            "line": 80,
            "snippet": "$raw_screen_shot = base64_decode( substr( $settings['screenShotBlob'], strlen( 'data:image/png;base64,' ) ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "modules/ai/connect/ai.php",
            "line": 622,
            "snippet": "$img_content = base64_decode( $img_content );",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "vendor_prefixed/twig/twig/twig/src/Environment.php",
            "line": 350,
            "snippet": "eval('?>' . $content);",
            "confidence": "medium"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 243,
            "snippet": "> \u201cI upgraded to the Pro version and just love this plugin!\u201d \u2013 \u2605\u2605\u2605\u2605\u2605 *[Andybarn56](https://wordpress.org/support/topic/love-elementor-17/)*",
            "confidence": "low"
        }
    ],
    "triage_note_2026_05_03": "elementor: base64_decode in legitimate uses (data URL parsing, dynamic-tag manager, screenshot upload) + eval in vendored Twig template engine."
}

Plugins authored (14)

Plugin Version Installs Last updated Status
Elementor Website Builder – more than just a page builder ·elementor 4.0.6 10M+ 18d ago Active
Image Optimizer – Optimize Images and Convert to WebP or AVIF ·image-optimization 1.7.4 1M+ 1mo ago Active
Ally – Web Accessibility & Usability ·pojo-accessibility 4.1.1 500k+ 1mo ago Active
Site Mailer – SMTP Replacement, Email API Deliverability & Email Log ·site-mailer 1.4.4 200k+ 1mo ago Active
Activity Log – Monitor & Record User Changes ·aryo-activity-log 2.11.2 200k+ 1y ago Active
Hello Plus ·hello-plus 1.7.7 80k+ 8mo ago Active
Temporary Login ·temporary-login 1.3.0 40k+ 1y ago Active
Elementor Beta (Developer Edition) ·elementor-beta 1.1.4 30k+ 1y ago Active
Manage – Centralized site maintenance and monitoring ·manage 1.0.5 30k+ 17d ago Active
Angie – Agentic AI (Beta) ·angie 1.1.6 20k+ 19d ago Active
Elementor Blocks for Gutenberg ·block-builder 1.1.5 10k+ 1y ago Active
Linker – URL shortener & track outbound link clicks ·linker 1.3.0 2k+ 1y ago Active
Developer Edition for Elementor ·elementor-beta-tester 1.0.0 Closed
Send – Email Marketing & Newsletters for WordPress ·send-app 1.6.2 Closed

Contributor on other plugins (1)

Plugins where this account is listed in the readme contributors (distinct from SVN commit access).

Plugin Primary author Version Installs
Amedea – Unique Design Elements for Elementor geceolurken 0.0.4.7 600