Greg - SiteOrigin

Member since
2007-10-30
Location
Cape Town
Employer
SiteOrigin
Job title
WordPress Developer
Authored
28 (18 closed)
SVN commit access
13 (7 closed)
Readme contributor
0
Combined install base
901k+ across 28 plugins

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern SiteOrigin Widgets Bundle Resolved · no_longer_matches 2mo ago
Slugso-widgets-bundle
Patternunserialize_after_remote_call
Kindbuiltin
Version1.72.0
Hit count1
First hit
File
base/inc/lib/Less/Parser.php
Line
656
Snippet
L656: $cache = unserialize(file_get_contents($cache_file)); → L656: $cache = unserialize(file_get_contents($cache_file));
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "so-widgets-bundle",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.72.0",
    "hit_count": 1,
    "first_hit": {
        "file": "base/inc/lib/Less/Parser.php",
        "line": 656,
        "snippet": "L656: $cache = unserialize(file_get_contents($cache_file));  \u2192  L656: $cache = unserialize(file_get_contents($cache_file));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta SiteOrigin Widgets Bundle Resolved · fp_vendored_library_local_cache 2mo ago
Slugso-widgets-bundle
Previous version1.72.0
Current version1.72.0
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinbase/inc/lib/Less/Parser.php656L656: $cache = unserialize(file_get_contents($cache_file)); → L656: $cache = unserialize(file_get_contents($cache_file));high
New finding count1
View raw JSON
{
    "slug": "so-widgets-bundle",
    "previous_version": "1.72.0",
    "current_version": "1.72.0",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "base/inc/lib/Less/Parser.php",
            "line": 656,
            "snippet": "L656: $cache = unserialize(file_get_contents($cache_file));  \u2192  L656: $cache = unserialize(file_get_contents($cache_file));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

Plugins authored (28)

Plugin Version Installs Last updated Status
Page Builder by SiteOrigin ·siteorigin-panels 2.34.5 400k+ 1d ago Active
SiteOrigin Widgets Bundle ·so-widgets-bundle 1.73.2 400k+ 1d ago Active
SiteOrigin CSS ·so-css 1.6.6 100k+ 1mo ago Active
Masonry Widget ·so-masonry 1.0.3 500 12y ago Active
Focus Videos ·focus-videos 1.1 400 9y ago Active
Simple Options ·simple-options 0.1.2 60 14y ago Active
Easy Reader ·easy-reader 0.1 10 15y ago Active
Secure Image Resizer ·secure-resizer 0.1 10 14y ago Active
Theme Checklist ·theme-checklist 1.0.3 10 11y ago Active
Exercise Images by Everkinetic ·everkinetic 1.0.3 10 11y ago Active
siteorigin-slider ·siteorigin-slider Closed
Price Table ·pricetable 0.2.2 Closed
Button Widget ·so-button-widget 1.2 Closed
so-cpt-builder ·so-cpt-builder Closed
so-cta-widget ·so-cta-widget Closed
Features Widget ·so-features-widget 1.1 Closed
Image Widget ·so-image-widget 1.1 Closed
so-post-carousel-widget ·so-post-carousel-widget Closed
Price Table Widget ·so-price-table-widget 1.2 Closed
Slider Widget ·so-slider-widget 1.1 Closed
so-widgets-builder ·so-widgets-builder Closed
fundit ·fundit Closed
server-side-css3 ·server-side-css3 Closed
Simple Proxy ·simple-proxy 1.0 Closed
Crowd Funding ·crowd-funding 0.5 Closed
grid-engine ·grid-engine Closed
origin ·origin Closed
simple-search ·simple-search Closed

SVN commit access (13)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Page Builder by SiteOrigin gpriday 400k+ 345 13y ago 5y ago Active
SiteOrigin Widgets Bundle gpriday 400k+ 234 12y ago 5y ago Active
SiteOrigin CSS gpriday 100k+ 61 11y ago 5y ago Active
Price Table gpriday 24 14y ago 14y ago Closed
Button Widget gpriday 22 12y ago 11y ago Closed
Price Table Widget gpriday 16 12y ago 11y ago Closed
Features Widget gpriday 11 12y ago 11y ago Closed
Image Widget gpriday 10 12y ago 11y ago Closed
Slider Widget gpriday 10 12y ago 11y ago Closed
Masonry Widget gpriday 500 5 12y ago 12y ago Active
Simple Options gpriday 60 3 14y ago 14y ago Active
Simple Proxy gpriday 2 12y ago 12y ago Closed
Focus Videos gpriday 400 2 9y ago 9y ago Active