Greg - SiteOrigin

@gpriday · wordpress.org profile ↗

Member since: 2007-10-30
Location: Cape Town
Employer: SiteOrigin
Job title: WordPress Developer
Authored: 28 (18 closed)
SVN commit access: 5
Readme contributor: 0
Combined install base: 1M+ across 28 plugins

Alerts (0)

No open alerts.

Show 2 resolved alerts

Critical code_pattern SiteOrigin Widgets Bundle Resolved · no_longer_matches 7d ago

Slug	so-widgets-bundle
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`1.72.0`
Hit count	1
First hit	File `base/inc/lib/Less/Parser.php` Line 656 Snippet L656: $cache = unserialize(file_get_contents($cache_file)); → L656: $cache = unserialize(file_get_contents($cache_file));
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.

View raw JSON

{
    "slug": "so-widgets-bundle",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.72.0",
    "hit_count": 1,
    "first_hit": {
        "file": "base/inc/lib/Less/Parser.php",
        "line": 656,
        "snippet": "L656: $cache = unserialize(file_get_contents($cache_file));  \u2192  L656: $cache = unserialize(file_get_contents($cache_file));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}

Critical code_scan_delta SiteOrigin Widgets Bundle Resolved · fp_vendored_library_local_cache 7d ago

Slug so-widgets-bundle

Previous version 1.72.0

Current version 1.72.0

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`base/inc/lib/Less/Parser.php`	656	L656: $cache = unserialize(file_get_contents($cache_file)); → L656: $cache = unserialize(file_get_contents($cache_file));	`high`

New finding count 1

View raw JSON

{
    "slug": "so-widgets-bundle",
    "previous_version": "1.72.0",
    "current_version": "1.72.0",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "base/inc/lib/Less/Parser.php",
            "line": 656,
            "snippet": "L656: $cache = unserialize(file_get_contents($cache_file));  \u2192  L656: $cache = unserialize(file_get_contents($cache_file));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

Plugins authored (28)

Plugin	Version	Installs	Last updated	Status
Page Builder by SiteOrigin ·`siteorigin-panels`	2.34.1	500k+	16d ago	Active
SiteOrigin Widgets Bundle ·`so-widgets-bundle`	1.72.0	400k+	17d ago	Active
SiteOrigin CSS ·`so-css`	1.6.5	100k+	4mo ago	Active
Masonry Widget ·`so-masonry`	1.0.3	600	12y ago	Active
Focus Videos ·`focus-videos`	1.1	400	9y ago	Active
Simple Options ·`simple-options`	0.1.2	70	13y ago	Active
Easy Reader ·`easy-reader`	0.1	10	15y ago	Active
Secure Image Resizer ·`secure-resizer`	0.1	10	14y ago	Active
Theme Checklist ·`theme-checklist`	1.0.3	10	11y ago	Active
Exercise Images by Everkinetic ·`everkinetic`	1.0.3	10	11y ago	Active
siteorigin-slider ·`siteorigin-slider`	—	—	—	Closed
Price Table ·`pricetable`	0.2.2	—	—	Closed
Button Widget ·`so-button-widget`	1.2	—	—	Closed
so-cpt-builder ·`so-cpt-builder`	—	—	—	Closed
so-cta-widget ·`so-cta-widget`	—	—	—	Closed
Features Widget ·`so-features-widget`	1.1	—	—	Closed
Image Widget ·`so-image-widget`	1.1	—	—	Closed
so-post-carousel-widget ·`so-post-carousel-widget`	—	—	—	Closed
Price Table Widget ·`so-price-table-widget`	1.2	—	—	Closed
Slider Widget ·`so-slider-widget`	1.1	—	—	Closed
so-widgets-builder ·`so-widgets-builder`	—	—	—	Closed
fundit ·`fundit`	—	—	—	Closed
server-side-css3 ·`server-side-css3`	—	—	—	Closed
Simple Proxy ·`simple-proxy`	1.0	—	—	Closed
Crowd Funding ·`crowd-funding`	0.5	—	—	Closed
grid-engine ·`grid-engine`	—	—	—	Closed
origin ·`origin`	—	—	—	Closed
simple-search ·`simple-search`	—	—	—	Closed

SVN commit access (5)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
Page Builder by SiteOrigin	gpriday	500k+	251	11y ago	5y ago	Active
SiteOrigin Widgets Bundle	gpriday	400k+	223	11y ago	5y ago	Active
SiteOrigin CSS	gpriday	100k+	61	10y ago	5y ago	Active
Masonry Widget	gpriday	600	5	12y ago	12y ago	Active
Focus Videos	gpriday	400	2	9y ago	9y ago	Active