WP Beacon

Inisev

@inisev · wordpress.org profile ↗
Member since
2021-05-20
Location
Employer
Job title
Authored
6
SVN commit access
0
Readme contributor
0
Combined install base
610k+ across 6 plugins

Alerts (0)

No open alerts.

Show 7 resolved alerts
Critical code_scan_match Social Share Icons & Social Share Buttons Resolved · code_scan_fp_class_genre_encoding 17d ago
Slugultimate-social-media-plus
Finding count16
Findings
PatternKindFileLineSnippetConfidence
eval_callbuiltinhelpers/linkedin-api/linkedin-api.php123eval($eval);medium
base64_decodebuiltinhelpers/sfsi_plus_OAuth.php212$decoded_sig = base64_decode($signature);medium
shopify-js-bucket.s3.ap-south-1.amazonaws.comioc:domainlibs/controllers/sfsi_buttons_controller.php1,712$installed = $upgrader->install('https://shopify-js-bucket.s3.ap-south-1.amazonaws.com/sfsi_worker_premium_installer-0.0.1.zip');high
https://shopify-js-bucket.s3.ap-south-1.amazonaws.com/sfsi_worker_premium_installer-0.0.1.zipioc:urllibs/controllers/sfsi_buttons_controller.php1,712$installed = $upgrader->install('https://shopify-js-bucket.s3.ap-south-1.amazonaws.com/sfsi_worker_premium_installer-0.0.1.zip');high
wp_ajax_worker_pluginioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,691add_action('wp_ajax_worker_plugin','sfsi_plus_worker_plugin');high
sfsi_plus_worker_pluginioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,691add_action('wp_ajax_worker_plugin','sfsi_plus_worker_plugin');medium
sfsi_plus_worker_pluginioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,693function sfsi_plus_worker_plugin(){medium
sfsi_plus_worker_pluginioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,709if (sfsi_plus_worker_plugin_installed($plugin_slug)) {medium
sfsi_plus_worker_pluginioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,729if (sfsi_plus_worker_plugin_installed($plugin_slug)) {medium
sfsi_plus_worker_pluginioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,751if(!function_exists("sfsi_plus_worker_plugin_installed")){medium
sfsi_plus_worker_pluginioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,752function sfsi_plus_worker_plugin_installed($slug)medium
sfsi_plus_worker_pluginioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,768if(!function_exists("sfsi_plus_worker_plugin_installed")){medium
sfsi_plus_worker_pluginioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,769function sfsi_plus_worker_plugin_installed($slug)medium
sfsi_worker_premium_installerioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,705$plugin_slug= "sfsi_worker_premium_installer/sfsi_worker_premium_installer.php";medium
sfsi_worker_premium_installerioc:code_patternlibs/controllers/sfsi_buttons_controller.php1,712$installed = $upgrader->install('https://shopify-js-bucket.s3.ap-south-1.amazonaws.com/sfsi_worker_premium_installer-0.0.1.zip');medium
Resolved shaf1e614500005bab34cabbb580c25d1f1717976f4
View raw JSON
{
    "slug": "ultimate-social-media-plus",
    "finding_count": 16,
    "findings": [
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "helpers/linkedin-api/linkedin-api.php",
            "line": 123,
            "snippet": "eval($eval);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "helpers/sfsi_plus_OAuth.php",
            "line": 212,
            "snippet": "$decoded_sig = base64_decode($signature);",
            "confidence": "medium"
        },
        {
            "pattern": "shopify-js-bucket.s3.ap-south-1.amazonaws.com",
            "kind": "ioc:domain",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1712,
            "snippet": "$installed = $upgrader->install('https://shopify-js-bucket.s3.ap-south-1.amazonaws.com/sfsi_worker_premium_installer-0.0.1.zip');",
            "confidence": "high"
        },
        {
            "pattern": "https://shopify-js-bucket.s3.ap-south-1.amazonaws.com/sfsi_worker_premium_installer-0.0.1.zip",
            "kind": "ioc:url",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1712,
            "snippet": "$installed = $upgrader->install('https://shopify-js-bucket.s3.ap-south-1.amazonaws.com/sfsi_worker_premium_installer-0.0.1.zip');",
            "confidence": "high"
        },
        {
            "pattern": "wp_ajax_worker_plugin",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1691,
            "snippet": "add_action('wp_ajax_worker_plugin','sfsi_plus_worker_plugin');",
            "confidence": "high"
        },
        {
            "pattern": "sfsi_plus_worker_plugin",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1691,
            "snippet": "add_action('wp_ajax_worker_plugin','sfsi_plus_worker_plugin');",
            "confidence": "medium"
        },
        {
            "pattern": "sfsi_plus_worker_plugin",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1693,
            "snippet": "function sfsi_plus_worker_plugin(){",
            "confidence": "medium"
        },
        {
            "pattern": "sfsi_plus_worker_plugin",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1709,
            "snippet": "if (sfsi_plus_worker_plugin_installed($plugin_slug)) {",
            "confidence": "medium"
        },
        {
            "pattern": "sfsi_plus_worker_plugin",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1729,
            "snippet": "if (sfsi_plus_worker_plugin_installed($plugin_slug)) {",
            "confidence": "medium"
        },
        {
            "pattern": "sfsi_plus_worker_plugin",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1751,
            "snippet": "if(!function_exists(\"sfsi_plus_worker_plugin_installed\")){",
            "confidence": "medium"
        },
        {
            "pattern": "sfsi_plus_worker_plugin",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1752,
            "snippet": "function sfsi_plus_worker_plugin_installed($slug)",
            "confidence": "medium"
        },
        {
            "pattern": "sfsi_plus_worker_plugin",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1768,
            "snippet": "if(!function_exists(\"sfsi_plus_worker_plugin_installed\")){",
            "confidence": "medium"
        },
        {
            "pattern": "sfsi_plus_worker_plugin",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1769,
            "snippet": "function sfsi_plus_worker_plugin_installed($slug)",
            "confidence": "medium"
        },
        {
            "pattern": "sfsi_worker_premium_installer",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1705,
            "snippet": "$plugin_slug= \"sfsi_worker_premium_installer/sfsi_worker_premium_installer.php\";",
            "confidence": "medium"
        },
        {
            "pattern": "sfsi_worker_premium_installer",
            "kind": "ioc:code_pattern",
            "file": "libs/controllers/sfsi_buttons_controller.php",
            "line": 1712,
            "snippet": "$installed = $upgrader->install('https://shopify-js-bucket.s3.ap-south-1.amazonaws.com/sfsi_worker_premium_installer-0.0.1.zip');",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "f1e614500005bab34cabbb580c25d1f1717976f4"
}
Critical code_pattern Duplicate Post Resolved · no_longer_matches 28d ago
Slugcopy-delete-posts
Patternunserialize_after_remote_call
Kindbuiltin
Version1.5.3
Hit count1
First hit
File
analyst/src/Storage/FileStorage.php
Line
55
Snippet
L43: $encoded = @file_get_contents($filePath); → L55: return @unserialize($raw);
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "copy-delete-posts",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.5.3",
    "hit_count": 1,
    "first_hit": {
        "file": "analyst/src/Storage/FileStorage.php",
        "line": 55,
        "snippet": "L43: $encoded = @file_get_contents($filePath);  \u2192  L55: return @unserialize($raw);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta Duplicate Post Resolved · fp_local_disk_cache 28d ago
Slugcopy-delete-posts
Previous version1.5.3
Current version1.5.3
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinanalyst/src/Storage/FileStorage.php55L43: $encoded = @file_get_contents($filePath); → L55: return @unserialize($raw);high
New finding count1
View raw JSON
{
    "slug": "copy-delete-posts",
    "previous_version": "1.5.3",
    "current_version": "1.5.3",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "analyst/src/Storage/FileStorage.php",
            "line": 55,
            "snippet": "L43: $encoded = @file_get_contents($filePath);  \u2192  L55: return @unserialize($raw);",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}
High code_scan_match Backup Migration Resolved · code_scan_fp_class_cache_or_backup_config_write 17d ago
Slugbackup-backup
Finding count4
Findings
PatternKindFileLineSnippetConfidence
wpconfig_writebuiltinincludes/extracter/extract.php1,044$configData = file_get_contents(ABSPATH . 'wp-config.php');medium
wpconfig_writebuiltinincludes/extracter/extract.php1,046file_put_contents(ABSPATH . 'wp-config.' . $this->tmptime . '.php', $configData);medium
wpconfig_writebuiltinincludes/extracter/extract.php1,489$wpconfig = file_get_contents($abs . DIRECTORY_SEPARATOR . 'wp-config.php');medium
wpconfig_writebuiltinincludes/extracter/extract.php1,496file_put_contents($abs . DIRECTORY_SEPARATOR . 'wp-config.php', $wpconfig);medium
Resolved sha54912a8f6a3f501807702e850e51dde332a69aaf
View raw JSON
{
    "slug": "backup-backup",
    "finding_count": 4,
    "findings": [
        {
            "pattern": "wpconfig_write",
            "kind": "builtin",
            "file": "includes/extracter/extract.php",
            "line": 1044,
            "snippet": "$configData = file_get_contents(ABSPATH . 'wp-config.php');",
            "confidence": "medium"
        },
        {
            "pattern": "wpconfig_write",
            "kind": "builtin",
            "file": "includes/extracter/extract.php",
            "line": 1046,
            "snippet": "file_put_contents(ABSPATH . 'wp-config.' . $this->tmptime . '.php', $configData);",
            "confidence": "medium"
        },
        {
            "pattern": "wpconfig_write",
            "kind": "builtin",
            "file": "includes/extracter/extract.php",
            "line": 1489,
            "snippet": "$wpconfig = file_get_contents($abs . DIRECTORY_SEPARATOR . 'wp-config.php');",
            "confidence": "medium"
        },
        {
            "pattern": "wpconfig_write",
            "kind": "builtin",
            "file": "includes/extracter/extract.php",
            "line": 1496,
            "snippet": "file_put_contents($abs . DIRECTORY_SEPARATOR . 'wp-config.php', $wpconfig);",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "54912a8f6a3f501807702e850e51dde332a69aaf"
}
High code_scan_match Duplicate Post Resolved · code_scan_fp_class_vendor_cdn_enqueue 17d ago
Slugcopy-delete-posts
Finding count26
Findings
PatternKindFileLineSnippetConfidence
remote_enqueuebuiltincopy-delete-posts.php218wp_enqueue_style('cdp-css-global', "{$cdp_plug_url}/assets/css/cdp-global{$min}.css", '', $ver);medium
remote_enqueuebuiltincopy-delete-posts.php219wp_enqueue_script('cdp-js-global', "{$cdp_plug_url}/assets/js/cdp-global{$min}.js", ['jquery'], $ver, true);medium
remote_enqueuebuiltincopy-delete-posts.php221wp_enqueue_style('cdp-css-select', "{$cdp_plug_url}/assets/css/cdp-select{$min}.css", '', $ver);medium
remote_enqueuebuiltincopy-delete-posts.php222wp_enqueue_script('cdp-js-select', "{$cdp_plug_url}/assets/js/cdp-select{$min}.js", '', $ver, true);medium
remote_enqueuebuiltincopy-delete-posts.php223wp_enqueue_style('cdp-tooltips-css', "{$cdp_plug_url}/assets/css/cdp.tooltip{$min}.css", '', $ver);medium
remote_enqueuebuiltincopy-delete-posts.php224wp_enqueue_script('cdp-tooltips', "{$cdp_plug_url}/assets/js/cdp.tooltip{$min}.js", '', $ver, true);medium
remote_enqueuebuiltincopy-delete-posts.php232wp_enqueue_style('cdp-editor', "{$cdp_plug_url}/assets/css/cdp-editor{$min}.css", '', $ver);medium
remote_enqueuebuiltincopy-delete-posts.php240wp_enqueue_style('cdp-css', "{$cdp_plug_url}/assets/css/cdp{$min}.css", '', $ver);medium
remote_enqueuebuiltincopy-delete-posts.php241wp_enqueue_style('cdp-css-user', "{$cdp_plug_url}/assets/css/cdp-user{$min}.css", '', $ver);medium
remote_enqueuebuiltincopy-delete-posts.php242wp_enqueue_script('cdp-icPagination', "{$cdp_plug_url}/assets/js/cdp-icPagination{$min}.js", '', $ver);medium
remote_enqueuebuiltincopy-delete-posts.php243wp_enqueue_script('cdp', "{$cdp_plug_url}/assets/js/cdp{$min}.js", '', $ver, true);medium
remote_enqueuebuiltincopy-delete-posts.php245wp_enqueue_script('cdp-modal', "{$cdp_plug_url}/assets/js/cdp-modal{$min}.js", '', $ver, true);medium
remote_enqueuebuiltincopy-delete-posts.php247wp_enqueue_script('cdp-bulk', "{$cdp_plug_url}/assets/js/cdp-bulk{$min}.js", '', $ver, true);medium
remote_enqueuebuiltincopy-delete-posts.php270wp_enqueue_style('cdp-css-global', "{$cdp_plug_url}/assets/css/cdp-global{$min}.css", '', $ver);medium
remote_enqueuebuiltincopy-delete-posts.php271wp_enqueue_script('cdp-js-global', "{$cdp_plug_url}/assets/js/cdp-global{$min}.js", ['jquery'], $ver, true);medium
Resolved sha20d30f8b12409f417db88c678f1fbf9096ba82b6
View raw JSON
{
    "slug": "copy-delete-posts",
    "finding_count": 26,
    "findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 218,
            "snippet": "wp_enqueue_style('cdp-css-global', \"{$cdp_plug_url}/assets/css/cdp-global{$min}.css\", '', $ver);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 219,
            "snippet": "wp_enqueue_script('cdp-js-global', \"{$cdp_plug_url}/assets/js/cdp-global{$min}.js\", ['jquery'], $ver, true);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 221,
            "snippet": "wp_enqueue_style('cdp-css-select', \"{$cdp_plug_url}/assets/css/cdp-select{$min}.css\", '', $ver);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 222,
            "snippet": "wp_enqueue_script('cdp-js-select', \"{$cdp_plug_url}/assets/js/cdp-select{$min}.js\", '', $ver, true);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 223,
            "snippet": "wp_enqueue_style('cdp-tooltips-css', \"{$cdp_plug_url}/assets/css/cdp.tooltip{$min}.css\", '', $ver);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 224,
            "snippet": "wp_enqueue_script('cdp-tooltips', \"{$cdp_plug_url}/assets/js/cdp.tooltip{$min}.js\", '', $ver, true);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 232,
            "snippet": "wp_enqueue_style('cdp-editor', \"{$cdp_plug_url}/assets/css/cdp-editor{$min}.css\", '', $ver);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 240,
            "snippet": "wp_enqueue_style('cdp-css', \"{$cdp_plug_url}/assets/css/cdp{$min}.css\", '', $ver);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 241,
            "snippet": "wp_enqueue_style('cdp-css-user', \"{$cdp_plug_url}/assets/css/cdp-user{$min}.css\", '', $ver);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 242,
            "snippet": "wp_enqueue_script('cdp-icPagination', \"{$cdp_plug_url}/assets/js/cdp-icPagination{$min}.js\", '', $ver);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 243,
            "snippet": "wp_enqueue_script('cdp', \"{$cdp_plug_url}/assets/js/cdp{$min}.js\", '', $ver, true);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 245,
            "snippet": "wp_enqueue_script('cdp-modal', \"{$cdp_plug_url}/assets/js/cdp-modal{$min}.js\", '', $ver, true);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 247,
            "snippet": "wp_enqueue_script('cdp-bulk', \"{$cdp_plug_url}/assets/js/cdp-bulk{$min}.js\", '', $ver, true);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 270,
            "snippet": "wp_enqueue_style('cdp-css-global', \"{$cdp_plug_url}/assets/css/cdp-global{$min}.css\", '', $ver);",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "copy-delete-posts.php",
            "line": 271,
            "snippet": "wp_enqueue_script('cdp-js-global', \"{$cdp_plug_url}/assets/js/cdp-global{$min}.js\", ['jquery'], $ver, true);",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "20d30f8b12409f417db88c678f1fbf9096ba82b6"
}
High update_hijack_shape Social Share Icons & Social Share Buttons Resolved · audit:suspicious 20d ago
Slugultimate-social-media-plus
Shapeplugin_upgrader_install_from_s3
VendorInisev (committers: iclyde, shihabsoft)
Wp org authorinisev
Active installs10,000
Remote urlhttps://shopify-js-bucket.s3.ap-south-1.amazonaws.com/sfsi_worker_premium_installer-0.0.1.zip
Filelibs/controllers/sfsi_buttons_controller.php
Line1,706
Ajax endpointwp_ajax_worker_plugin
Introduced in3.5.4 by socialsharepro 2022-09-20 r2787689
Discovered bywp beacon hunt-updaters (direct_upgrader_install/vendor_unknown)
Audit rationalePlugin admin-AJAX endpoint installs sibling plugin from Inisev-controlled AWS S3 bucket using Plugin_Upgrader::install(). No signature verification, no domain-name validation, hardcoded URL. Single S3 PUT by anyone with bucket IAM access replaces the zip and grants RCE on every site that triggers the install path. Same architectural class as historical js-support-ticket case (Audit #23) but install-via-S3 instead of eval-via-curl. S3 zip is currently 404 but bucket is alive.
View raw JSON
{
    "slug": "ultimate-social-media-plus",
    "shape": "plugin_upgrader_install_from_s3",
    "vendor": "Inisev (committers: iclyde, shihabsoft)",
    "wp_org_author": "inisev",
    "active_installs": 10000,
    "remote_url": "https://shopify-js-bucket.s3.ap-south-1.amazonaws.com/sfsi_worker_premium_installer-0.0.1.zip",
    "file": "libs/controllers/sfsi_buttons_controller.php",
    "line": 1706,
    "ajax_endpoint": "wp_ajax_worker_plugin",
    "introduced_in": "3.5.4 by socialsharepro 2022-09-20 r2787689",
    "discovered_by": "wp beacon hunt-updaters (direct_upgrader_install/vendor_unknown)",
    "audit_rationale": "Plugin admin-AJAX endpoint installs sibling plugin from Inisev-controlled AWS S3 bucket using Plugin_Upgrader::install(). No signature verification, no domain-name validation, hardcoded URL. Single S3 PUT by anyone with bucket IAM access replaces the zip and grants RCE on every site that triggers the install path. Same architectural class as historical js-support-ticket case (Audit #23) but install-via-S3 instead of eval-via-curl. S3 zip is currently 404 but bucket is alive."
}
Medium code_scan_match Social Media Share Buttons & Social Sharing Icons Resolved · code_scan_fp_class_genre_encoding 17d ago
Slugultimate-social-media-icons
Finding count2
Findings
PatternKindFileLineSnippetConfidence
base64_decodebuiltinhelpers/sfsi_OAuth.php232$decoded_sig = base64_decode($signature);medium
eval_callbuiltinhelpers/linkedin-api/linkedin-api.php125eval($eval);medium
Resolved shab316930cc6ef9c6233cf0088cff101bab3512872
View raw JSON
{
    "slug": "ultimate-social-media-icons",
    "finding_count": 2,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "helpers/sfsi_OAuth.php",
            "line": 232,
            "snippet": "$decoded_sig = base64_decode($signature);",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "helpers/linkedin-api/linkedin-api.php",
            "line": 125,
            "snippet": "eval($eval);",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "b316930cc6ef9c6233cf0088cff101bab3512872"
}

Plugins authored (6)

Plugin Version Installs Last updated Status
Duplicate Post ·copy-delete-posts 1.5.3 300k+ 2mo ago Active
Social Media Share Buttons & Social Sharing Icons ·ultimate-social-media-icons 2.9.7 100k+ 3mo ago Active
Redirection ·redirect-redirection 1.2.9 100k+ 2mo ago Active
Backup Migration ·backup-backup 2.1.5.1 90k+ 1mo ago Active
Pop-up ·pop-up-pop-up 1.2.8 10k+ 6mo ago Active
Social Share Icons & Social Share Buttons ·ultimate-social-media-plus 3.7.1 10k+ 1y ago Active