Inisev

@inisev · wordpress.org profile ↗

Member since: 2021-05-20
Location: —
Employer: —
Job title: —
Authored: 6
SVN commit access: 0
Readme contributor: 0
Combined install base: 610k+ across 6 plugins

Alerts (0)

No open alerts.

Show 2 resolved alerts

Critical code_pattern Duplicate Post Resolved · no_longer_matches 7d ago

Slug	copy-delete-posts
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`1.5.3`
Hit count	1
First hit	File `analyst/src/Storage/FileStorage.php` Line 55 Snippet L43: $encoded = @file_get_contents($filePath); → L55: return @unserialize($raw);
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.

View raw JSON

{
    "slug": "copy-delete-posts",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.5.3",
    "hit_count": 1,
    "first_hit": {
        "file": "analyst/src/Storage/FileStorage.php",
        "line": 55,
        "snippet": "L43: $encoded = @file_get_contents($filePath);  \u2192  L55: return @unserialize($raw);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}

Critical code_scan_delta Duplicate Post Resolved · fp_local_disk_cache 7d ago

Slug copy-delete-posts

Previous version 1.5.3

Current version 1.5.3

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`analyst/src/Storage/FileStorage.php`	55	L43: $encoded = @file_get_contents($filePath); → L55: return @unserialize($raw);	`high`

New finding count 1

View raw JSON

{
    "slug": "copy-delete-posts",
    "previous_version": "1.5.3",
    "current_version": "1.5.3",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "analyst/src/Storage/FileStorage.php",
            "line": 55,
            "snippet": "L43: $encoded = @file_get_contents($filePath);  \u2192  L55: return @unserialize($raw);",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

Plugins authored (6)

Plugin	Version	Installs	Last updated	Status
Duplicate Post ·`copy-delete-posts`	1.5.3	300k+	1mo ago	Active
Social Media Share Buttons & Social Sharing Icons ·`ultimate-social-media-icons`	2.9.7	100k+	2mo ago	Active
Redirection ·`redirect-redirection`	1.2.9	100k+	1mo ago	Active
Backup Migration ·`backup-backup`	2.1.5.1	90k+	10d ago	Active
Pop-up ·`pop-up-pop-up`	1.2.8	10k+	6mo ago	Active
Social Share Icons & Social Share Buttons ·`ultimate-social-media-plus`	3.7.1	10k+	1y ago	Active