WP Beacon

MailPoet

@mailpoet · wordpress.org profile ↗
Member since
2014-06-12
Location
France
Employer
MailPoet
Job title
Staff at MailPoet
Authored
2 (1 closed)
SVN commit access
2 (1 closed)
Readme contributor
0
Combined install base
500k+ across 2 plugins

Alerts (0)

No open alerts.

Show 6 resolved alerts
Critical code_scan_match MailPoet – Newsletters, Email Marketing, and Automation Resolved · code_scan_fp_class_genre_encoding 17d ago
Slugmailpoet
Finding count14
Findings
PatternKindFileLineSnippetConfidence
eval_callbuiltinvendor-prefixed/doctrine/common/src/Proxy/ProxyGenerator.php169eval(substr($proxyCode, 5));medium
eval_callbuiltinvendor-prefixed/twig/twig/src/Environment.php184eval('?>' . $content);medium
eval_callbuiltinvendor-prefixed/nesbot/carbon/src/Carbon/Traits/Mixin.php33$context = eval(self::getAnonymousClassCodeForTrait($trait));medium
base64_decodebuiltinlib/Router/Router.php79$data = !is_array($data) ? json_decode(base64_decode($data), true) : [];medium
getWPUsersioc:code_patternlib/Newsletter/Scheduler/WelcomeScheduler.php116$segment = $this->segmentsRepository->getWPUsersSegment();high
base64_decodebuiltinlib/Form/Util/FieldNameObfuscator.php31$decoded = base64_decode(substr($name, strlen(self::OBFUSCATED_FIELD_PREFIX)));medium
base64_decodebuiltinlib/Statistics/Track/Opens.php93echo base64_decode('R0lGODlhAQABAJAAAP8AAAAAACH5BAUQAAAALAAAAAABAAEAAAICBAEAOw==');medium
getWPUsersioc:code_patternlib/Config/Populator.php357$this->segmentsRepository->getWPUsersSegment();high
getWPUsersioc:code_patternlib/AdminPages/PageRenderer.php142$wpSegment = $this->segmentRepository->getWPUsersSegment();high
getWPUsersioc:code_patternlib/Subscribers/SubscribersRepository.php568$segmentId = $this->segmentsRepository->getWpUsersSegment()->getId();high
getWPUsersioc:code_patternlib/Segments/WP.php118$wpSegment = $this->segmentsRepository->getWPUsersSegment();high
getWPUsersioc:code_patternlib/Segments/WP.php321$wpSegment = $this->segmentsRepository->getWPUsersSegment();high
getWPUsersioc:code_patternlib/Segments/WP.php398$wpSegment = $this->segmentsRepository->getWPUsersSegment();high
getWPUsersioc:code_patternlib/Segments/SegmentsRepository.php76public function getWPUsersSegment(): SegmentEntity {high
Resolved shae680db2c6a46f32e2f7718077d2d02511e5587ff
View raw JSON
{
    "slug": "mailpoet",
    "finding_count": 14,
    "findings": [
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "vendor-prefixed/doctrine/common/src/Proxy/ProxyGenerator.php",
            "line": 169,
            "snippet": "eval(substr($proxyCode, 5));",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "vendor-prefixed/twig/twig/src/Environment.php",
            "line": 184,
            "snippet": "eval('?>' . $content);",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "vendor-prefixed/nesbot/carbon/src/Carbon/Traits/Mixin.php",
            "line": 33,
            "snippet": "$context = eval(self::getAnonymousClassCodeForTrait($trait));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Router/Router.php",
            "line": 79,
            "snippet": "$data = !is_array($data) ? json_decode(base64_decode($data), true) : [];",
            "confidence": "medium"
        },
        {
            "pattern": "getWPUsers",
            "kind": "ioc:code_pattern",
            "file": "lib/Newsletter/Scheduler/WelcomeScheduler.php",
            "line": 116,
            "snippet": "$segment = $this->segmentsRepository->getWPUsersSegment();",
            "confidence": "high"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Form/Util/FieldNameObfuscator.php",
            "line": 31,
            "snippet": "$decoded = base64_decode(substr($name, strlen(self::OBFUSCATED_FIELD_PREFIX)));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Statistics/Track/Opens.php",
            "line": 93,
            "snippet": "echo base64_decode('R0lGODlhAQABAJAAAP8AAAAAACH5BAUQAAAALAAAAAABAAEAAAICBAEAOw==');",
            "confidence": "medium"
        },
        {
            "pattern": "getWPUsers",
            "kind": "ioc:code_pattern",
            "file": "lib/Config/Populator.php",
            "line": 357,
            "snippet": "$this->segmentsRepository->getWPUsersSegment();",
            "confidence": "high"
        },
        {
            "pattern": "getWPUsers",
            "kind": "ioc:code_pattern",
            "file": "lib/AdminPages/PageRenderer.php",
            "line": 142,
            "snippet": "$wpSegment = $this->segmentRepository->getWPUsersSegment();",
            "confidence": "high"
        },
        {
            "pattern": "getWPUsers",
            "kind": "ioc:code_pattern",
            "file": "lib/Subscribers/SubscribersRepository.php",
            "line": 568,
            "snippet": "$segmentId = $this->segmentsRepository->getWpUsersSegment()->getId();",
            "confidence": "high"
        },
        {
            "pattern": "getWPUsers",
            "kind": "ioc:code_pattern",
            "file": "lib/Segments/WP.php",
            "line": 118,
            "snippet": "$wpSegment = $this->segmentsRepository->getWPUsersSegment();",
            "confidence": "high"
        },
        {
            "pattern": "getWPUsers",
            "kind": "ioc:code_pattern",
            "file": "lib/Segments/WP.php",
            "line": 321,
            "snippet": "$wpSegment = $this->segmentsRepository->getWPUsersSegment();",
            "confidence": "high"
        },
        {
            "pattern": "getWPUsers",
            "kind": "ioc:code_pattern",
            "file": "lib/Segments/WP.php",
            "line": 398,
            "snippet": "$wpSegment = $this->segmentsRepository->getWPUsersSegment();",
            "confidence": "high"
        },
        {
            "pattern": "getWPUsers",
            "kind": "ioc:code_pattern",
            "file": "lib/Segments/SegmentsRepository.php",
            "line": 76,
            "snippet": "public function getWPUsersSegment(): SegmentEntity {",
            "confidence": "high"
        }
    ],
    "resolved_sha": "e680db2c6a46f32e2f7718077d2d02511e5587ff"
}
Critical code_pattern MailPoet – Newsletters, Email Marketing, and Automation Resolved · no_longer_matches 28d ago
Slugmailpoet
Patternunserialize_after_remote_call
Kindbuiltin
Version5.23.2
Hit count2
First hit
File
lib/Doctrine/MetadataCache.php
Line
38
Snippet
L38: return unserialize((string)file_get_contents($this->getFilename($id))); → L38: return unserialize((string)file_get_contents($this->getFilename($id)));
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "mailpoet",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "5.23.2",
    "hit_count": 2,
    "first_hit": {
        "file": "lib/Doctrine/MetadataCache.php",
        "line": 38,
        "snippet": "L38: return unserialize((string)file_get_contents($this->getFilename($id)));  \u2192  L38: return unserialize((string)file_get_contents($this->getFilename($id)));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta MailPoet – Newsletters, Email Marketing, and Automation Resolved · fp_vendored_library_local_cache 28d ago
Slugmailpoet
Previous version5.23.2
Current version5.23.2
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinlib/Doctrine/MetadataCache.php38L38: return unserialize((string)file_get_contents($this->getFilename($id))); → L38: return unserialize((string)file_get_contents($this->getFilename($id)));high
unserialize_after_remote_callbuiltinlib/Doctrine/MetadataCache.php48L38: return unserialize((string)file_get_contents($this->getFilename($id))); → L48: $classMetadata = unserialize((string)file_get_contents($filename));high
New finding count2
View raw JSON
{
    "slug": "mailpoet",
    "previous_version": "5.23.2",
    "current_version": "5.23.2",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "lib/Doctrine/MetadataCache.php",
            "line": 38,
            "snippet": "L38: return unserialize((string)file_get_contents($this->getFilename($id)));  \u2192  L38: return unserialize((string)file_get_contents($this->getFilename($id)));",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "lib/Doctrine/MetadataCache.php",
            "line": 48,
            "snippet": "L38: return unserialize((string)file_get_contents($this->getFilename($id)));  \u2192  L48: $classMetadata = unserialize((string)file_get_contents($filename));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 2
}
High committer_younger_than_plugin MailPoet – Newsletters, Email Marketing, and Automation Resolved · benign_company_employee 25d ago
Slugmailpoet
Committer sluglysyjan87
Committer display nameJan Lysý
Committer employer
Committer member since2023-11-24
Committer first commit2024-07-16 13:24:48
Committer commit count30
Plugin listed authormailpoet
Earliest plugin commit2022-01-20 13:52:57
Plugin age at join days907
Committer age at join days235
Active installs500,000
View raw JSON
{
    "slug": "mailpoet",
    "committer_slug": "lysyjan87",
    "committer_display_name": "Jan Lys\u00fd",
    "committer_employer": null,
    "committer_member_since": "2023-11-24",
    "committer_first_commit": "2024-07-16 13:24:48",
    "committer_commit_count": 30,
    "plugin_listed_author": "mailpoet",
    "earliest_plugin_commit": "2022-01-20 13:52:57",
    "plugin_age_at_join_days": 907,
    "committer_age_at_join_days": 235,
    "active_installs": 500000
}
High committer_younger_than_plugin MailPoet – Newsletters, Email Marketing, and Automation Resolved · benign_company_employee 25d ago
Slugmailpoet
Committer slugseuna8c
Committer display nameSeun
Committer employer
Committer member since2024-10-22
Committer first commit2024-12-10 13:23:00
Committer commit count20
Plugin listed authormailpoet
Earliest plugin commit2022-01-20 13:52:57
Plugin age at join days1,054
Committer age at join days49
Active installs500,000
View raw JSON
{
    "slug": "mailpoet",
    "committer_slug": "seuna8c",
    "committer_display_name": "Seun",
    "committer_employer": null,
    "committer_member_since": "2024-10-22",
    "committer_first_commit": "2024-12-10 13:23:00",
    "committer_commit_count": 20,
    "plugin_listed_author": "mailpoet",
    "earliest_plugin_commit": "2022-01-20 13:52:57",
    "plugin_age_at_join_days": 1054,
    "committer_age_at_join_days": 49,
    "active_installs": 500000
}
High committer_younger_than_plugin MailPoet – Newsletters, Email Marketing, and Automation Resolved · benign_company_employee 25d ago
Slugmailpoet
Committer slugwxa1
Committer display namewxa1
Committer employer
Committer member since2024-07-15
Committer first commit2024-07-23 16:15:48
Committer commit count8
Plugin listed authormailpoet
Earliest plugin commit2022-01-20 13:52:57
Plugin age at join days915
Committer age at join days8
Active installs500,000
View raw JSON
{
    "slug": "mailpoet",
    "committer_slug": "wxa1",
    "committer_display_name": "wxa1",
    "committer_employer": null,
    "committer_member_since": "2024-07-15",
    "committer_first_commit": "2024-07-23 16:15:48",
    "committer_commit_count": 8,
    "plugin_listed_author": "mailpoet",
    "earliest_plugin_commit": "2022-01-20 13:52:57",
    "plugin_age_at_join_days": 915,
    "committer_age_at_join_days": 8,
    "active_installs": 500000
}

Plugins authored (2)

Plugin Version Installs Last updated Status
MailPoet – Newsletters, Email Marketing, and Automation ·mailpoet 5.25.0 500k+ 17d ago Active
MailPoet Newsletters (Previous) ·wysija-newsletters 2.22 Closed

SVN commit access (2)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
MailPoet – Newsletters, Email Marketing, and Automation mailpoet 500k+ 21 4y ago 1y ago Active
MailPoet Newsletters (Previous) mailpoet 19 4y ago 3y ago Closed