mainwp

@mainwp · wordpress.org profile ↗

Member since: 2013-08-11
Location: —
Employer: MainWP
Job title: —
Authored: 4
SVN commit access: 4
Readme contributor: 0
Combined install base: 825k+ across 4 plugins

Alerts (0)

No open alerts.

Show 5 resolved alerts

Critical new_committer_young_account MainWP Key Maker Resolved · no_longer_matches 28d ago

Slug	mainwp-key-maker
Committer	thanghoang
Display name	`thanghoang`
Member since	2024-06-27
First commit at	2024-06-27 12:31:45
Account age at first commit	0
Commit count	10
Active installs	5,000

View raw JSON

{
    "slug": "mainwp-key-maker",
    "committer": "thanghoang",
    "display_name": "thanghoang",
    "member_since": "2024-06-27",
    "first_commit_at": "2024-06-27 12:31:45",
    "account_age_at_first_commit": 0,
    "commit_count": 10,
    "active_installs": 5000
}

Critical new_committer_young_account MainWP Child Reports Resolved · no_longer_matches 29d ago

Slug	mainwp-child-reports
Committer	thanghoang
Display name	`thanghoang`
Member since	2024-06-27
First commit at	2024-07-16 11:37:50
Account age at first commit	19
Commit count	29
Active installs	100,000

View raw JSON

{
    "slug": "mainwp-child-reports",
    "committer": "thanghoang",
    "display_name": "thanghoang",
    "member_since": "2024-06-27",
    "first_commit_at": "2024-07-16 11:37:50",
    "account_age_at_first_commit": 19,
    "commit_count": 29,
    "active_installs": 100000
}

Critical new_committer_young_account MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Resolved · audit:benign 1mo ago

Slug	mainwp-child
Committer	thanghoang
Display name	`thanghoang`
Member since	2024-06-27
First commit at	2024-07-09 16:51:02
Account age at first commit	12
Commit count	92
Active installs	700,000

View raw JSON

{
    "slug": "mainwp-child",
    "committer": "thanghoang",
    "display_name": "thanghoang",
    "member_since": "2024-06-27",
    "first_commit_at": "2024-07-09 16:51:02",
    "account_age_at_first_commit": 12,
    "commit_count": 92,
    "active_installs": 700000
}

High code_scan_match MainWP Dashboard: Self-hosted WordPress Management for Agencies Resolved · code_scan_fp_class_genre_encoding 17d ago

Slug mainwp

Finding count 52

Findings

Pattern	Kind	File	Line	Snippet	Confidence
`base64_decode`	`builtin`	`page/page-mainwp-bulk-add.php`	14	`$information = unserialize( base64_decode( $result ) );`	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-themes.php`	881	`$themes = unserialize( base64_decode( $results[1] ) );`	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-plugins.php`	911	`$plugins = unserialize( base64_decode( $results[1] ) );`	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-user.php`	868	`$users = unserialize( base64_decode( $results[1] ) );`	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	745	`$posts = unserialize( base64_decode( $results[1] ) );`	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	973	`$posts = unserialize( base64_decode( $results[1] ) );`	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	1,078	$selected_sites = unserialize( base64_decode( get_post_meta( $id, '_selected_sites', true ) ) );	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	1,079	$selected_groups = unserialize( base64_decode( get_post_meta( $id, '_selected_groups', true ) ) );	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	1,082	`$post_category = base64_decode( get_post_meta( $id, '_categories', true ) );`	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	1,084	$post_tags = base64_decode( get_post_meta( $id, '_tags', true ) );	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	1,085	$post_slug = base64_decode( get_post_meta( $id, '_slug', true ) );	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	1,291	$cats = unserialize( base64_decode( $result ) );	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	1,334	`$selected_cats = unserialize( base64_decode( $opt ) );`	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	1,339	$selected_cats = unserialize( base64_decode( $opt[ $prefix ]['selected_cats'] ) );	`medium`
`base64_decode`	`builtin`	`page/page-mainwp-post.php`	1,431	$new_post = maybe_unserialize( base64_decode( $post_data['new_post'] ) );	`medium`

Resolved sha 236399a6b0d61d9b7cc8037012fc6f606b43fc50

View raw JSON

{
    "slug": "mainwp",
    "finding_count": 52,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-bulk-add.php",
            "line": 14,
            "snippet": "$information = unserialize( base64_decode( $result ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-themes.php",
            "line": 881,
            "snippet": "$themes = unserialize( base64_decode( $results[1] ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-plugins.php",
            "line": 911,
            "snippet": "$plugins = unserialize( base64_decode( $results[1] ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-user.php",
            "line": 868,
            "snippet": "$users = unserialize( base64_decode( $results[1] ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 745,
            "snippet": "$posts = unserialize( base64_decode( $results[1] ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 973,
            "snippet": "$posts = unserialize( base64_decode( $results[1] ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 1078,
            "snippet": "$selected_sites  = unserialize( base64_decode( get_post_meta( $id, '_selected_sites', true ) ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 1079,
            "snippet": "$selected_groups = unserialize( base64_decode( get_post_meta( $id, '_selected_groups', true ) ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 1082,
            "snippet": "$post_category = base64_decode( get_post_meta( $id, '_categories', true ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 1084,
            "snippet": "$post_tags   = base64_decode( get_post_meta( $id, '_tags', true ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 1085,
            "snippet": "$post_slug   = base64_decode( get_post_meta( $id, '_slug', true ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 1291,
            "snippet": "$cats                         = unserialize( base64_decode( $result ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 1334,
            "snippet": "$selected_cats = unserialize( base64_decode( $opt ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 1339,
            "snippet": "$selected_cats = unserialize( base64_decode( $opt[ $prefix ]['selected_cats'] ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "page/page-mainwp-post.php",
            "line": 1431,
            "snippet": "$new_post            = maybe_unserialize( base64_decode( $post_data['new_post'] ) );",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "236399a6b0d61d9b7cc8037012fc6f606b43fc50"
}

High code_scan_match MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites Resolved · code_scan_fp_class_genre_encoding 17d ago

Slug mainwp-child

Finding count 47

Findings

Pattern	Kind	File	Line	Snippet	Confidence
`base64_decode`	`builtin`	`class/class-mainwp-child-ithemes-security.php`	422	$update_settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- base64_e	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-child-ithemes-security.php`	671	$data = isset( $_POST['data'] ) ? json_decode( base64_decode( wp_unslash( $_POST['data'] ) ), true ) : array(); // phpcs:ignore WordPress.Security.NonceVerification,WordPress.Security.V	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-child-timecapsule.php`	1,655	$data = isset( $_POST['data'] ) ? json_decode( base64_decode( wp_unslash( $_POST['data'] ) ), true ) : array(); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,Wor	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-wordpress-seo.php`	112	$file_url = ! empty( $_POST['file_url'] ) ? sanitize_text_field( base64_decode( wp_unslash( $_POST['file_url'] ) ) ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions, Word	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-wordpress-seo.php`	136	$settings = ! empty( $_POST['settings'] ) ? base64_decode( wp_unslash( $_POST['settings'] ) ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions,WordPress.Security.ValidatedSa	`medium`
`wpconfig_write`	`builtin`	`class/class-mainwp-clone-install.php`	280	$wpConfig = file_get_contents( ABSPATH . 'wp-config.php' ); //phpcs:ignore WordPress.WP.AlternativeFunctions	`medium`
`wpconfig_write`	`builtin`	`class/class-mainwp-clone-install.php`	285	MainWP_Helper::file_put_contents( ABSPATH . 'wp-config.php', $wpConfig ); //phpcs:ignore WordPress.WP.AlternativeFunctions	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-child-users.php`	547	$new_password = isset( $_POST['new_password'] ) ? base64_decode( wp_unslash( $_POST['new_password'] ) ) : ''; //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, Word	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-child-users.php`	607	$new_user = isset( $_POST['new_user'] ) ? json_decode( base64_decode( wp_unslash( $_POST['new_user'] ) ), true ) : ''; //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotS	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-connect.php`	518	$auth = static::connect_verify( $func . $nonce, base64_decode( $signature ), base64_decode( get_option( 'mainwp_child_pubkey' ) ), $algo ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunc	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-child-keys-manager.php`	163	$encodedValue = base64_decode( $encodedValue ); //phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- safe.	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-child-keys-manager.php`	177	$encryptedValue = base64_decode( $encodedValue ); //phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- safe.	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-child-pagespeed.php`	276	$settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions,WordPress.Secu	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-child-wordfence.php`	1,551	$settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] )), true ) : array(); // phpcs:ignore -- custom fix to pass through security rules of Dream	`medium`
`base64_decode`	`builtin`	`class/class-mainwp-child-wp-rocket.php`	937	$options = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : ''; //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitiz	`medium`

Resolved sha 8d6aa3845211ae7d39a690c5ef44bbea01e5837a

View raw JSON

{
    "slug": "mainwp-child",
    "finding_count": 47,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-child-ithemes-security.php",
            "line": 422,
            "snippet": "$update_settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions  -- base64_e",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-child-ithemes-security.php",
            "line": 671,
            "snippet": "$data        = isset( $_POST['data'] ) ? json_decode( base64_decode( wp_unslash( $_POST['data'] ) ), true ) : array(); // phpcs:ignore WordPress.Security.NonceVerification,WordPress.Security.V",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-child-timecapsule.php",
            "line": 1655,
            "snippet": "$data = isset( $_POST['data'] ) ? json_decode( base64_decode( wp_unslash( $_POST['data'] ) ), true ) : array(); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,Wor",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-wordpress-seo.php",
            "line": 112,
            "snippet": "$file_url       = ! empty( $_POST['file_url'] ) ? sanitize_text_field( base64_decode( wp_unslash( $_POST['file_url'] ) ) ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions, Word",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-wordpress-seo.php",
            "line": 136,
            "snippet": "$settings = ! empty( $_POST['settings'] ) ? base64_decode( wp_unslash( $_POST['settings'] ) ) : ''; // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions,WordPress.Security.ValidatedSa",
            "confidence": "medium"
        },
        {
            "pattern": "wpconfig_write",
            "kind": "builtin",
            "file": "class/class-mainwp-clone-install.php",
            "line": 280,
            "snippet": "$wpConfig = file_get_contents( ABSPATH . 'wp-config.php' ); //phpcs:ignore WordPress.WP.AlternativeFunctions",
            "confidence": "medium"
        },
        {
            "pattern": "wpconfig_write",
            "kind": "builtin",
            "file": "class/class-mainwp-clone-install.php",
            "line": 285,
            "snippet": "MainWP_Helper::file_put_contents( ABSPATH . 'wp-config.php', $wpConfig ); //phpcs:ignore WordPress.WP.AlternativeFunctions",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-child-users.php",
            "line": 547,
            "snippet": "$new_password = isset( $_POST['new_password'] ) ? base64_decode( wp_unslash( $_POST['new_password'] ) ) : '';  //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, Word",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-child-users.php",
            "line": 607,
            "snippet": "$new_user      = isset( $_POST['new_user'] ) ? json_decode( base64_decode( wp_unslash( $_POST['new_user'] ) ), true ) : '';  //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotS",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-connect.php",
            "line": 518,
            "snippet": "$auth = static::connect_verify( $func . $nonce, base64_decode( $signature ), base64_decode( get_option( 'mainwp_child_pubkey' ) ), $algo ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunc",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-child-keys-manager.php",
            "line": 163,
            "snippet": "$encodedValue = base64_decode( $encodedValue ); //phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- safe.",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-child-keys-manager.php",
            "line": 177,
            "snippet": "$encryptedValue = base64_decode( $encodedValue ); //phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions -- safe.",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-child-pagespeed.php",
            "line": 276,
            "snippet": "$settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : array(); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions,WordPress.Secu",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-child-wordfence.php",
            "line": 1551,
            "snippet": "$settings = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] )), true ) : array(); // phpcs:ignore -- custom fix to pass through security rules of Dream",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class/class-mainwp-child-wp-rocket.php",
            "line": 937,
            "snippet": "$options = isset( $_POST['settings'] ) ? json_decode( base64_decode( wp_unslash( $_POST['settings'] ) ), true ) : '';  //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitiz",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "8d6aa3845211ae7d39a690c5ef44bbea01e5837a"
}

Plugins authored (4)

Plugin	Version	Installs	Last updated	Status
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites ·`mainwp-child`	6.0.11	700k+	17d ago	Active
MainWP Child Reports ·`mainwp-child-reports`	2.3.1	100k+	1mo ago	Active
MainWP Dashboard: Self-hosted WordPress Management for Agencies ·`mainwp`	6.0.12	20k+	17d ago	Active
MainWP Key Maker ·`mainwp-key-maker`	1.3	5k+	5mo ago	Active

SVN commit access (4)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
MainWP Dashboard: Self-hosted WordPress Management for Agencies	mainwp	20k+	379	10y ago	1y ago	Active
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites	mainwp	700k+	107	11y ago	1y ago	Active
MainWP Child Reports	mainwp	100k+	97	10y ago	2y ago	Active
MainWP Key Maker	mainwp	5k+	33	10y ago	2y ago	Active