Author: metaslider – WP Beacon

Alerts (0)

No open alerts.

Show 3 resolved alerts

Critical code_pattern Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Resolved · no_longer_matches 7d ago

Slug	ml-slider
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`3.108.0`
Hit count	3
First hit	File `lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php` Line 73 Snippet L73: return unserialize(file_get_contents($file)); → L73: return unserialize(file_get_contents($file));
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.

View raw JSON

{
    "slug": "ml-slider",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.108.0",
    "hit_count": 3,
    "first_hit": {
        "file": "lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php",
        "line": 73,
        "snippet": "L73: return unserialize(file_get_contents($file));  \u2192  L73: return unserialize(file_get_contents($file));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}

Critical code_scan_delta Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Resolved · fp_vendored_library_local_cache 7d ago

Slug ml-slider

Previous version 3.108.0

Current version 3.108.0

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php`	73	L73: return unserialize(file_get_contents($file)); → L73: return unserialize(file_get_contents($file));	`high`
`unserialize_after_remote_call`	`builtin`	`lib/htmlpurifier/library/HTMLPurifier/ConfigSchema.php`	72	L71: $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/sc → L72: $r = unserialize($contents);	`high`
`unserialize_after_remote_call`	`builtin`	`lib/htmlpurifier/library/HTMLPurifier/EntityLookup.php`	26	L26: $this->table = unserialize(file_get_contents($file)); → L26: $this->table = unserialize(file_get_contents($file));	`high`

New finding count 3

View raw JSON

{
    "slug": "ml-slider",
    "previous_version": "3.108.0",
    "current_version": "3.108.0",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "lib/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php",
            "line": 73,
            "snippet": "L73: return unserialize(file_get_contents($file));  \u2192  L73: return unserialize(file_get_contents($file));",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "lib/htmlpurifier/library/HTMLPurifier/ConfigSchema.php",
            "line": 72,
            "snippet": "L71: $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/sc  \u2192  L72: $r = unserialize($contents);",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "lib/htmlpurifier/library/HTMLPurifier/EntityLookup.php",
            "line": 26,
            "snippet": "L26: $this->table = unserialize(file_get_contents($file));  \u2192  L26: $this->table = unserialize(file_get_contents($file));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

Medium contributor_added MetaSlider Gallery – Image Gallery, Lightbox Galleries, Modal Windows Resolved · cold_start_fp 1d ago

Slug	ml-slider-lightbox
New contributors	`andergmartins` `htmgarcia` `publishpress` `rochdesigns` `stevejburge`
Active installs	10,000

View raw JSON

{
    "slug": "ml-slider-lightbox",
    "new_contributors": [
        "andergmartins",
        "htmgarcia",
        "publishpress",
        "rochdesigns",
        "stevejburge"
    ],
    "active_installs": 10000
}

Plugins authored (3)

Plugin	Version	Installs	Last updated	Status
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider ·`ml-slider`	3.108.0	500k+	15d ago	Active
MetaSlider Gallery – Image Gallery, Lightbox Galleries, Modal Windows ·`ml-slider-lightbox`	2.23.0	10k+	1d ago	Active
MetaSlider Schedule Slides ·`meta-slider-schedule-slides`	1.0.5	—	—	Closed

SVN commit access (2)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider	metaslider	500k+	93	5y ago	1y ago	Active
MetaSlider Gallery – Image Gallery, Lightbox Galleries, Modal Windows	metaslider	10k+	10	5y ago	3y ago	Active