WP Beacon

oceanwp

@oceanwp · wordpress.org profile ↗
Member since
2016-10-19
Location
Employer
OceanWP
Job title
Developer
Authored
8 (1 closed)
SVN commit access
7
Readme contributor
0
Combined install base
660k+ across 8 plugins

Alerts (0)

No open alerts.

Show 4 resolved alerts
Critical code_pattern Ocean Extra Resolved · no_longer_matches 7d ago
Slugocean-extra
Patternunserialize_after_remote_call
Kindbuiltin
Version2.5.5
Hit count3
First hit
File
includes/panel/classes/importers/class-settings-importer.php
Line
25
Snippet
L24: $raw = file_get_contents( $file ); → L25: $data = @unserialize( $raw, [ 'allowed_classes' => false ] );
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "ocean-extra",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "2.5.5",
    "hit_count": 3,
    "first_hit": {
        "file": "includes/panel/classes/importers/class-settings-importer.php",
        "line": 25,
        "snippet": "L24: $raw  = file_get_contents( $file );  \u2192  L25: $data = @unserialize( $raw, [ 'allowed_classes' => false ]  );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta Ocean Extra Resolved · fp_safe_deserialize_allowed_classes_false 7d ago
Slugocean-extra
Previous version2.5.5
Current version2.5.5
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinincludes/panel/classes/importers/class-settings-importer.php25L24: $raw = file_get_contents( $file ); → L25: $data = @unserialize( $raw, [ 'allowed_classes' => false ] );high
unserialize_after_remote_callbuiltinincludes/onboarding/class/importer/theme-settings.php38L32: $raw = file_get_contents( $file ); → L38: $data = @unserialize( $raw, [ 'allowed_classes' => false ] );high
unserialize_after_remote_callbuiltinincludes/themepanel/theme-panel.php434L433: $raw = file_get_contents( $file ); → L434: $data = @unserialize( $raw, [ 'allowed_classes' => false ] );high
New finding count3
View raw JSON
{
    "slug": "ocean-extra",
    "previous_version": "2.5.5",
    "current_version": "2.5.5",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/panel/classes/importers/class-settings-importer.php",
            "line": 25,
            "snippet": "L24: $raw  = file_get_contents( $file );  \u2192  L25: $data = @unserialize( $raw, [ 'allowed_classes' => false ]  );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/onboarding/class/importer/theme-settings.php",
            "line": 38,
            "snippet": "L32: $raw = file_get_contents( $file );  \u2192  L38: $data = @unserialize( $raw, [ 'allowed_classes' => false ] );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/themepanel/theme-panel.php",
            "line": 434,
            "snippet": "L433: $raw  = file_get_contents( $file );  \u2192  L434: $data = @unserialize( $raw, [ 'allowed_classes' => false ]  );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}
Medium bulk_committer_takeover Ocean Extra Resolved · no_longer_matches 8d ago
Committerapprimit
Member since2016-01-12
Plugins joined7
Spread days182
Earliest join2020-04-01 13:38:37
Latest join2020-09-30 15:51:31
Combined installs660,000
Sample plugins
SlugActive installsFirst commit at
ocean-extra500,0002020-09-30 15:51:31
ocean-social-sharing70,0002020-04-01 13:49:02
ocean-custom-sidebar30,0002020-04-01 13:38:37
ocean-product-sharing20,0002020-04-01 13:45:30
ocean-stick-anything20,0002020-04-01 13:51:03
ocean-modal-window10,0002020-04-01 13:41:01
ocean-posts-slider10,0002020-04-01 13:43:09
View raw JSON
{
    "committer": "apprimit",
    "member_since": "2016-01-12",
    "plugins_joined": 7,
    "spread_days": 182,
    "earliest_join": "2020-04-01 13:38:37",
    "latest_join": "2020-09-30 15:51:31",
    "combined_installs": 660000,
    "sample_plugins": [
        {
            "slug": "ocean-extra",
            "active_installs": 500000,
            "first_commit_at": "2020-09-30 15:51:31"
        },
        {
            "slug": "ocean-social-sharing",
            "active_installs": 70000,
            "first_commit_at": "2020-04-01 13:49:02"
        },
        {
            "slug": "ocean-custom-sidebar",
            "active_installs": 30000,
            "first_commit_at": "2020-04-01 13:38:37"
        },
        {
            "slug": "ocean-product-sharing",
            "active_installs": 20000,
            "first_commit_at": "2020-04-01 13:45:30"
        },
        {
            "slug": "ocean-stick-anything",
            "active_installs": 20000,
            "first_commit_at": "2020-04-01 13:51:03"
        },
        {
            "slug": "ocean-modal-window",
            "active_installs": 10000,
            "first_commit_at": "2020-04-01 13:41:01"
        },
        {
            "slug": "ocean-posts-slider",
            "active_installs": 10000,
            "first_commit_at": "2020-04-01 13:43:09"
        }
    ]
}
Medium bulk_committer_takeover Ocean Extra Resolved · no_longer_matches 8d ago
Committerapprimit
Member since2016-01-12
Plugins joined5
Spread days182
Earliest join2020-04-01 13:38:37
Latest join2020-09-30 15:51:31
Combined installs640,000
Sample plugins
SlugActive installsFirst commit at
ocean-extra500,0002020-09-30 15:51:31
ocean-social-sharing70,0002020-04-01 13:49:02
ocean-custom-sidebar30,0002020-04-01 13:38:37
ocean-product-sharing20,0002020-04-01 13:45:30
ocean-stick-anything20,0002020-04-01 13:51:03
View raw JSON
{
    "committer": "apprimit",
    "member_since": "2016-01-12",
    "plugins_joined": 5,
    "spread_days": 182,
    "earliest_join": "2020-04-01 13:38:37",
    "latest_join": "2020-09-30 15:51:31",
    "combined_installs": 640000,
    "sample_plugins": [
        {
            "slug": "ocean-extra",
            "active_installs": 500000,
            "first_commit_at": "2020-09-30 15:51:31"
        },
        {
            "slug": "ocean-social-sharing",
            "active_installs": 70000,
            "first_commit_at": "2020-04-01 13:49:02"
        },
        {
            "slug": "ocean-custom-sidebar",
            "active_installs": 30000,
            "first_commit_at": "2020-04-01 13:38:37"
        },
        {
            "slug": "ocean-product-sharing",
            "active_installs": 20000,
            "first_commit_at": "2020-04-01 13:45:30"
        },
        {
            "slug": "ocean-stick-anything",
            "active_installs": 20000,
            "first_commit_at": "2020-04-01 13:51:03"
        }
    ]
}

Plugins authored (8)

Plugin Version Installs Last updated Status
Ocean Extra ·ocean-extra 2.5.5 500k+ 1mo ago Active
Ocean Social Sharing ·ocean-social-sharing 2.2.2 70k+ 9mo ago Active
Ocean Custom Sidebar ·ocean-custom-sidebar 1.1.4 30k+ 11mo ago Active
Ocean Stick Anything ·ocean-stick-anything 2.0.9 20k+ 11mo ago Active
Ocean Product Sharing ·ocean-product-sharing 2.2.1 20k+ 11mo ago Active
Ocean Modal Window ·ocean-modal-window 2.3.3 10k+ 5mo ago Active
Ocean Posts Slider ·ocean-posts-slider 2.0.9 10k+ 1y ago Active
Ocean Demo Import ·ocean-demo-import 1.0.11 Closed

SVN commit access (7)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Ocean Extra oceanwp 500k+ 84 9y ago 5y ago Active
Ocean Social Sharing oceanwp 70k+ 32 9y ago 6y ago Active
Ocean Posts Slider oceanwp 10k+ 29 9y ago 6y ago Active
Ocean Product Sharing oceanwp 20k+ 26 9y ago 6y ago Active
Ocean Modal Window oceanwp 10k+ 26 9y ago 6y ago Active
Ocean Custom Sidebar oceanwp 30k+ 23 9y ago 6y ago Active
Ocean Stick Anything oceanwp 20k+ 6 7y ago 6y ago Active