Author: paultgoodchild

Alerts (0)

No open alerts.

Show 8 resolved alerts

Critical code_scan_match Flexible SSL for CloudFlare Resolved · code_scan_fp_class_pluginauth_known_fp 1mo ago

Slug cloudflare-flexible-ssl

Finding count 2

Findings

Pattern	Kind	File	Line	Snippet	Confidence
`PluginAUTH`	`ioc:code_pattern`	`plugin.php`	4	`* Plugin URI: https://icwp.io/cloudflaresslpluginauthor`	`high`
`PluginAUTH`	`ioc:code_pattern`	`plugin.php`	9	`* Author URI: https://icwp.io/cloudflaresslpluginauthor`	`high`

Resolved sha b6d92bc1f800748579e12e926ee460c0df4670de

View raw JSON

{
    "slug": "cloudflare-flexible-ssl",
    "finding_count": 2,
    "findings": [
        {
            "pattern": "PluginAUTH",
            "kind": "ioc:code_pattern",
            "file": "plugin.php",
            "line": 4,
            "snippet": "* Plugin URI: https://icwp.io/cloudflaresslpluginauthor",
            "confidence": "high"
        },
        {
            "pattern": "PluginAUTH",
            "kind": "ioc:code_pattern",
            "file": "plugin.php",
            "line": 9,
            "snippet": "* Author URI: https://icwp.io/cloudflaresslpluginauthor",
            "confidence": "high"
        }
    ],
    "resolved_sha": "b6d92bc1f800748579e12e926ee460c0df4670de"
}

Critical code_pattern iControlWP Resolved · false_positive_rule_overfire 1mo ago

Slug	worpit-admin-dashboard-plugin
Pattern	`PluginAUTH`
Kind	`ioc:code_pattern`
Version	`5.5.4`
Hit count	8
First hit	File `src/features/plugin.php` Line 46 Snippet 'sAuthKey' => $this->getPluginAuthKey(),
Explanation	—

View raw JSON

{
    "slug": "worpit-admin-dashboard-plugin",
    "pattern": "PluginAUTH",
    "kind": "ioc:code_pattern",
    "version": "5.5.4",
    "hit_count": 8,
    "first_hit": {
        "file": "src/features/plugin.php",
        "line": 46,
        "snippet": "'sAuthKey'                  => $this->getPluginAuthKey(),"
    },
    "explanation": null
}

Critical code_pattern Flexible SSL for CloudFlare Resolved · false_positive_rule_overfire 1mo ago

Slug	cloudflare-flexible-ssl
Pattern	`PluginAUTH`
Kind	`ioc:code_pattern`
Version	`1.3.1`
Hit count	2
First hit	File `plugin.php` Line 4 Snippet `* Plugin URI: https://icwp.io/cloudflaresslpluginauthor`
Explanation	—

View raw JSON

{
    "slug": "cloudflare-flexible-ssl",
    "pattern": "PluginAUTH",
    "kind": "ioc:code_pattern",
    "version": "1.3.1",
    "hit_count": 2,
    "first_hit": {
        "file": "plugin.php",
        "line": 4,
        "snippet": "* Plugin URI: https://icwp.io/cloudflaresslpluginauthor"
    },
    "explanation": null
}

Critical code_scan_delta Flexible SSL for CloudFlare Resolved · false_positive_cdn_known_good 1mo ago

Slug cloudflare-flexible-ssl

Previous version 1.3.1

Current version 1.3.1

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`PluginAUTH`	`ioc:code_pattern`	`plugin.php`	4	`* Plugin URI: https://icwp.io/cloudflaresslpluginauthor`	`high`
`PluginAUTH`	`ioc:code_pattern`	`plugin.php`	9	`* Author URI: https://icwp.io/cloudflaresslpluginauthor`	`high`

New finding count 2

View raw JSON

{
    "slug": "cloudflare-flexible-ssl",
    "previous_version": "1.3.1",
    "current_version": "1.3.1",
    "new_findings": [
        {
            "pattern": "PluginAUTH",
            "kind": "ioc:code_pattern",
            "file": "plugin.php",
            "line": 4,
            "snippet": "* Plugin URI: https://icwp.io/cloudflaresslpluginauthor",
            "confidence": "high"
        },
        {
            "pattern": "PluginAUTH",
            "kind": "ioc:code_pattern",
            "file": "plugin.php",
            "line": 9,
            "snippet": "* Author URI: https://icwp.io/cloudflaresslpluginauthor",
            "confidence": "high"
        }
    ],
    "new_finding_count": 2
}

Medium domain_younger_than_plugin Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning Resolved · benign_vendor_product_domain 15d ago

Slug	wp-simple-firewall
Domain	`shldscrty.com`
Domain source	`plugin_uri`
Domain registered at	2024-11-27
Plugin earliest commit	2023-07-26 08:24:37
Plugin latest release	2026-05-25 13:19:41
Gap days	489
Domain age at release	544
Active installs	40,000

View raw JSON

{
    "slug": "wp-simple-firewall",
    "domain": "shldscrty.com",
    "domain_source": "plugin_uri",
    "domain_registered_at": "2024-11-27",
    "plugin_earliest_commit": "2023-07-26 08:24:37",
    "plugin_latest_release": "2026-05-25 13:19:41",
    "gap_days": 489,
    "domain_age_at_release": 544,
    "active_installs": 40000
}

Medium code_scan_delta Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning Resolved · benign_baseline_findings_no_new_ioc 15d ago

Slug wp-simple-firewall

Previous version 21.2.6

Current version 22.0.7

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`base64_decode`	`builtin`	`src/Modules/HackGuard/Scan/Queue/QueueItemVO.php`	63	`$decoded = \base64_decode( $value, true );`	`medium`
`base64_decode`	`builtin`	`src/Scans/Afs/Scan.php`	21	`$path = \base64_decode( (string)$item, true );`	`medium`
`base64_decode`	`builtin`	`src/Components/CompCons/Login/TwoFactor/Import/SolidSecurityBridge.php`	160	`$decoded = \base64_decode( \substr( $storedSecret, 4 ), true );`	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/league/uri/src/Uri.php`	697	`$userinfo = base64_decode(substr($server['HTTP_AUTHORIZATION'], 6), true);`	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/league/uri/src/Uri.php`	877	`$res = base64_decode($data, true);`	`medium`
`hex_string_long`	`builtin`	`vendor_prefixed/league/uri/src/Uri.php`	199	private const ASCII = "\x20\x65\x69\x61\x73\x6E\x74\x72\x6F\x6C\x75\x64\x5D\x5B\x63\x6D\x70\x27\x0A\x67\x7C\x68\x76\x2E\x66\x62\x2C\x3A\x3D\x2D\x71\x31\x30\x43\x32\x2A\x79\x78\x29\x28\x4C\x39\x41\	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/thecodingmachine/safe/src/functions.php`	15	`function base64_decode( string $data, bool $strict = false ) :string {`	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/thecodingmachine/safe/src/functions.php`	17	`$result = \base64_decode( $data, $strict );`	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/beberlei/assert/lib/Assert/Assertion.php`	2,115	`if (false === \base64_decode($value, true)) {`	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/spomky-labs/base64url/src/Base64Url.php`	49	`$decoded = base64_decode(strtr($data, '-_', '+/'), true);`	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/spomky-labs/cbor-php/src/Tag/Base64EncodingTag.php`	56	`$result = base64_decode($this->object->getNormalizedData($ignoreTags), true);`	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/spomky-labs/cbor-php/src/Utils.php`	52	`$decoded = base64_decode(strtr($data, '-_', '+/'), true);`	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/fgrosse/phpasn1/lib/ASN1/TemplateParser.php`	28	`return $this->parseBinary(base64_decode($data), $template);`	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/web-auth/metadata-service/src/SingleMetadata.php`	45	`$json = base64_decode($this->data, true);`	`medium`
`base64_decode`	`builtin`	`vendor_prefixed/web-auth/webauthn-lib/src/PublicKeyCredentialUserEntity.php`	66	`$id = base64_decode($json['id'], true);`	`medium`

New finding count 20

View raw JSON

{
    "slug": "wp-simple-firewall",
    "previous_version": "21.2.6",
    "current_version": "22.0.7",
    "new_findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Modules/HackGuard/Scan/Queue/QueueItemVO.php",
            "line": 63,
            "snippet": "$decoded = \\base64_decode( $value, true );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Scans/Afs/Scan.php",
            "line": 21,
            "snippet": "$path = \\base64_decode( (string)$item, true );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Components/CompCons/Login/TwoFactor/Import/SolidSecurityBridge.php",
            "line": 160,
            "snippet": "$decoded = \\base64_decode( \\substr( $storedSecret, 4 ), true );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/league/uri/src/Uri.php",
            "line": 697,
            "snippet": "$userinfo = base64_decode(substr($server['HTTP_AUTHORIZATION'], 6), true);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/league/uri/src/Uri.php",
            "line": 877,
            "snippet": "$res = base64_decode($data, true);",
            "confidence": "medium"
        },
        {
            "pattern": "hex_string_long",
            "kind": "builtin",
            "file": "vendor_prefixed/league/uri/src/Uri.php",
            "line": 199,
            "snippet": "private const ASCII = \"\\x20\\x65\\x69\\x61\\x73\\x6E\\x74\\x72\\x6F\\x6C\\x75\\x64\\x5D\\x5B\\x63\\x6D\\x70\\x27\\x0A\\x67\\x7C\\x68\\x76\\x2E\\x66\\x62\\x2C\\x3A\\x3D\\x2D\\x71\\x31\\x30\\x43\\x32\\x2A\\x79\\x78\\x29\\x28\\x4C\\x39\\x41\\",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/thecodingmachine/safe/src/functions.php",
            "line": 15,
            "snippet": "function base64_decode( string $data, bool $strict = false ) :string {",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/thecodingmachine/safe/src/functions.php",
            "line": 17,
            "snippet": "$result = \\base64_decode( $data, $strict );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/beberlei/assert/lib/Assert/Assertion.php",
            "line": 2115,
            "snippet": "if (false === \\base64_decode($value, true)) {",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/spomky-labs/base64url/src/Base64Url.php",
            "line": 49,
            "snippet": "$decoded = base64_decode(strtr($data, '-_', '+/'), true);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/spomky-labs/cbor-php/src/Tag/Base64EncodingTag.php",
            "line": 56,
            "snippet": "$result = base64_decode($this->object->getNormalizedData($ignoreTags), true);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/spomky-labs/cbor-php/src/Utils.php",
            "line": 52,
            "snippet": "$decoded = base64_decode(strtr($data, '-_', '+/'), true);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/fgrosse/phpasn1/lib/ASN1/TemplateParser.php",
            "line": 28,
            "snippet": "return $this->parseBinary(base64_decode($data), $template);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/web-auth/metadata-service/src/SingleMetadata.php",
            "line": 45,
            "snippet": "$json = base64_decode($this->data, true);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/web-auth/webauthn-lib/src/PublicKeyCredentialUserEntity.php",
            "line": 66,
            "snippet": "$id = base64_decode($json['id'], true);",
            "confidence": "medium"
        }
    ],
    "new_finding_count": 20
}

Medium code_scan_match Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning Resolved · code_scan_fp_class_genre_encoding 1mo ago

Slug wp-simple-firewall

Finding count 30

Findings

Pattern	Kind	File	Line	Snippet	Confidence
`base64_decode`	`builtin`	`src/Utilities/Forms/FormParams.php`	32	`$raw = \base64_decode( $raw );`	`medium`
`base64_decode`	`builtin`	`src/Utilities/Tool/ConvertHtmlToPDF.php`	23	return empty( $res[ 'is_base64' ] ) ? $res[ 'converted_content' ] : \base64_decode( $res[ 'converted_content' ] );	`medium`
`gzinflate`	`builtin`	`src/Modules/Plugin/Lib/Reporting/ReportingController.php`	58	`return ( new ConvertHtmlToPDF() )->run( \gzinflate( $report->content ) );`	`medium`
`base64_decode`	`builtin`	`src/Modules/LoginGuard/Lib/TwoFactor/Provider/Passkey.php`	196	`return $this->verifyAuthResponse( \base64_decode( $otp ) )->success;`	`medium`
`base64_decode`	`builtin`	`src/Modules/HackGuard/Lib/FileLocker/Ops/Diff.php`	44	`base64_decode( $res[ 'html' ][ 'css_default' ] ),`	`medium`
`base64_decode`	`builtin`	`src/Modules/HackGuard/Lib/FileLocker/Ops/Diff.php`	45	`base64_decode( $res[ 'html' ][ 'content' ] )`	`medium`
`base64_decode`	`builtin`	`src/Modules/HackGuard/Scan/Queue/QueueItemVO.php`	65	`$decoded = \base64_decode( $value, true );`	`medium`
`base64_decode`	`builtin`	`src/Scans/Afs/Scan.php`	21	`$path = \base64_decode( (string)$item, true );`	`medium`
`base64_decode`	`builtin`	`src/Scans/Afs/ResultItem.php`	106	`$value = \base64_decode( $value );`	`medium`
`base64_decode`	`builtin`	`src/Scans/Afs/ScanFromFileMap.php`	27	`$fullPath = \base64_decode( $fullPath );`	`medium`
`base64_decode`	`builtin`	`src/DBs/Mfa/Ops/Record.php`	20	`$value = @\json_decode( @\base64_decode( $value ), true );`	`medium`
`base64_decode`	`builtin`	`src/DBs/Malware/Ops/Record.php`	30	`$value = \base64_decode( $value );`	`medium`
`base64_decode`	`builtin`	`src/DBs/FileLocker/Ops/Record.php`	25	`$value = (string)\base64_decode( $value );`	`medium`
`base64_decode`	`builtin`	`src/DBs/Snapshots/Ops/Record.php`	16	`$value = @\json_decode( @\base64_decode( $value ), true );`	`medium`
`base64_decode`	`builtin`	`src/DBs/Rules/Ops/Record.php`	30	`$value = @\json_decode( @\base64_decode( (string)$value ), true );`	`medium`

Resolved sha dd3934f54a053ae11586c9fc6f18fc4b0e2e5599

View raw JSON

{
    "slug": "wp-simple-firewall",
    "finding_count": 30,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Utilities/Forms/FormParams.php",
            "line": 32,
            "snippet": "$raw = \\base64_decode( $raw );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Utilities/Tool/ConvertHtmlToPDF.php",
            "line": 23,
            "snippet": "return empty( $res[ 'is_base64' ] ) ? $res[ 'converted_content' ] : \\base64_decode( $res[ 'converted_content' ] );",
            "confidence": "medium"
        },
        {
            "pattern": "gzinflate",
            "kind": "builtin",
            "file": "src/Modules/Plugin/Lib/Reporting/ReportingController.php",
            "line": 58,
            "snippet": "return ( new ConvertHtmlToPDF() )->run( \\gzinflate( $report->content ) );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Modules/LoginGuard/Lib/TwoFactor/Provider/Passkey.php",
            "line": 196,
            "snippet": "return $this->verifyAuthResponse( \\base64_decode( $otp ) )->success;",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Modules/HackGuard/Lib/FileLocker/Ops/Diff.php",
            "line": 44,
            "snippet": "base64_decode( $res[ 'html' ][ 'css_default' ] ),",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Modules/HackGuard/Lib/FileLocker/Ops/Diff.php",
            "line": 45,
            "snippet": "base64_decode( $res[ 'html' ][ 'content' ] )",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Modules/HackGuard/Scan/Queue/QueueItemVO.php",
            "line": 65,
            "snippet": "$decoded = \\base64_decode( $value, true );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Scans/Afs/Scan.php",
            "line": 21,
            "snippet": "$path = \\base64_decode( (string)$item, true );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Scans/Afs/ResultItem.php",
            "line": 106,
            "snippet": "$value = \\base64_decode( $value );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Scans/Afs/ScanFromFileMap.php",
            "line": 27,
            "snippet": "$fullPath = \\base64_decode( $fullPath );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/DBs/Mfa/Ops/Record.php",
            "line": 20,
            "snippet": "$value = @\\json_decode( @\\base64_decode( $value ), true );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/DBs/Malware/Ops/Record.php",
            "line": 30,
            "snippet": "$value = \\base64_decode( $value );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/DBs/FileLocker/Ops/Record.php",
            "line": 25,
            "snippet": "$value = (string)\\base64_decode( $value );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/DBs/Snapshots/Ops/Record.php",
            "line": 16,
            "snippet": "$value = @\\json_decode( @\\base64_decode( $value ), true );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/DBs/Rules/Ops/Record.php",
            "line": 30,
            "snippet": "$value = @\\json_decode( @\\base64_decode( (string)$value ), true );",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "dd3934f54a053ae11586c9fc6f18fc4b0e2e5599"
}

Medium domain_younger_than_plugin Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning Resolved · no_longer_matches 1mo ago

Slug	wp-simple-firewall
Domain	`shldscrty.com`
Domain source	`c2_http_call`
Domain registered at	2024-11-27
Plugin earliest commit	2023-07-26 08:24:37
Plugin latest release	2026-04-21 19:53:47
Gap days	489
Domain age at release	510
Active installs	40,000

View raw JSON

{
    "slug": "wp-simple-firewall",
    "domain": "shldscrty.com",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2024-11-27",
    "plugin_earliest_commit": "2023-07-26 08:24:37",
    "plugin_latest_release": "2026-04-21 19:53:47",
    "gap_days": 489,
    "domain_age_at_release": 510,
    "active_installs": 40000
}

Plugins authored (10)

Plugin	Version	Installs	Last updated	Status
Flexible SSL for CloudFlare ·`cloudflare-flexible-ssl`	1.3.1	100k+	5mo ago	Active
Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning ·`wp-simple-firewall`	22.0.7	40k+	17d ago	Active
iControlWP ·`worpit-admin-dashboard-plugin`	5.6.0	1k+	8d ago	Active
cPanel Manager (from iControlWP) ·`cpanel-manager-from-worpit`	1.8.2	200	8y ago	Active
CDNJS for WordPress ·`cdnjs`	1.3.3	10	9y ago	Active
Article Directory Redux ·`article-directory-redux`	1.0.2	—	—	Closed
Twitter Bootstrap for WordPress ·`wordpress-bootstrap-css`	3.4.1-0	—	—	Closed
Custom Content by Country (by Shield Security) ·`custom-content-by-country`	3.2.0	—	—	Closed
WordPress Shortcode Library from One Dollar Plugin ·`wordpress-shortcode-library`	2.0.0	—	—	Closed
Calq.io WordPress Plugin ·`wp-calqio`	1.0.1	—	—	Closed

SVN commit access (10)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
Twitter Bootstrap for WordPress	paultgoodchild	—	319	14y ago	7y ago	Closed
Custom Content by Country (by Shield Security)	paultgoodchild	—	112	14y ago	3y ago	Closed
Flexible SSL for CloudFlare	paultgoodchild	100k+	44	11y ago	5mo ago	Active
cPanel Manager (from iControlWP)	paultgoodchild	200	29	13y ago	8y ago	Active
WordPress Shortcode Library from One Dollar Plugin	paultgoodchild	—	25	14y ago	5y ago	Closed
iControlWP	paultgoodchild	1k+	12	13y ago	8d ago	Active
Article Directory Redux	paultgoodchild	—	8	12y ago	12y ago	Closed
Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning	paultgoodchild	40k+	5	2y ago	7d ago	Active
Calq.io WordPress Plugin	paultgoodchild	—	5	11y ago	11y ago	Closed
WP Developer Assistant	chrisjean	30	3	10y ago	10y ago	Active

Paul

Alerts (0)

Plugins authored (10)

SVN commit access (10)