WP Beacon

PixelYourSite

@pixelyoursite · wordpress.org profile ↗
Member since
2015-11-10
Location
Employer
Job title
Authored
2
SVN commit access
2
Readme contributor
0
Combined install base
508k+ across 2 plugins

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern PixelYourSite – Your smart PIXEL (TAG) & API Manager Resolved · no_longer_matches 7d ago
Slugpixelyoursite
Patternunserialize_after_remote_call
Kindbuiltin
Version11.2.0.4
Hit count3
First hit
File
includes/class-plugin-updater.php
Line
401
Snippet
L393: $request = wp_remote_post( $this->api_url, → L401: $request->sections = maybe_unserialize( $request->sections );
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "pixelyoursite",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "11.2.0.4",
    "hit_count": 3,
    "first_hit": {
        "file": "includes/class-plugin-updater.php",
        "line": 401,
        "snippet": "L393: $request    = wp_remote_post( $this->api_url,  \u2192  L401: $request->sections = maybe_unserialize( $request->sections );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta PixelYourSite – Your smart PIXEL (TAG) & API Manager Resolved · fp_edd_updater_library 7d ago
Slugpixelyoursite
Previous version11.2.0.4
Current version11.2.0.4
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinincludes/class-plugin-updater.php401L393: $request = wp_remote_post( $this->api_url, → L401: $request->sections = maybe_unserialize( $request->sections );high
unserialize_after_remote_callbuiltinincludes/class-plugin-updater.php405L393: $request = wp_remote_post( $this->api_url, → L405: $request->banners = maybe_unserialize( $request->banners );high
unserialize_after_remote_callbuiltinincludes/class-plugin-updater.php463L454: $request = wp_remote_post( $this->api_url, → L463: $version_info->sections = maybe_unserialize( $version_info->sections );high
New finding count3
View raw JSON
{
    "slug": "pixelyoursite",
    "previous_version": "11.2.0.4",
    "current_version": "11.2.0.4",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/class-plugin-updater.php",
            "line": 401,
            "snippet": "L393: $request    = wp_remote_post( $this->api_url,  \u2192  L401: $request->sections = maybe_unserialize( $request->sections );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/class-plugin-updater.php",
            "line": 405,
            "snippet": "L393: $request    = wp_remote_post( $this->api_url,  \u2192  L405: $request->banners = maybe_unserialize( $request->banners );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/class-plugin-updater.php",
            "line": 463,
            "snippet": "L454: $request    = wp_remote_post( $this->api_url,  \u2192  L463: $version_info->sections = maybe_unserialize( $version_info->sections );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

Plugins authored (2)

Plugin Version Installs Last updated Status
PixelYourSite – Your smart PIXEL (TAG) & API Manager ·pixelyoursite 11.2.0.4 500k+ 1mo ago Active
Product Catalog Feed by PixelYourSite ·product-catalog-feed 2.2.0 8k+ 2y ago Active

SVN commit access (2)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
PixelYourSite – Your smart PIXEL (TAG) & API Manager pixelyoursite 500k+ 200 8y ago 1mo ago Active
Product Catalog Feed by PixelYourSite pixelyoursite 8k+ 46 9y ago 2y ago Active