POP

Member since
2024-10-01
Location
Employer
Job title
Authored
1
SVN commit access
0
Readme contributor
1
Combined install base
100 across 2 plugins

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern POP – European e-invoicing compliance for e-commerce Resolved · fp_pdf_invoice_attachment_not_executed 11h ago
Slugwoopop-electronic-invoice-free
Patterndecode_write_dropper
Kindbuiltin
Version6.9.5
Hit count1
First hit
File
addon/to/aruba/src/Functions/Api.php
Line
797
Snippet
$pdfFile = base64_decode($responseData->pdfFile);
Explanationa runtime decode primitive (`gzuncompress`/`gzinflate`/`gzdecode`/`base64_decode`) feeds a filesystem write (`fwrite`/`file_put_contents`) which is then `include`d/`require`d as a variable path — the textbook dropper shape: ship an encoded payload as data, decode it to disk at activation/admin-init, and execute it. The siteguarding burner `wp-plugin-management` (audit #43) used exactly this: `fwrite($fp, gzuncompress($c)); include($filename);` in its `register_activation_hook` to plant `siteguarding_tools.php`. Near-zero FP because legit caching writes decoded data but never `include`s a computed path it just wrote.
View raw JSON
{
    "slug": "woopop-electronic-invoice-free",
    "pattern": "decode_write_dropper",
    "kind": "builtin",
    "version": "6.9.5",
    "hit_count": 1,
    "first_hit": {
        "file": "addon/to/aruba/src/Functions/Api.php",
        "line": 797,
        "snippet": "$pdfFile = base64_decode($responseData->pdfFile);"
    },
    "explanation": "a runtime decode primitive (`gzuncompress`/`gzinflate`/`gzdecode`/`base64_decode`) feeds a filesystem write (`fwrite`/`file_put_contents`) which is then `include`d/`require`d as a variable path \u2014 the textbook dropper shape: ship an encoded payload as data, decode it to disk at activation/admin-init, and execute it. The siteguarding burner `wp-plugin-management` (audit #43) used exactly this: `fwrite($fp, gzuncompress($c)); include($filename);` in its `register_activation_hook` to plant `siteguarding_tools.php`. Near-zero FP because legit caching writes decoded data but never `include`s a computed path it just wrote."
}
Critical code_scan_delta POP – European e-invoicing compliance for e-commerce Resolved · fp_pdf_invoice_attachment_not_executed 20h ago
Slugwoopop-electronic-invoice-free
Previous version6.9.2
Current version6.9.5
New findings
PatternKindFileLineSnippetConfidence
decode_write_dropperbuiltinaddon/to/aruba/src/Functions/Api.php797$pdfFile = base64_decode($responseData->pdfFile);high
base64_decodebuiltinsrc/Functions/CloudApi.php1,209$decoded = base64_decode($base64, true);medium
New finding count2
View raw JSON
{
    "slug": "woopop-electronic-invoice-free",
    "previous_version": "6.9.2",
    "current_version": "6.9.5",
    "new_findings": [
        {
            "pattern": "decode_write_dropper",
            "kind": "builtin",
            "file": "addon/to/aruba/src/Functions/Api.php",
            "line": 797,
            "snippet": "$pdfFile = base64_decode($responseData->pdfFile);",
            "confidence": "high"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Functions/CloudApi.php",
            "line": 1209,
            "snippet": "$decoded = base64_decode($base64, true);",
            "confidence": "medium"
        }
    ],
    "new_finding_count": 2
}

Plugins authored (1)

Plugin Version Installs Last updated Status
POP – European e-invoicing compliance for e-commerce ·woopop-electronic-invoice-free 6.9.5 90 2d ago Active

Contributor on other plugins (1)

Plugins where this account is listed in the readme contributors (distinct from SVN commit access).

Plugin Primary author Version Installs
NIS2 Compliance babinimazzari 1.9.0 10