Author: posimyththemes

Alerts (0)

No open alerts.

Show 5 resolved alerts

Critical code_scan_delta Nexter Extension – Security, Performance, Code Snippets & Site Toolkit Resolved · fp_legacy_custom_updater_unserialize_posimyth 6d ago

Slug nexter-extension

Previous version 4.6.10

Current version 4.6.11

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`include/panel-settings/class-nxt-panel-ajax-router.php`	782	L772: $response = wp_remote_post($theme_api_url, $args); → L782: $theme_info = @unserialize( $body );	`high`
`unserialize_after_remote_call`	`builtin`	`include/panel-settings/class-nxt-panel-ajax-router.php`	874	L873: $body = wp_remote_retrieve_body( $response ); → L874: $plugin_info = @unserialize( $body );	`high`

New finding count 2

View raw JSON

{
    "slug": "nexter-extension",
    "previous_version": "4.6.10",
    "current_version": "4.6.11",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 782,
            "snippet": "L772: $response = wp_remote_post($theme_api_url, $args);  \u2192  L782: $theme_info = @unserialize( $body );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 874,
            "snippet": "L873: $body = wp_remote_retrieve_body( $response );  \u2192  L874: $plugin_info = @unserialize( $body );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 2
}

Critical code_pattern Nexter Extension – Security, Performance, Code Snippets & Site Toolkit Resolved · unserialize_after_wp_org_api_legit 1mo ago

Slug	nexter-extension
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`4.6.8`
Hit count	2
First hit	File `include/panel-settings/class-nxt-panel-ajax-router.php` Line 779 Snippet L769: $response = wp_remote_post($theme_api_url, $args); → L779: $theme_info = @unserialize( $body );
Explanation	a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.

View raw JSON

{
    "slug": "nexter-extension",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "4.6.8",
    "hit_count": 2,
    "first_hit": {
        "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
        "line": 779,
        "snippet": "L769: $response = wp_remote_post($theme_api_url, $args);  \u2192  L779: $theme_info = @unserialize( $body );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

Critical code_scan_match Nexter Extension – Security, Performance, Code Snippets & Site Toolkit Resolved · dead_endpoint_or_gated 1mo ago

Slug nexter-extension

Finding count 3

Findings

Pattern	Kind	File	Line	Snippet	Confidence	Details
`unserialize_after_remote_call`	`builtin`	`include/panel-settings/class-nxt-panel-ajax-router.php`	779	L769: $response = wp_remote_post($theme_api_url, $args); → L779: $theme_info = @unserialize( $body );	`high`	—
`unserialize_after_remote_call`	`builtin`	`include/panel-settings/class-nxt-panel-ajax-router.php`	871	L870: $body = wp_remote_retrieve_body( $response ); → L871: $plugin_info = @unserialize( $body );	`high`	—
`remote_enqueue`	`builtin`	`include/panel-settings/extensions/nexter-ext-adobe-font.php`	190	wp_enqueue_style( 'nexter-adobe-typekit','https://use.typekit.net/'.esc_attr($font_val['project_id']).'.css', [], NEXTER_EXT_VER );	`medium`	Url https://use.typekit.net/ Url host `use.typekit.net`

Resolved sha 20dc3c2b4ca1db5173676e40fea3b86880ee9bb2

View raw JSON

{
    "slug": "nexter-extension",
    "finding_count": 3,
    "findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 779,
            "snippet": "L769: $response = wp_remote_post($theme_api_url, $args);  \u2192  L779: $theme_info = @unserialize( $body );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 871,
            "snippet": "L870: $body = wp_remote_retrieve_body( $response );  \u2192  L871: $plugin_info = @unserialize( $body );",
            "confidence": "high"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "include/panel-settings/extensions/nexter-ext-adobe-font.php",
            "line": 190,
            "snippet": "wp_enqueue_style( 'nexter-adobe-typekit','https://use.typekit.net/'.esc_attr($font_val['project_id']).'.css', [], NEXTER_EXT_VER );",
            "confidence": "medium",
            "details": {
                "url": "https://use.typekit.net/",
                "url_host": "use.typekit.net"
            }
        }
    ],
    "resolved_sha": "20dc3c2b4ca1db5173676e40fea3b86880ee9bb2"
}

High code_scan_delta The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce Resolved · benign_legit_cdn_or_legacy_function 15d ago

Slug the-plus-addons-for-elementor-page-builder

Previous version 6.4.14

Current version 6.4.16

New findings

Pattern	Kind	File	Line	Snippet	Confidence	Details
`remote_enqueue`	`builtin`	`modules/widgets/tp_social_embed.php`	3,471	wp_enqueue_script( 'tpae-fb-sdk', 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2', array(), L_THEPLUS_VERSION, true );	`medium`	Url https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2 Url host `connect.facebook.net`
`remote_enqueue`	`builtin`	`modules/widgets/tp_social_embed.php`	3,533	wp_enqueue_script( 'tpae-fb-sdk', 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2', array(), L_THEPLUS_VERSION, true );	`medium`	Url https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2 Url host `connect.facebook.net`
`remote_enqueue`	`builtin`	`modules/widgets/tp_social_embed.php`	3,619	wp_enqueue_script( 'tpae-twitter-widgets', 'https://platform.twitter.com/widgets.js', array(), L_THEPLUS_VERSION, true );	`medium`	Url https://platform.twitter.com/widgets.js Url host `platform.twitter.com`
`remote_enqueue`	`builtin`	`modules/widgets/tp_social_embed.php`	3,661	wp_enqueue_script( 'tpae-instagram-embed', 'https://www.instagram.com/embed.js', array(), L_THEPLUS_VERSION, true );	`medium`	Url https://www.instagram.com/embed.js Url host `www.instagram.com`
`remote_enqueue`	`builtin`	`modules/widgets/tp_meeting_scheduler.php`	629	wp_enqueue_script( 'tpae-calendly-widget', 'https://assets.calendly.com/assets/external/widget.js', array(), L_THEPLUS_VERSION, true );	`medium`	Url https://assets.calendly.com/assets/external/widget.js Url host `assets.calendly.com`

New finding count 5

View raw JSON

{
    "slug": "the-plus-addons-for-elementor-page-builder",
    "previous_version": "6.4.14",
    "current_version": "6.4.16",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "modules/widgets/tp_social_embed.php",
            "line": 3471,
            "snippet": "wp_enqueue_script( 'tpae-fb-sdk', 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2', array(), L_THEPLUS_VERSION, true );",
            "confidence": "medium",
            "details": {
                "url": "https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2",
                "url_host": "connect.facebook.net"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "modules/widgets/tp_social_embed.php",
            "line": 3533,
            "snippet": "wp_enqueue_script( 'tpae-fb-sdk', 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2', array(), L_THEPLUS_VERSION, true );",
            "confidence": "medium",
            "details": {
                "url": "https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2",
                "url_host": "connect.facebook.net"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "modules/widgets/tp_social_embed.php",
            "line": 3619,
            "snippet": "wp_enqueue_script( 'tpae-twitter-widgets', 'https://platform.twitter.com/widgets.js', array(), L_THEPLUS_VERSION, true );",
            "confidence": "medium",
            "details": {
                "url": "https://platform.twitter.com/widgets.js",
                "url_host": "platform.twitter.com"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "modules/widgets/tp_social_embed.php",
            "line": 3661,
            "snippet": "wp_enqueue_script( 'tpae-instagram-embed', 'https://www.instagram.com/embed.js', array(), L_THEPLUS_VERSION, true );",
            "confidence": "medium",
            "details": {
                "url": "https://www.instagram.com/embed.js",
                "url_host": "www.instagram.com"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "modules/widgets/tp_meeting_scheduler.php",
            "line": 629,
            "snippet": "wp_enqueue_script( 'tpae-calendly-widget', 'https://assets.calendly.com/assets/external/widget.js', array(), L_THEPLUS_VERSION, true );",
            "confidence": "medium",
            "details": {
                "url": "https://assets.calendly.com/assets/external/widget.js",
                "url_host": "assets.calendly.com"
            }
        }
    ],
    "new_finding_count": 5
}

High code_scan_delta Nexter Extension – Security, Performance, Code Snippets & Site Toolkit Resolved · unserialize_after_wp_org_api_legit 1mo ago

Slug nexter-extension

Previous version 4.6.7

Current version 4.6.8

New findings

Pattern	Kind	File	Line	Snippet	Confidence	Details
`remote_enqueue`	`builtin`	`include/panel-settings/extensions/nexter-ext-adobe-font.php`	190	wp_enqueue_style( 'nexter-adobe-typekit','https://use.typekit.net/'.esc_attr($font_val['project_id']).'.css', [], NEXTER_EXT_VER );	`medium`	Url https://use.typekit.net/ Url host `use.typekit.net`
`unserialize_after_remote_call`	`builtin`	`include/panel-settings/class-nxt-panel-ajax-router.php`	779	L769: $response = wp_remote_post($theme_api_url, $args); → L779: $theme_info = @unserialize( $body );	`high`	—
`unserialize_after_remote_call`	`builtin`	`include/panel-settings/class-nxt-panel-ajax-router.php`	871	L870: $body = wp_remote_retrieve_body( $response ); → L871: $plugin_info = @unserialize( $body );	`high`	—

New finding count 3

View raw JSON

{
    "slug": "nexter-extension",
    "previous_version": "4.6.7",
    "current_version": "4.6.8",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "include/panel-settings/extensions/nexter-ext-adobe-font.php",
            "line": 190,
            "snippet": "wp_enqueue_style( 'nexter-adobe-typekit','https://use.typekit.net/'.esc_attr($font_val['project_id']).'.css', [], NEXTER_EXT_VER );",
            "confidence": "medium",
            "details": {
                "url": "https://use.typekit.net/",
                "url_host": "use.typekit.net"
            }
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 779,
            "snippet": "L769: $response = wp_remote_post($theme_api_url, $args);  \u2192  L779: $theme_info = @unserialize( $body );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 871,
            "snippet": "L870: $body = wp_remote_retrieve_body( $response );  \u2192  L871: $plugin_info = @unserialize( $body );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

Plugins authored (8)

Plugin	Version	Installs	Last updated	Status
Sticky Header Effects for Elementor ·`sticky-header-effects-for-elementor`	2.1.9	300k+	20d ago	Active
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce ·`the-plus-addons-for-elementor-page-builder`	6.4.16	100k+	20d ago	Active
WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder ·`wdesignkit`	2.5.1	30k+	6d ago	Active
Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder ·`the-plus-addons-for-block-editor`	4.7.10	10k+	21d ago	Active
Nexter Extension – Security, Performance, Code Snippets & Site Toolkit ·`nexter-extension`	4.6.11	10k+	14d ago	Active
UiChemy — Figma Converter for Elementor, Gutenberg and Bricks ·`uichemy`	4.10.0	9k+	9d ago	Active
RankReady – AI & LLM SEO for ChatGPT, Perplexity & Google AI ·`rankready-ai-llm-seo`	1.1.1	50	8d ago	Active
ThePlus Addons For WPBakery Page Builder (formerly Visual Composer) ·`the-plus-visual-composer-addons`	2.0.0	—	—	Closed

SVN commit access (8)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder	posimyththemes	10k+	122	5y ago	1y ago	Active
Nexter Extension – Security, Performance, Code Snippets & Site Toolkit	posimyththemes	10k+	81	5y ago	5mo ago	Active
ThePlus Addons For WPBakery Page Builder (formerly Visual Composer)	posimyththemes	—	16	8y ago	6y ago	Closed
WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder	posimyththemes	30k+	3	2y ago	6d ago	Active
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce	posimyththemes	100k+	2	7y ago	20d ago	Active
OoohBoi Steroids for Elementor	sagarpatel124	40k+	2	1y ago	12d ago	Active
Sticky Header Effects for Elementor	posimyththemes	300k+	1	1y ago	20d ago	Active
UiChemy — Figma Converter for Elementor, Gutenberg and Bricks	posimyththemes	9k+	1	2y ago	9d ago	Active

POSIMYTH

Alerts (0)

Plugins authored (8)

SVN commit access (8)