QuantumCloud

@quantumcloud · wordpress.org profile ↗
Member since
2011-12-11
Location
Employer
Job title
Authored
30 (1 closed)
SVN commit access
19 (1 closed)
Readme contributor
0
Combined install base
23k+ across 30 plugins

Alerts (0)

No open alerts.

Show 5 resolved alerts
Critical code_scan_delta KnowledgeBase with AI ChatBot HelpDesk – KBx Resolved · fp_quantumcloud_selfhosted_puc_updater 17h ago
Slugknowledgebase-helpdesk
Previous version3.7.3
Current version3.7.4
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinkbx-wpbot/chatbot/includes/openai/plugin-upgrader/classes/plugin-upgrader.php190L185: $request = wp_remote_post($this->update_path, $params ); → L190: return @unserialize( $request['body'] );high
unserialize_after_remote_callbuiltinkbx-wpbot/chatbot/includes/integration/openai/plugin-upgrader/classes/plugin-upgrader.php190L185: $request = wp_remote_post($this->update_path, $params ); → L190: return @unserialize( $request['body'] );high
New finding count2
View raw JSON
{
    "slug": "knowledgebase-helpdesk",
    "previous_version": "3.7.3",
    "current_version": "3.7.4",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "kbx-wpbot/chatbot/includes/openai/plugin-upgrader/classes/plugin-upgrader.php",
            "line": 190,
            "snippet": "L185: $request = wp_remote_post($this->update_path, $params );  \u2192  L190: return @unserialize( $request['body'] );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "kbx-wpbot/chatbot/includes/integration/openai/plugin-upgrader/classes/plugin-upgrader.php",
            "line": 190,
            "snippet": "L185: $request = wp_remote_post($this->update_path, $params );  \u2192  L190: return @unserialize( $request['body'] );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 2
}
Critical code_pattern AI ChatBot for eCommerce – WoowBot Resolved · fp_legacy_custom_updater_unserialize_quantumcloud 26d ago
Slugwoowbot-woocommerce-chatbot
Patternunserialize_after_remote_call
Kindbuiltin
Version4.7.6
Hit count1
First hit
File
includes/ai_integration/openai/plugin-upgrader/classes/plugin-upgrader.php
Line
189
Snippet
L184: $request = wp_remote_post($this->update_path, $params ); → L189: return @unserialize( $request['body'] );
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "woowbot-woocommerce-chatbot",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "4.7.6",
    "hit_count": 1,
    "first_hit": {
        "file": "includes/ai_integration/openai/plugin-upgrader/classes/plugin-upgrader.php",
        "line": 189,
        "snippet": "L184: $request = wp_remote_post($this->update_path, $params );  \u2192  L189: return @unserialize( $request['body'] );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}
Critical code_scan_delta AI ChatBot for eCommerce – WoowBot Resolved · fp_legacy_custom_updater_unserialize_quantumcloud 26d ago
Slugwoowbot-woocommerce-chatbot
Previous version4.6.1
Current version4.7.6
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinincludes/ai_integration/openai/plugin-upgrader/classes/plugin-upgrader.php189L184: $request = wp_remote_post($this->update_path, $params ); → L189: return @unserialize( $request['body'] );high
New finding count1
View raw JSON
{
    "slug": "woowbot-woocommerce-chatbot",
    "previous_version": "4.6.1",
    "current_version": "4.7.6",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/ai_integration/openai/plugin-upgrader/classes/plugin-upgrader.php",
            "line": 189,
            "snippet": "L184: $request = wp_remote_post($this->update_path, $params );  \u2192  L189: return @unserialize( $request['body'] );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}
Critical code_pattern KnowledgeBase with AI ChatBot HelpDesk – KBx Resolved · vendored_qcld_openai_autoupdate_proprietary_lib_fp 1mo ago
Slugknowledgebase-helpdesk
Patternunserialize_after_remote_call
Kindbuiltin
Version3.7.3
Hit count1
First hit
File
kbx-wpbot/chatbot/includes/openai/plugin-upgrader/classes/plugin-upgrader.php
Line
189
Snippet
L184: $request = wp_remote_post($this->update_path, $params ); → L189: return @unserialize( $request['body'] );
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "knowledgebase-helpdesk",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.7.3",
    "hit_count": 1,
    "first_hit": {
        "file": "kbx-wpbot/chatbot/includes/openai/plugin-upgrader/classes/plugin-upgrader.php",
        "line": 189,
        "snippet": "L184: $request = wp_remote_post($this->update_path, $params );  \u2192  L189: return @unserialize( $request['body'] );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}
Critical code_pattern WPBot – AI ChatBot for Live Support, Lead Generation, AI Services Resolved · audit:benign 2mo ago
Slugchatbot
Patternunserialize_after_remote_call
Kindbuiltin
Version8.2.4
Hit count2
First hit
File
includes/integration/openai/plugin-upgrader/classes/plugin-upgrader.php
Line
190
Snippet
L185: $request = wp_remote_post($this->update_path, $params ); → L190: return @unserialize( $request['body'] );
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "chatbot",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "8.2.4",
    "hit_count": 2,
    "first_hit": {
        "file": "includes/integration/openai/plugin-upgrader/classes/plugin-upgrader.php",
        "line": 190,
        "snippet": "L185: $request = wp_remote_post($this->update_path, $params );  \u2192  L190: return @unserialize( $request['body'] );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

Plugins authored (30)

Plugin Version Installs Last updated Status
Comment Link Remove and Other Comment Tools ·comment-link-remove 2.7.4 7k+ 1mo ago Active
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services ·chatbot 8.5.0 5k+ 2d ago Active
Slider Hero with Video Background, Animation ·slider-hero 9.1.2 3k+ 13d ago Active
WPBot – ChatBot Conversational Forms ·conversational-forms 1.4.7 2k+ 10d ago Active
Simple Link Directory – AI Powered ·simple-link-directory 9.0.9 2k+ 1d ago Active
Tabbed Category Product Listing for Woocommerce ·woo-tabbed-category-product-listing 2.7.3 1k+ 1mo ago Active
AI ChatBot for eCommerce – WoowBot ·woowbot-woocommerce-chatbot 4.8.2 900 2d ago Active
AI Infographic Maker ·infographic-and-list-builder-ilist 5.1.7 600 1mo ago Active
Logo or Image Replace by mycore.global ·logo-or-image-replace 1.1.7 400 1mo ago Active
Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching ·voice-widgets 6.7.9 300 1mo ago Active
iChart – Easy Charts and Graphs ·ichart 2.1.5 300 1mo ago Active
Simple Business Directory – AI Powered ·phone-directory 7.1.1 200 8d ago Active
Portfolio X ·portfolio-x 3.7.9 200 1mo ago Active
Bargain Bot for WooCommerce – Dynamic Pricing, Make your Offer ·bargain 1.9.0 50 1mo ago Active
QC SEO Help for llms.txt, AI Analytics, AI Content Writer, FAQ Generator, Subtitle to Article ·seo-help 6.8.6 40 22d ago Active
KnowledgeBase with AI ChatBot HelpDesk – KBx ·knowledgebase-helpdesk 3.7.4 40 6d ago Active
Highlight Sitewide Notice, Text, Button Menu ·highlight 2.0.7 30 1mo ago Active
WPBot Automator – Automation for WordPress, Visual No-Code WorkFlow Builder ·wpbot 1.3.1 30 1d ago Active
Video Connect – Record Video with Form, Featured Video, Floating Video, Video Recording ·video-connect 4.0.1 20 1mo ago Active
ChatBot for Social Media ·chatbot-for-messenger 0.9.9 20 9d ago Active
QuantumCloud PageSpeed Friendly Analytics Tracking ·quantumcloud-pagespeed-friendly-analytics-tracking 1.2.0 20 9d ago Active
ChatBot for Telegram ·chatbot-for-telegram 0.9.8 10 12mo ago Active
Simple Video Directory ·simple-media-directory 1.4.4 10 12mo ago Active
Floating Buttons for WooCommerce ·shop-assistant-for-woocommerce-jarvis 2.9.3 10 1mo ago Active
Floating Action Buttons ·floating-action-buttons 1.0.1 10 12mo ago Active
Express Shop for WooCommerce Product Table ·express-shop 4.2.3 10 1mo ago Active
Viral Buy for Me for WooCommerce Increase Sales ·increase-sales 1.2.6 10 6mo ago Active
Qloud Task Builders Checklists ·qloud-task-builders-checklists 1.0.1 13d ago Active
ChatBot for Easy Digital Downloads ·chatbot-for-easy-digital-downloads 0.9.3 12mo ago Active
2Checkout for WooCommerce ·woowpay 1.1.1 Closed

SVN commit access (19)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services quantumcloud 5k+ 627 7y ago 8d ago Active
Simple Link Directory – AI Powered quantumcloud 2k+ 354 9y ago 6d ago Active
AI ChatBot for eCommerce – WoowBot quantumcloud 900 224 8y ago 9d ago Active
Simple Business Directory – AI Powered quantumcloud 200 215 9y ago 14d ago Active
Slider Hero with Video Background, Animation quantumcloud 3k+ 210 9y ago 1mo ago Active
AI Infographic Maker quantumcloud 600 180 9y ago 1mo ago Active
QC SEO Help for llms.txt, AI Analytics, AI Content Writer, FAQ Generator, Subtitle to Article quantumcloud 40 115 9y ago 22d ago Active
KnowledgeBase with AI ChatBot HelpDesk – KBx quantumcloud 40 104 9y ago 6d ago Active
Comment Link Remove and Other Comment Tools quantumcloud 7k+ 98 9y ago 1mo ago Active
Tabbed Category Product Listing for Woocommerce quantumcloud 1k+ 91 9y ago 1mo ago Active
Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching quantumcloud 300 90 3y ago 1mo ago Active
Portfolio X quantumcloud 200 80 9y ago 1mo ago Active
Bargain Bot for WooCommerce – Dynamic Pricing, Make your Offer quantumcloud 50 70 6y ago 1mo ago Active
iChart – Easy Charts and Graphs quantumcloud 300 59 9y ago 1mo ago Active
WPBot – ChatBot Conversational Forms quantumcloud 2k+ 58 6y ago 10d ago Active
Logo or Image Replace by mycore.global quantumcloud 400 28 7y ago 1mo ago Active
Highlight Sitewide Notice, Text, Button Menu quantumcloud 30 25 3y ago 1mo ago Active
WPBot Automator – Automation for WordPress, Visual No-Code WorkFlow Builder quantumcloud 30 25 4y ago 1mo ago Active
2Checkout for WooCommerce quantumcloud 11 6y ago 5y ago Closed