WP Beacon

QuantumCloud

@quantumcloud · wordpress.org profile ↗
Member since
2011-12-11
Location
Employer
QuantumCloud
Job title
Executive Director
Authored
29 (1 closed)
SVN commit access
11
Readme contributor
0
Combined install base
26k+ across 29 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern WPBot – AI ChatBot for Live Support, Lead Generation, AI Services Resolved · audit:benign 2d ago
Slugchatbot
Patternunserialize_after_remote_call
Kindbuiltin
Version8.2.4
Hit count2
First hit
File
includes/integration/openai/plugin-upgrader/classes/plugin-upgrader.php
Line
190
Snippet
L185: $request = wp_remote_post($this->update_path, $params ); → L190: return @unserialize( $request['body'] );
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "chatbot",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "8.2.4",
    "hit_count": 2,
    "first_hit": {
        "file": "includes/integration/openai/plugin-upgrader/classes/plugin-upgrader.php",
        "line": 190,
        "snippet": "L185: $request = wp_remote_post($this->update_path, $params );  \u2192  L190: return @unserialize( $request['body'] );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

Plugins authored (29)

Plugin Version Installs Last updated Status
Comment Link Remove and Other Comment Tools ·comment-link-remove 2.7.3 8k+ 22d ago Active
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services ·chatbot 8.2.5 6k+ 1d ago Active
Slider Hero with Video Background, Animation ·slider-hero 9.1.1 3k+ 2mo ago Active
ChatBot Conversational Forms ·conversational-forms 1.4.6 2k+ 5mo ago Active
Simple Link Directory ·simple-link-directory 8.9.4 2k+ 4d ago Active
ChatBot for eCommerce – WoowBot ·woowbot-woocommerce-chatbot 4.6.1 1k+ 3d ago Active
Tabbed Category Product Listing for Woocommerce ·woo-tabbed-category-product-listing 2.7.2 1k+ 3mo ago Active
AI Infographic Maker ·infographic-and-list-builder-ilist 5.1.5 700 4mo ago Active
Logo or Image Replace by mycore.global ·logo-or-image-replace 1.1.7 400 4mo ago Active
Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching ·voice-widgets 6.7.6 400 15d ago Active
iChart – Easy Charts and Graphs ·ichart 2.1.4 400 4mo ago Active
Simple Business Directory ·phone-directory 7.0.3 300 2d ago Active
Portfolio X ·portfolio-x 3.7.7 200 1mo ago Active
KnowledgeBase with AI ChatBot HelpDesk – KBx ·knowledgebase-helpdesk 3.7.3 50 2mo ago Active
Bargain Bot for WooCommerce – Dynamic Pricing, Make your Offer ·bargain 1.8.9 50 4mo ago Active
QC SEO Help for llms.txt, AI Analytics, AI Content Writer, Subtitle to Article ·seo-help 6.7.9 40 1mo ago Active
Highlight Sitewide Notice, Text, Button Menu ·highlight 2.0.6 30 4mo ago Active
Express Shop for WooCommerce Product Table ·express-shop 4.2.2 20 4mo ago Active
Video Connect – Record Video with Form, Featured Video, Floating Video, Video Recording ·video-connect 4.0.0 20 4mo ago Active
ChatBot for Social Media ·chatbot-for-messenger 0.9.9 20 10mo ago Active
WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder ·wpbot 1.2.0 20 24d ago Active
QuantumCloud PageSpeed Friendly Analytics Tracking ·quantumcloud-pagespeed-friendly-analytics-tracking 1.2.0 20 3y ago Active
ChatBot for Telegram ·chatbot-for-telegram 0.9.8 10 10mo ago Active
Simple Video Directory ·simple-media-directory 1.4.4 10 10mo ago Active
Floating Buttons for WooCommerce ·shop-assistant-for-woocommerce-jarvis 2.9.2 10 4mo ago Active
Floating Action Buttons ·floating-action-buttons 1.0.1 10 10mo ago Active
Viral Buy for Me for WooCommerce Increase Sales ·increase-sales 1.2.6 10 4mo ago Active
ChatBot for Easy Digital Downloads ·chatbot-for-easy-digital-downloads 0.9.3 10mo ago Active
2Checkout for WooCommerce ·woowpay 1.1.1 Closed

SVN commit access (11)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Slider Hero with Video Background, Animation quantumcloud 3k+ 209 9y ago 2mo ago Active
AI Infographic Maker quantumcloud 700 179 9y ago 4mo ago Active
Comment Link Remove and Other Comment Tools quantumcloud 8k+ 97 9y ago 22d ago Active
Tabbed Category Product Listing for Woocommerce quantumcloud 1k+ 90 9y ago 3mo ago Active
Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching quantumcloud 400 87 3y ago 15d ago Active
iChart – Easy Charts and Graphs quantumcloud 400 58 9y ago 4mo ago Active
ChatBot Conversational Forms quantumcloud 2k+ 56 6y ago 5mo ago Active
Logo or Image Replace by mycore.global quantumcloud 400 27 7y ago 4mo ago Active
ChatBot for eCommerce – WoowBot quantumcloud 1k+ 1 8y ago 3d ago Active
Simple Link Directory quantumcloud 2k+ 1 9y ago 4d ago Active
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services quantumcloud 6k+ 1 5y ago 3d ago Active