WP Beacon

QuantumCloud

@quantumcloud · wordpress.org profile ↗
Member since
2011-12-11
Location
Employer
Job title
Authored
29 (1 closed)
SVN commit access
18 (1 closed)
Readme contributor
0
Combined install base
24k+ across 29 plugins

Alerts (0)

No open alerts.

Show 4 resolved alerts
Critical code_pattern AI ChatBot for WooCommerce – WoowBot Resolved · fp_legacy_custom_updater_unserialize_quantumcloud 5d ago
Slugwoowbot-woocommerce-chatbot
Patternunserialize_after_remote_call
Kindbuiltin
Version4.7.6
Hit count1
First hit
File
includes/ai_integration/openai/plugin-upgrader/classes/plugin-upgrader.php
Line
189
Snippet
L184: $request = wp_remote_post($this->update_path, $params ); → L189: return @unserialize( $request['body'] );
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "woowbot-woocommerce-chatbot",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "4.7.6",
    "hit_count": 1,
    "first_hit": {
        "file": "includes/ai_integration/openai/plugin-upgrader/classes/plugin-upgrader.php",
        "line": 189,
        "snippet": "L184: $request = wp_remote_post($this->update_path, $params );  \u2192  L189: return @unserialize( $request['body'] );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}
Critical code_scan_delta AI ChatBot for WooCommerce – WoowBot Resolved · fp_legacy_custom_updater_unserialize_quantumcloud 6d ago
Slugwoowbot-woocommerce-chatbot
Previous version4.6.1
Current version4.7.6
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinincludes/ai_integration/openai/plugin-upgrader/classes/plugin-upgrader.php189L184: $request = wp_remote_post($this->update_path, $params ); → L189: return @unserialize( $request['body'] );high
New finding count1
View raw JSON
{
    "slug": "woowbot-woocommerce-chatbot",
    "previous_version": "4.6.1",
    "current_version": "4.7.6",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/ai_integration/openai/plugin-upgrader/classes/plugin-upgrader.php",
            "line": 189,
            "snippet": "L184: $request = wp_remote_post($this->update_path, $params );  \u2192  L189: return @unserialize( $request['body'] );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}
Critical code_pattern KnowledgeBase with AI ChatBot HelpDesk – KBx Resolved · vendored_qcld_openai_autoupdate_proprietary_lib_fp 1mo ago
Slugknowledgebase-helpdesk
Patternunserialize_after_remote_call
Kindbuiltin
Version3.7.3
Hit count1
First hit
File
kbx-wpbot/chatbot/includes/openai/plugin-upgrader/classes/plugin-upgrader.php
Line
189
Snippet
L184: $request = wp_remote_post($this->update_path, $params ); → L189: return @unserialize( $request['body'] );
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "knowledgebase-helpdesk",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.7.3",
    "hit_count": 1,
    "first_hit": {
        "file": "kbx-wpbot/chatbot/includes/openai/plugin-upgrader/classes/plugin-upgrader.php",
        "line": 189,
        "snippet": "L184: $request = wp_remote_post($this->update_path, $params );  \u2192  L189: return @unserialize( $request['body'] );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}
Critical code_pattern WPBot – AI ChatBot for Live Support, Lead Generation, AI Services Resolved · audit:benign 1mo ago
Slugchatbot
Patternunserialize_after_remote_call
Kindbuiltin
Version8.2.4
Hit count2
First hit
File
includes/integration/openai/plugin-upgrader/classes/plugin-upgrader.php
Line
190
Snippet
L185: $request = wp_remote_post($this->update_path, $params ); → L190: return @unserialize( $request['body'] );
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "chatbot",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "8.2.4",
    "hit_count": 2,
    "first_hit": {
        "file": "includes/integration/openai/plugin-upgrader/classes/plugin-upgrader.php",
        "line": 190,
        "snippet": "L185: $request = wp_remote_post($this->update_path, $params );  \u2192  L190: return @unserialize( $request['body'] );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

Plugins authored (29)

Plugin Version Installs Last updated Status
Comment Link Remove and Other Comment Tools ·comment-link-remove 2.7.4 7k+ 1mo ago Active
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services ·chatbot 8.4.1 6k+ 7d ago Active
Slider Hero with Video Background, Animation ·slider-hero 9.1.2 3k+ 1mo ago Active
WPBot – ChatBot Conversational Forms ·conversational-forms 1.4.6 2k+ 6d ago Active
Simple Link Directory – AI Powered ·simple-link-directory 9.0.3 2k+ 6d ago Active
AI ChatBot for WooCommerce – WoowBot ·woowbot-woocommerce-chatbot 4.7.6 1k+ 6d ago Active
Tabbed Category Product Listing for Woocommerce ·woo-tabbed-category-product-listing 2.7.3 1k+ 1mo ago Active
AI Infographic Maker ·infographic-and-list-builder-ilist 5.1.7 600 1mo ago Active
Logo or Image Replace by mycore.global ·logo-or-image-replace 1.1.7 400 1mo ago Active
Simple Business Directory – AI Powered ·phone-directory 7.0.8 300 6d ago Active
Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching ·voice-widgets 6.7.9 300 24d ago Active
iChart – Easy Charts and Graphs ·ichart 2.1.5 300 1mo ago Active
Portfolio X ·portfolio-x 3.7.9 200 1mo ago Active
KnowledgeBase with AI ChatBot HelpDesk – KBx ·knowledgebase-helpdesk 3.7.3 50 3mo ago Active
Bargain Bot for WooCommerce – Dynamic Pricing, Make your Offer ·bargain 1.9.0 50 1mo ago Active
QC SEO Help for llms.txt, AI Analytics, AI Content Writer, Subtitle to Article ·seo-help 6.8.0 40 1mo ago Active
Highlight Sitewide Notice, Text, Button Menu ·highlight 2.0.7 20 1mo ago Active
Video Connect – Record Video with Form, Featured Video, Floating Video, Video Recording ·video-connect 4.0.1 20 1mo ago Active
ChatBot for Social Media ·chatbot-for-messenger 0.9.9 20 11mo ago Active
WPBot Automator – Automation for WordPress, Visual No-Code WorkFlow Builder ·wpbot 1.3.0 20 1mo ago Active
QuantumCloud PageSpeed Friendly Analytics Tracking ·quantumcloud-pagespeed-friendly-analytics-tracking 1.2.0 20 3y ago Active
ChatBot for Telegram ·chatbot-for-telegram 0.9.8 10 11mo ago Active
Simple Video Directory ·simple-media-directory 1.4.4 10 11mo ago Active
Floating Buttons for WooCommerce ·shop-assistant-for-woocommerce-jarvis 2.9.3 10 1mo ago Active
Floating Action Buttons ·floating-action-buttons 1.0.1 10 11mo ago Active
Express Shop for WooCommerce Product Table ·express-shop 4.2.3 10 1mo ago Active
Viral Buy for Me for WooCommerce Increase Sales ·increase-sales 1.2.6 10 5mo ago Active
ChatBot for Easy Digital Downloads ·chatbot-for-easy-digital-downloads 0.9.3 11mo ago Active
2Checkout for WooCommerce ·woowpay 1.1.1 Closed

SVN commit access (18)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
KnowledgeBase with AI ChatBot HelpDesk – KBx quantumcloud 50 101 9y ago 3mo ago Active
2Checkout for WooCommerce quantumcloud 11 6y ago 5y ago Closed
Simple Business Directory – AI Powered quantumcloud 300 5 9y ago 6d ago Active
Simple Link Directory – AI Powered quantumcloud 2k+ 5 9y ago 6d ago Active
AI ChatBot for WooCommerce – WoowBot quantumcloud 1k+ 4 8y ago 6d ago Active
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services quantumcloud 6k+ 3 5y ago 7d ago Active
Voice Audio Widgets – Voice recorder with Forms, AI Powered STT, TTS, Transcriptions, Language Teaching quantumcloud 300 2 3y ago 24d ago Active
Highlight Sitewide Notice, Text, Button Menu quantumcloud 20 1 3y ago 1mo ago Active
QC SEO Help for llms.txt, AI Analytics, AI Content Writer, Subtitle to Article quantumcloud 40 1 9y ago 1mo ago Active
Bargain Bot for WooCommerce – Dynamic Pricing, Make your Offer quantumcloud 50 1 6y ago 1mo ago Active
Portfolio X quantumcloud 200 1 9y ago 1mo ago Active
iChart – Easy Charts and Graphs quantumcloud 300 1 9y ago 1mo ago Active
Logo or Image Replace by mycore.global quantumcloud 400 1 7y ago 1mo ago Active
AI Infographic Maker quantumcloud 600 1 9y ago 1mo ago Active
Tabbed Category Product Listing for Woocommerce quantumcloud 1k+ 1 9y ago 1mo ago Active
WPBot – ChatBot Conversational Forms quantumcloud 2k+ 1 6y ago 6d ago Active
Slider Hero with Video Background, Animation quantumcloud 3k+ 1 9y ago 1mo ago Active
Comment Link Remove and Other Comment Tools quantumcloud 7k+ 1 9y ago 1mo ago Active