WP Beacon

JoomSky

@rabilal · wordpress.org profile ↗
Member since
2014-08-22
Location
Employer
Joom Sky
Job title
Authored
4 (1 closed)
SVN commit access
3 (1 closed)
Readme contributor
0
Combined install base
8k+ across 4 plugins

Alerts (0)

No open alerts.

Show 3 resolved alerts
Critical code_pattern JS Job Manager Resolved · audit:suspicious 1mo ago
Slugjs-jobs
Patternsetup.joomsky.com
Kindioc:domain
Version2.0.2
Hit count5
First hit
File
includes/includer.php
Line
102
Snippet
define('JCONSTV', 'https://setup.joomsky.com/jsjobswp/pro/index.php');
Explanation
View raw JSON
{
    "slug": "js-jobs",
    "pattern": "setup.joomsky.com",
    "kind": "ioc:domain",
    "version": "2.0.2",
    "hit_count": 5,
    "first_hit": {
        "file": "includes/includer.php",
        "line": 102,
        "snippet": "define('JCONSTV', 'https://setup.joomsky.com/jsjobswp/pro/index.php');"
    },
    "explanation": null
}
High code_scan_delta JS Help Desk – AI-Powered Support & Ticketing System Resolved · benign_legit_cdn_or_legacy_function 15d ago
Slugjs-support-ticket
Previous version3.0.8
Current version3.1.0
New findings
PatternKindFileLineSnippetConfidenceDetails
remote_enqueuebuiltinmodules/jssupportticket/tpls/userregister.php5wp_enqueue_script( 'ticket-recaptcha', 'https://www.google.com/recaptcha/api.js', array(), jssupportticket::$_config['productversion'], true );medium
Url
https://www.google.com/recaptcha/api.js
Url host
www.google.com
remote_enqueuebuiltinmodules/jssupportticket/tpls/userregister.php142wp_enqueue_script( 'ticket-recaptcha', 'https://www.google.com/recaptcha/api.js', array(), jssupportticket::$_config['productversion'], true );medium
Url
https://www.google.com/recaptcha/api.js
Url host
www.google.com
remote_enqueuebuiltinmodules/ticket/tpls/addticket.php5wp_enqueue_script( 'ticket-recaptcha', 'https://www.google.com/recaptcha/api.js', array(), jssupportticket::$_config['productversion'], true );medium
Url
https://www.google.com/recaptcha/api.js
Url host
www.google.com
New finding count3
View raw JSON
{
    "slug": "js-support-ticket",
    "previous_version": "3.0.8",
    "current_version": "3.1.0",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "modules/jssupportticket/tpls/userregister.php",
            "line": 5,
            "snippet": "wp_enqueue_script( 'ticket-recaptcha', 'https://www.google.com/recaptcha/api.js', array(), jssupportticket::$_config['productversion'], true );",
            "confidence": "medium",
            "details": {
                "url": "https://www.google.com/recaptcha/api.js",
                "url_host": "www.google.com"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "modules/jssupportticket/tpls/userregister.php",
            "line": 142,
            "snippet": "wp_enqueue_script( 'ticket-recaptcha', 'https://www.google.com/recaptcha/api.js', array(), jssupportticket::$_config['productversion'], true );",
            "confidence": "medium",
            "details": {
                "url": "https://www.google.com/recaptcha/api.js",
                "url_host": "www.google.com"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "modules/ticket/tpls/addticket.php",
            "line": 5,
            "snippet": "wp_enqueue_script( 'ticket-recaptcha', 'https://www.google.com/recaptcha/api.js', array(), jssupportticket::$_config['productversion'], true );",
            "confidence": "medium",
            "details": {
                "url": "https://www.google.com/recaptcha/api.js",
                "url_host": "www.google.com"
            }
        }
    ],
    "new_finding_count": 3
}
High update_hijack_shape JS Help Desk – AI-Powered Support & Ticketing System Resolved · audit:suspicious 1mo ago
Slugjs-support-ticket
Shapeeval_after_remote_call
Filemodules/proinstaller/controller.php
Line69
Snippet$response = curl_exec($ch); ... eval($response);
Remote urlhttps://setup.joomsky.com/jsticketwp/pro/index.php
Remote url obfuscationbase64-encoded JCONSTINST constant in includes/includer.php:71
Ssl verifyno
VendorJoomSky / rabilal
Active installs8,000
Current response payloadecho Please download new installer from www.joomsky.com
Audit rationaleVendor-shipped permanent eval(remote-PHP) primitive: SSL verification disabled, URL base64-encoded in source. Server response is benign today but the architecture is a fully-armed update-hijack vector affecting 8000 installs.
Discovered bywp beacon hunt-updaters (eval_after_remote_call pattern)
View raw JSON
{
    "slug": "js-support-ticket",
    "shape": "eval_after_remote_call",
    "file": "modules/proinstaller/controller.php",
    "line": 69,
    "snippet": "$response = curl_exec($ch); ... eval($response);",
    "remote_url": "https://setup.joomsky.com/jsticketwp/pro/index.php",
    "remote_url_obfuscation": "base64-encoded JCONSTINST constant in includes/includer.php:71",
    "ssl_verify": false,
    "vendor": "JoomSky / rabilal",
    "active_installs": 8000,
    "current_response_payload": "echo Please download new installer from www.joomsky.com",
    "audit_rationale": "Vendor-shipped permanent eval(remote-PHP) primitive: SSL verification disabled, URL base64-encoded in source. Server response is benign today but the architecture is a fully-armed update-hijack vector affecting 8000 installs.",
    "discovered_by": "wp beacon hunt-updaters (eval_after_remote_call pattern)"
}

Plugins authored (4)

Plugin Version Installs Last updated Status
JS Help Desk – AI-Powered Support & Ticketing System ·js-support-ticket 3.1.1 8k+ 8d ago Active
JS Job Manager ·js-jobs 2.0.2 100 6mo ago Active
WP Learn Manager ·learn-manager 1.1.8 10 4y ago Active
WP Vehicle Manager ·js-vehicle-manager 1.1.8 Closed

SVN commit access (3)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
JS Job Manager rabilal 100 119 10y ago 6mo ago Active
WP Vehicle Manager rabilal 37 8y ago 4y ago Closed
JS Help Desk – AI-Powered Support & Ticketing System rabilal 8k+ 1 11y ago 8d ago Active