WP Beacon

revmakx

@revmakx · wordpress.org profile ↗
Member since
2024-07-31
Location
Employer
Job title
Authored
8
SVN commit access
3
Readme contributor
0
Combined install base
224k+ across 8 plugins

Alerts (0)

No open alerts.

Show 5 resolved alerts
Critical code_pattern InfiniteWP Client Resolved · no_longer_matches 28d ago
Slugiwp-client
Patternunserialize_after_remote_call
Kindbuiltin
Version1.13.5
Hit count1
First hit
File
backup/backup.php
Line
2,276
Snippet
L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp')); → L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "iwp-client",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.13.5",
    "hit_count": 1,
    "first_hit": {
        "file": "backup/backup.php",
        "line": 2276,
        "snippet": "L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));  \u2192  L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta InfiniteWP Client Resolved · fp_local_disk_cache 28d ago
Slugiwp-client
Previous version1.13.5
Current version1.13.5
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinbackup/backup.php2,276L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp')); → L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));high
New finding count1
View raw JSON
{
    "slug": "iwp-client",
    "previous_version": "1.13.5",
    "current_version": "1.13.5",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "backup/backup.php",
            "line": 2276,
            "snippet": "L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));  \u2192  L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}
High code_scan_match Backup and Staging by WP Time Capsule Resolved · code_scan_fp_class_genre_encoding 17d ago
Slugwp-time-capsule
Finding count51
Findings
PatternKindFileLineSnippetConfidence
base64_decodebuiltinwptc-constants.php191$this->define( 'WPTC_DROPBOX_CLIENT_ID', base64_decode('aHA3ZzJkcTl0YzgxZHdl') );medium
base64_decodebuiltinwptc-constants.php192$this->define( 'WPTC_DROPBOX_CLIENT_SECRET', base64_decode('MnlqNTVwa2lna2g4NTg2') );medium
base64_decodebuiltinwptc-constants.php204$this->define( 'WPTC_DROPBOX_CLIENT_ID', base64_decode('dHU4djcwM3A3cWk4cDky') );medium
base64_decodebuiltinwptc-constants.php205$this->define( 'WPTC_DROPBOX_CLIENT_SECRET', base64_decode('dHZ2MXM4dmxpcTVwNHU3') );medium
base64_decodebuiltinwptc-constants.php217$this->define( 'WPTC_DROPBOX_CLIENT_ID', base64_decode('bTMwY2hlaTh5YXRoYTRr') );medium
base64_decodebuiltinwptc-constants.php218$this->define( 'WPTC_DROPBOX_CLIENT_SECRET', base64_decode('ZzA5Y2NoNHc5c3Fwazli') );medium
base64_decodebuiltinGoogle/Utils.php42return base64_decode($b64);medium
base64_decodebuiltinwptc-cron-functions.php167$data = trim(base64_decode($request_raw_data));medium
base64_decodebuiltinwptc-cron-functions.php173$signature = base64_decode($request_data['signature']);medium
base64_decodebuiltinwptc-cron-functions.php228$data = base64_decode($HTTP_RAW_POST_DATA_LOCAL);medium
base64_decodebuiltincommon-functions.php760$decoded_data = base64_decode($base64Url);medium
base64_decodebuiltincommon-functions.php2,123return base64_decode(get_option('iwp_client_public_key'));medium
base64_decodebuiltincommon-functions.php2,144return base64_decode(get_option('iwp_client_nossl_key'));medium
base64_decodebuiltinPro/Staging/bridge/bridge.php45$this->params = unserialize(base64_decode($this->params['data']), ['allowed_classes' => false]);medium
base64_decodebuiltinPro/Staging/stage-to-live/includes/class-staging-white-label.php257$wptc_wl_code = base64_decode(urldecode($_GET['wptc_wl_code']));medium
Resolved sha60f5bda3e1da34cb4d545bea375af7a669ae2e75
View raw JSON
{
    "slug": "wp-time-capsule",
    "finding_count": 51,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wptc-constants.php",
            "line": 191,
            "snippet": "$this->define( 'WPTC_DROPBOX_CLIENT_ID', base64_decode('aHA3ZzJkcTl0YzgxZHdl') );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wptc-constants.php",
            "line": 192,
            "snippet": "$this->define( 'WPTC_DROPBOX_CLIENT_SECRET', base64_decode('MnlqNTVwa2lna2g4NTg2') );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wptc-constants.php",
            "line": 204,
            "snippet": "$this->define( 'WPTC_DROPBOX_CLIENT_ID', base64_decode('dHU4djcwM3A3cWk4cDky') );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wptc-constants.php",
            "line": 205,
            "snippet": "$this->define( 'WPTC_DROPBOX_CLIENT_SECRET', base64_decode('dHZ2MXM4dmxpcTVwNHU3') );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wptc-constants.php",
            "line": 217,
            "snippet": "$this->define( 'WPTC_DROPBOX_CLIENT_ID', base64_decode('bTMwY2hlaTh5YXRoYTRr') );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wptc-constants.php",
            "line": 218,
            "snippet": "$this->define( 'WPTC_DROPBOX_CLIENT_SECRET', base64_decode('ZzA5Y2NoNHc5c3Fwazli') );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "Google/Utils.php",
            "line": 42,
            "snippet": "return base64_decode($b64);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wptc-cron-functions.php",
            "line": 167,
            "snippet": "$data = trim(base64_decode($request_raw_data));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wptc-cron-functions.php",
            "line": 173,
            "snippet": "$signature  = base64_decode($request_data['signature']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wptc-cron-functions.php",
            "line": 228,
            "snippet": "$data = base64_decode($HTTP_RAW_POST_DATA_LOCAL);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "common-functions.php",
            "line": 760,
            "snippet": "$decoded_data = base64_decode($base64Url);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "common-functions.php",
            "line": 2123,
            "snippet": "return base64_decode(get_option('iwp_client_public_key'));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "common-functions.php",
            "line": 2144,
            "snippet": "return base64_decode(get_option('iwp_client_nossl_key'));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "Pro/Staging/bridge/bridge.php",
            "line": 45,
            "snippet": "$this->params = unserialize(base64_decode($this->params['data']), ['allowed_classes' => false]);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "Pro/Staging/stage-to-live/includes/class-staging-white-label.php",
            "line": 257,
            "snippet": "$wptc_wl_code = base64_decode(urldecode($_GET['wptc_wl_code']));",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "60f5bda3e1da34cb4d545bea375af7a669ae2e75"
}
Medium code_scan_match InfiniteWP Client Resolved · code_scan_fp_class_genre_encoding 17d ago
Slugiwp-client
Finding count28
Findings
PatternKindFileLineSnippetConfidence
base64_decodebuiltinbackup.class.multicall.php2,817$value = gzinflate (base64_decode(str_replace('**ZIP**', '', $value)));medium
gzinflatebuiltinbackup.class.multicall.php2,817$value = gzinflate (base64_decode(str_replace('**ZIP**', '', $value)));medium
base64_decodebuiltinaddons/file_editor/file_editor.class.php198$fileContent = base64_decode($fileContent);medium
gzinflatebuiltinaddons/file_editor/file_editor.class.php199$fileContent = gzinflate($fileContent);medium
base64_decodebuiltincore.class.php1,103$signature = base64_decode($_GET['signature']);medium
base64_decodebuiltincore.class.php1,106$signature_new = base64_decode($_GET['signature_new']);medium
base64_decodebuiltinlib/Google2/Utils.php42return base64_decode($b64);medium
base64_decodebuiltinlib/Dropbox2/OAuth/Consumer/ConsumerAbstract.php229$code = base64_decode($code);medium
base64_decodebuiltinlib/Dropbox2/OAuth/Storage/Encrypter.php89$cipherText = base64_decode($cipherText);medium
base64_decodebuiltinlib/Google/Utils.php44return base64_decode($b64);medium
gzinflatebuiltinlib/amazon_s3_bwd_comp/sdk.class.php1,239elseif (($uncompressed = gzinflate($body)) !== false)medium
base64_decodebuiltinhelper.class.php341return base64_decode(get_option('iwp_client_public_key'));medium
base64_decodebuiltinhelper.class.php349return base64_decode(get_option('iwp_client_nossl_key'));medium
eval_callbuiltininit.php2,173eval($params['code']);medium
base64_decodebuiltininit.php144$data = trim(base64_decode($request_raw_data));medium
Resolved sha1b79f5bd0cbe360eec44ce8d6d3fc1c39116823a
View raw JSON
{
    "slug": "iwp-client",
    "finding_count": 28,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "backup.class.multicall.php",
            "line": 2817,
            "snippet": "$value = gzinflate (base64_decode(str_replace('**ZIP**', '', $value)));",
            "confidence": "medium"
        },
        {
            "pattern": "gzinflate",
            "kind": "builtin",
            "file": "backup.class.multicall.php",
            "line": 2817,
            "snippet": "$value = gzinflate (base64_decode(str_replace('**ZIP**', '', $value)));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "addons/file_editor/file_editor.class.php",
            "line": 198,
            "snippet": "$fileContent = base64_decode($fileContent);",
            "confidence": "medium"
        },
        {
            "pattern": "gzinflate",
            "kind": "builtin",
            "file": "addons/file_editor/file_editor.class.php",
            "line": 199,
            "snippet": "$fileContent = gzinflate($fileContent);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "core.class.php",
            "line": 1103,
            "snippet": "$signature  = base64_decode($_GET['signature']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "core.class.php",
            "line": 1106,
            "snippet": "$signature_new = base64_decode($_GET['signature_new']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Google2/Utils.php",
            "line": 42,
            "snippet": "return base64_decode($b64);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Dropbox2/OAuth/Consumer/ConsumerAbstract.php",
            "line": 229,
            "snippet": "$code = base64_decode($code);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Dropbox2/OAuth/Storage/Encrypter.php",
            "line": 89,
            "snippet": "$cipherText = base64_decode($cipherText);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Google/Utils.php",
            "line": 44,
            "snippet": "return base64_decode($b64);",
            "confidence": "medium"
        },
        {
            "pattern": "gzinflate",
            "kind": "builtin",
            "file": "lib/amazon_s3_bwd_comp/sdk.class.php",
            "line": 1239,
            "snippet": "elseif (($uncompressed = gzinflate($body)) !== false)",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "helper.class.php",
            "line": 341,
            "snippet": "return base64_decode(get_option('iwp_client_public_key'));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "helper.class.php",
            "line": 349,
            "snippet": "return base64_decode(get_option('iwp_client_nossl_key'));",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "init.php",
            "line": 2173,
            "snippet": "eval($params['code']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "init.php",
            "line": 144,
            "snippet": "$data = trim(base64_decode($request_raw_data));",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "1b79f5bd0cbe360eec44ce8d6d3fc1c39116823a"
}
Medium domain_younger_than_plugin Backup and Staging by WP Time Capsule Resolved · no_longer_matches 28d ago
Slugwp-time-capsule
Domainguzzle-project.com
Domain sourcec2_http_call
Domain registered at2024-01-28
Plugin earliest commit2014-11-10 21:25:38
Plugin latest release2025-09-22 10:35:44
Gap days3,365
Domain age at release603
Active installs20,000
View raw JSON
{
    "slug": "wp-time-capsule",
    "domain": "guzzle-project.com",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2024-01-28",
    "plugin_earliest_commit": "2014-11-10 21:25:38",
    "plugin_latest_release": "2025-09-22 10:35:44",
    "gap_days": 3365,
    "domain_age_at_release": 603,
    "active_installs": 20000
}

Plugins authored (8)

Plugin Version Installs Last updated Status
InfiniteWP Client ·iwp-client 1.13.5 200k+ 2mo ago Active
Backup and Staging by WP Time Capsule ·wp-time-capsule 1.22.25 20k+ 8mo ago Active
DefendWP Firewall ·defend-wp-firewall 1.1.6 3k+ 11mo ago Active
WPCal.io – Easy Meeting Scheduler ·wpcal 0.9.5.10 1k+ 6mo ago Active
WP Duplicate – WordPress Migration Plugin ·local-sync 1.1.10 200 3mo ago Active
Super Stage WP ·super-stage-wp 1.0.2 10 3mo ago Active
Kiss Feedback ·kiss-feedback 1.0.0 10 5y ago Active
Matram.io ·matram 0.0.2 10 11y ago Active

SVN commit access (3)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
DefendWP Firewall revmakx 3k+ 18 1y ago 11mo ago Active
InfiniteWP Client revmakx 200k+ 9 1y ago 2mo ago Active
WP Duplicate – WordPress Migration Plugin revmakx 200 8 1y ago 3mo ago Active