Saad Iqbal

{
    "slug": "new-user-approve",
    "active_installs": 20000,
    "critical_matches": 1,
    "high_matches": 0,
    "lookback_days": 90,
    "sample_threads": [
        {
            "title": "Plugin Security Risks (CSRF)",
            "date": "2026-02-03 22:23:12",
            "url": "https://wordpress.org/support/topic/plugin-security-risks-csrf/",
            "starter": "orbitmedia",
            "keyword": "backdoor"
        }
    ],
    "explanation": "Cluster of support-forum threads in the last 90 days containing user-reported attack vocabulary. Critical when any thread mentions explicit compromise terms (hacked / backdoor / admin user added); high when two or more mention symptom-class terms (redirect to spam / vendor alerts)."
}

{
    "slug": "post-smtp",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.9.1",
    "hit_count": 3,
    "first_hit": {
        "file": "includes/libs/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php",
        "line": 73,
        "snippet": "L73: return unserialize(file_get_contents($file));  \u2192  L73: return unserialize(file_get_contents($file));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}

{
    "slug": "post-smtp",
    "previous_version": "3.9.1",
    "current_version": "3.9.1",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/libs/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php",
            "line": 73,
            "snippet": "L73: return unserialize(file_get_contents($file));  \u2192  L73: return unserialize(file_get_contents($file));",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/libs/HTMLPurifier/HTMLPurifier/ConfigSchema.php",
            "line": 72,
            "snippet": "L71: $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/sc  \u2192  L72: $r = unserialize($contents);",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/libs/HTMLPurifier/HTMLPurifier/EntityLookup.php",
            "line": 26,
            "snippet": "L26: $this->table = unserialize(file_get_contents($file));  \u2192  L26: $this->table = unserialize(file_get_contents($file));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

{
    "slug": "contact-form-7-honeypot",
    "domain": "cf7apps.com",
    "domain_source": "plugin_uri",
    "domain_registered_at": "2024-11-28",
    "plugin_earliest_commit": "2011-06-28 12:09:39",
    "plugin_latest_release": "2026-04-23 05:02:22",
    "gap_days": 4901,
    "domain_age_at_release": 511,
    "active_installs": 300000
}

{
    "slug": "wp-contact-slider",
    "previous_version": "2.5.4",
    "current_version": "2.5.4",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "inc/meta-box/inc/fields/datetime.php",
            "line": 58,
            "snippet": "wp_register_style( 'jquery-ui-core', \"$url/jquery.ui.core.css\", array(), '1.8.17' );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "inc/meta-box/inc/fields/datetime.php",
            "line": 59,
            "snippet": "wp_register_style( 'jquery-ui-theme', \"$url/jquery.ui.theme.css\", array(), '1.8.17' );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "inc/meta-box/inc/fields/datetime.php",
            "line": 60,
            "snippet": "wp_register_style( 'jquery-ui-datepicker', \"$url/jquery.ui.datepicker.css\", array( 'jquery-ui-core', 'jquery-ui-theme' ), '1.8.17' );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "inc/meta-box/inc/fields/datetime.php",
            "line": 63,
            "snippet": "wp_register_style( 'jquery-ui-slider', \"$url/jquery.ui.slider.css\", array( 'jquery-ui-core', 'jquery-ui-theme' ), '1.8.17' );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "inc/meta-box/inc/fields/datetime.php",
            "line": 64,
            "snippet": "wp_register_style( 'jquery-ui-timepicker', \"$url/jquery-ui-timepicker-addon.min.css\", array( 'rwmb-date', 'jquery-ui-slider' ), '1.5.0' );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "inc/meta-box/inc/fields/datetime.php",
            "line": 67,
            "snippet": "wp_register_script( 'jquery-ui-timepicker', \"$url/jquery-ui-timepicker-addon.min.js\", array( 'jquery-ui-datepicker', 'jquery-ui-slider' ), '1.5.0', true );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "inc/meta-box/inc/fields/datetime.php",
            "line": 68,
            "snippet": "wp_register_script( 'jquery-ui-timepicker-i18n', \"$url/jquery-ui-timepicker-addon-i18n.min.js\", array( 'jquery-ui-timepicker' ), '1.5.0', true );",
            "confidence": "medium"
        }
    ],
    "new_finding_count": 7
}

{
    "slug": "change-wp-admin-login",
    "previous_version": "2.1.1",
    "current_version": "2.1.1",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/google-recaptcha/class-google-recaptcha.php",
            "line": 186,
            "snippet": "wp_register_script('aio-login-g-recaptcha', 'https://google.com/recaptcha/api.js', array(), null, true);",
            "confidence": "medium",
            "details": {
                "url": "https://google.com/recaptcha/api.js",
                "url_host": "google.com"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/google-recaptcha/class-google-recaptcha.php",
            "line": 191,
            "snippet": "wp_register_script('aio-login-g-recaptcha', 'https://google.com/recaptcha/api.js?render=' . $this->site_key, array(), null, true);",
            "confidence": "medium",
            "details": {
                "url": "https://google.com/recaptcha/api.js?render=",
                "url_host": "google.com"
            }
        }
    ],
    "new_finding_count": 2
}

{
    "slug": "contact-form-7-honeypot",
    "committer_slug": "nocean",
    "committer_display_name": "Ryan",
    "committer_employer": null,
    "committer_member_since": "2019-09-19",
    "committer_first_commit": "2020-05-20 14:56:40",
    "committer_commit_count": 40,
    "plugin_listed_author": "saadiqbal",
    "earliest_plugin_commit": "2011-06-28 12:09:39",
    "plugin_age_at_join_days": 3249,
    "committer_age_at_join_days": 244,
    "active_installs": 300000
}

{
    "slug": "mycred-memberpress",
    "closed_reason": "author-request",
    "closed_date": "2026-04-30 00:00:00",
    "active_installs": 20
}

{
    "slug": "mycred-memberpress",
    "new_contributors": [
        "saadiqbal"
    ],
    "active_installs": 20
}

{
    "slug": "mycred-credly",
    "closed_reason": "author-request",
    "closed_date": "2026-04-30 00:00:00",
    "active_installs": 20
}

{
    "slug": "mycred-credly",
    "new_contributors": [
        "saadiqbal"
    ],
    "active_installs": 20
}

{
    "slug": "mycred-for-rating-form",
    "closed_reason": "author-request",
    "closed_date": "2026-04-30 00:00:00",
    "active_installs": 20
}

{
    "slug": "mycred-for-rating-form",
    "new_contributors": [
        "saadiqbal"
    ],
    "active_installs": 20
}

{
    "slug": "mycred-for-totalpoll",
    "closed_reason": "author-request",
    "closed_date": "2026-04-30 00:00:00",
    "active_installs": 30
}

{
    "slug": "mycred-for-totalpoll",
    "new_contributors": [
        "saadiqbal"
    ],
    "active_installs": 30
}