WP Beacon

Syed Balkhi

@smub · wordpress.org profile ↗
Member since
2008-06-22
Location
Florida
Employer
Awesome Motive
Job title
Founder and CEO
Authored
106 (12 closed)
SVN commit access
11 (1 closed)
Readme contributor
31
Combined install base
26.8M+ across 137 plugins

Alerts (0)

No open alerts.

Show 41 resolved alerts
Critical code_scan_match Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More Resolved · code_scan_fp_class_genre_encoding 17d ago
Slugduplicator
Finding count7
Findings
PatternKindFileLineSnippetConfidence
base64_decodebuiltinclasses/utilities/class.u.php476return base64_decode($string);medium
base64_decodebuiltinsrc/Ajax/ServicesEducation.php217$encrypted = base64_decode($encryptedData);medium
gzinflatebuiltinsrc/Libs/DupArchive/Headers/DupArchiveReaderGlobHeader.php86return ($isCompressed ? gzinflate($globContents) : $globContents);medium
gzinflatebuiltinsrc/Libs/DupArchive/DupArchiveExpandBasicEngine.php252$globContents = gzinflate($globContents);medium
serialized_admin_rolebuiltininstaller/dup-installer/classes/config/class.conf.wp.php22const ADMIN_SERIALIZED_SECURITY_STRING = 'a:1:{s:13:"administrator";b:1;}';high
base64_decodebuiltininstaller/dup-installer/classes/class.crypt.php33$string = base64_decode($string);medium
base64_decodebuiltininstaller/dup-installer/classes/utilities/class.u.php1,391$decoded = base64_decode($str, true);medium
Resolved sha61a8ed704b64de3d0352e7c5f37648612842cfdf
View raw JSON
{
    "slug": "duplicator",
    "finding_count": 7,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "classes/utilities/class.u.php",
            "line": 476,
            "snippet": "return base64_decode($string);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Ajax/ServicesEducation.php",
            "line": 217,
            "snippet": "$encrypted = base64_decode($encryptedData);",
            "confidence": "medium"
        },
        {
            "pattern": "gzinflate",
            "kind": "builtin",
            "file": "src/Libs/DupArchive/Headers/DupArchiveReaderGlobHeader.php",
            "line": 86,
            "snippet": "return ($isCompressed ? gzinflate($globContents) : $globContents);",
            "confidence": "medium"
        },
        {
            "pattern": "gzinflate",
            "kind": "builtin",
            "file": "src/Libs/DupArchive/DupArchiveExpandBasicEngine.php",
            "line": 252,
            "snippet": "$globContents = gzinflate($globContents);",
            "confidence": "medium"
        },
        {
            "pattern": "serialized_admin_role",
            "kind": "builtin",
            "file": "installer/dup-installer/classes/config/class.conf.wp.php",
            "line": 22,
            "snippet": "const ADMIN_SERIALIZED_SECURITY_STRING = 'a:1:{s:13:\"administrator\";b:1;}';",
            "confidence": "high"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "installer/dup-installer/classes/class.crypt.php",
            "line": 33,
            "snippet": "$string = base64_decode($string);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "installer/dup-installer/classes/utilities/class.u.php",
            "line": 1391,
            "snippet": "$decoded = base64_decode($str, true);",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "61a8ed704b64de3d0352e7c5f37648612842cfdf"
}
Critical code_pattern Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More Resolved · false_positive_defensive_string_check 22d ago
Slugduplicator
Patternserialized_admin_role
Kindbuiltin
Version1.5.16
Hit count1
First hit
File
installer/dup-installer/classes/config/class.conf.wp.php
Line
22
Snippet
const ADMIN_SERIALIZED_SECURITY_STRING = 'a:1:{s:13:"administrator";b:1;}';
Explanationplugin source contains `s:13:"administrator"` — the PHP-serialized representation of the `administrator` role meta value. Used to bypass `wp_insert_user()` by writing directly to `wp_usermeta` with a hand-crafted capabilities string. Near-zero FP because legit code uses `WP_User::set_role()` instead of building the serialized form by hand.
View raw JSON
{
    "slug": "duplicator",
    "pattern": "serialized_admin_role",
    "kind": "builtin",
    "version": "1.5.16",
    "hit_count": 1,
    "first_hit": {
        "file": "installer/dup-installer/classes/config/class.conf.wp.php",
        "line": 22,
        "snippet": "const ADMIN_SERIALIZED_SECURITY_STRING = 'a:1:{s:13:\"administrator\";b:1;}';"
    },
    "explanation": "plugin source contains `s:13:\"administrator\"` \u2014 the PHP-serialized representation of the `administrator` role meta value. Used to bypass `wp_insert_user()` by writing directly to `wp_usermeta` with a hand-crafted capabilities string. Near-zero FP because legit code uses `WP_User::set_role()` instead of building the serialized form by hand."
}
Critical code_scan_delta Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More Resolved · false_positive_cdn_known_good 22d ago
Slugduplicator
Previous version1.5.16
Current version1.5.16
New findings
PatternKindFileLineSnippetConfidence
serialized_admin_rolebuiltininstaller/dup-installer/classes/config/class.conf.wp.php22const ADMIN_SERIALIZED_SECURITY_STRING = 'a:1:{s:13:"administrator";b:1;}';high
New finding count1
View raw JSON
{
    "slug": "duplicator",
    "previous_version": "1.5.16",
    "current_version": "1.5.16",
    "new_findings": [
        {
            "pattern": "serialized_admin_role",
            "kind": "builtin",
            "file": "installer/dup-installer/classes/config/class.conf.wp.php",
            "line": 22,
            "snippet": "const ADMIN_SERIALIZED_SECURITY_STRING = 'a:1:{s:13:\"administrator\";b:1;}';",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}
Critical code_pattern ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Resolved · no_longer_matches 28d ago
Sluggoogle-analytics-dashboard-for-wp
Patternunserialize_after_remote_call
Kindbuiltin
Version9.1.3
Hit count2
First hit
File
includes/gutenberg/headline-tool/phpinsight/lib/PHPInsight/Sentiment.php
Line
230
Snippet
L229: $temp = file_get_contents( $fn ); → L230: $words = unserialize( trim( $temp ) );
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "google-analytics-dashboard-for-wp",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "9.1.3",
    "hit_count": 2,
    "first_hit": {
        "file": "includes/gutenberg/headline-tool/phpinsight/lib/PHPInsight/Sentiment.php",
        "line": 230,
        "snippet": "L229: $temp  = file_get_contents( $fn );  \u2192  L230: $words = unserialize( trim( $temp ) );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Resolved · fp_vendored_library_local_cache 28d ago
Sluggoogle-analytics-dashboard-for-wp
Previous version9.1.3
Current version9.1.3
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinincludes/gutenberg/headline-tool/phpinsight/lib/PHPInsight/Sentiment.php230L229: $temp = file_get_contents( $fn ); → L230: $words = unserialize( trim( $temp ) );high
unserialize_after_remote_callbuiltinincludes/gutenberg/headline-tool/phpinsight/lib/PHPInsight/Sentiment.php360L359: $temp = file_get_contents( $fn ); → L360: $words = unserialize( trim( $temp ) );high
New finding count2
View raw JSON
{
    "slug": "google-analytics-dashboard-for-wp",
    "previous_version": "9.1.3",
    "current_version": "9.1.3",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/gutenberg/headline-tool/phpinsight/lib/PHPInsight/Sentiment.php",
            "line": 230,
            "snippet": "L229: $temp  = file_get_contents( $fn );  \u2192  L230: $words = unserialize( trim( $temp ) );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/gutenberg/headline-tool/phpinsight/lib/PHPInsight/Sentiment.php",
            "line": 360,
            "snippet": "L359: $temp  = file_get_contents( $fn );  \u2192  L360: $words = unserialize( trim( $temp ) );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 2
}
Critical code_pattern WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More Resolved · no_longer_matches 28d ago
Slugwpforms-lite
Patternunserialize_after_remote_call
Kindbuiltin
Version1.10.0.4
Hit count3
First hit
File
vendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php
Line
71
Snippet
L71: return \unserialize(\file_get_contents($file)); → L71: return \unserialize(\file_get_contents($file));
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`) is followed by `unserialize`/`maybe_unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. Legit plugins essentially never do this.
View raw JSON
{
    "slug": "wpforms-lite",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.10.0.4",
    "hit_count": 3,
    "first_hit": {
        "file": "vendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php",
        "line": 71,
        "snippet": "L71: return \\unserialize(\\file_get_contents($file));  \u2192  L71: return \\unserialize(\\file_get_contents($file));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`) is followed by `unserialize`/`maybe_unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. Legit plugins essentially never do this."
}
Critical code_scan_delta WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More Resolved · fp_vendored_library_local_cache 28d ago
Slugwpforms-lite
Previous version1.10.0.4
Current version1.10.0.4
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinvendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php71L71: return \unserialize(\file_get_contents($file)); → L71: return \unserialize(\file_get_contents($file));high
unserialize_after_remote_callbuiltinvendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema.php69L68: $contents = \file_get_contents(\WPForms\Vendor\HTMLPURIFIER_PREFIX . '/HTMLPurifie → L69: $r = \unserialize($contents);high
unserialize_after_remote_callbuiltinvendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/EntityLookup.php27L27: $this->table = \unserialize(\file_get_contents($file)); → L27: $this->table = \unserialize(\file_get_contents($file));high
New finding count3
View raw JSON
{
    "slug": "wpforms-lite",
    "previous_version": "1.10.0.4",
    "current_version": "1.10.0.4",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "vendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer.php",
            "line": 71,
            "snippet": "L71: return \\unserialize(\\file_get_contents($file));  \u2192  L71: return \\unserialize(\\file_get_contents($file));",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "vendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema.php",
            "line": 69,
            "snippet": "L68: $contents = \\file_get_contents(\\WPForms\\Vendor\\HTMLPURIFIER_PREFIX . '/HTMLPurifie  \u2192  L69: $r = \\unserialize($contents);",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "vendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/EntityLookup.php",
            "line": 27,
            "snippet": "L27: $this->table = \\unserialize(\\file_get_contents($file));  \u2192  L27: $this->table = \\unserialize(\\file_get_contents($file));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}
Critical domain_younger_than_plugin Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Resolved · no_longer_matches 28d ago
Slugeasy-wp-smtp
Domaineasywpsmtpapi.com
Domain sourcec2_http_call
Domain registered at2024-10-01
Plugin earliest commit2013-04-16 18:52:05
Plugin latest release2026-04-01 13:24:50
Gap days4,185
Domain age at release547
Active installs500,000
View raw JSON
{
    "slug": "easy-wp-smtp",
    "domain": "easywpsmtpapi.com",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2024-10-01",
    "plugin_earliest_commit": "2013-04-16 18:52:05",
    "plugin_latest_release": "2026-04-01 13:24:50",
    "gap_days": 4185,
    "domain_age_at_release": 547,
    "active_installs": 500000
}
Critical domain_younger_than_plugin ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Resolved · no_longer_matches 28d ago
Sluggoogle-analytics-dashboard-for-wp
Domainexactmetrics-translations.com
Domain sourcec2_http_call
Domain registered at2025-01-06
Plugin earliest commit2014-07-09 06:06:05
Plugin latest release2026-04-22 16:28:26
Gap days3,833
Domain age at release471
Active installs300,000
View raw JSON
{
    "slug": "google-analytics-dashboard-for-wp",
    "domain": "exactmetrics-translations.com",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2025-01-06",
    "plugin_earliest_commit": "2014-07-09 06:06:05",
    "plugin_latest_release": "2026-04-22 16:28:26",
    "gap_days": 3833,
    "domain_age_at_release": 471,
    "active_installs": 300000
}
Critical new_committer_young_account UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Resolved · no_longer_matches 29d ago
Sluguserfeedback-lite
Committerdpaternina
Display nameDavid Paternina
Member since2024-06-28
First commit at2024-07-02 15:03:31
Account age at first commit4
Commit count22
Active installs200,000
View raw JSON
{
    "slug": "userfeedback-lite",
    "committer": "dpaternina",
    "display_name": "David Paternina",
    "member_since": "2024-06-28",
    "first_commit_at": "2024-07-02 15:03:31",
    "account_age_at_first_commit": 4,
    "commit_count": 22,
    "active_installs": 200000
}
Critical new_committer_young_account UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Resolved · deduped 1mo ago
Sluguserfeedback-lite
Committerdpaternina
Display nameDavid Paternina
Member since2024-06-28
First commit at2024-07-02 15:03:31
Account age at first commit4
Commit count22
Active installs200,000
View raw JSON
{
    "slug": "userfeedback-lite",
    "committer": "dpaternina",
    "display_name": "David Paternina",
    "member_since": "2024-06-28",
    "first_commit_at": "2024-07-02 15:03:31",
    "account_age_at_first_commit": 4,
    "commit_count": 22,
    "active_installs": 200000
}
High code_scan_match Contact Form & SMTP Plugin for WordPress by PirateForms Resolved · code_scan_fp_class_vendor_cdn_enqueue 17d ago
Slugpirate-forms
Finding count2
Findings
PatternKindFileLineSnippetConfidenceDetails
remote_enqueuebuiltinpublic/class-pirateforms-public.php137wp_register_script( 'google-recaptcha', 'https://www.google.com/recaptcha/api.js?hl=' . $pirate_forms_contactus_language, [ 'jquery' ], $this->version, true );medium
Url
https://www.google.com/recaptcha/api.js?hl=
Url host
www.google.com
remote_enqueuebuiltingutenberg/class-pirateforms-gutenberg.php106wp_enqueue_script( 'recaptcha', "https://www.google.com/recaptcha/api.js?hl=$language", [], $this->version, true );medium
Url
https://www.google.com/recaptcha/api.js?hl=$language
Url host
www.google.com
Resolved shad709db8dd42160bf9b69fa2cef1ffd2624fc3d8c
View raw JSON
{
    "slug": "pirate-forms",
    "finding_count": 2,
    "findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "public/class-pirateforms-public.php",
            "line": 137,
            "snippet": "wp_register_script( 'google-recaptcha', 'https://www.google.com/recaptcha/api.js?hl=' . $pirate_forms_contactus_language, [ 'jquery' ], $this->version, true );",
            "confidence": "medium",
            "details": {
                "url": "https://www.google.com/recaptcha/api.js?hl=",
                "url_host": "www.google.com"
            }
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "gutenberg/class-pirateforms-gutenberg.php",
            "line": 106,
            "snippet": "wp_enqueue_script( 'recaptcha', \"https://www.google.com/recaptcha/api.js?hl=$language\", [], $this->version, true );",
            "confidence": "medium",
            "details": {
                "url": "https://www.google.com/recaptcha/api.js?hl=$language",
                "url_host": "www.google.com"
            }
        }
    ],
    "resolved_sha": "d709db8dd42160bf9b69fa2cef1ffd2624fc3d8c"
}
High code_scan_match WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager Resolved · code_scan_fp_class_vendor_cdn_enqueue 17d ago
Sluginsert-headers-and-footers
Finding count4
Findings
PatternKindFileLineSnippetConfidence
remote_enqueuebuiltinincludes/generator/class-wpcode-generator-style.php280$enqueue = 'true' === $styles_enqueue[ $key ] ? "wp_enqueue_style( '$style' );" : '';medium
remote_enqueuebuiltinincludes/generator/class-wpcode-generator-style.php285wp_register_style( '$style', '$styles_urls[$key]', {$this->array_to_code_string($dependencies)}, '$styles_versions[$key]'$media );medium
remote_enqueuebuiltinincludes/generator/class-wpcode-generator-script.php279$enqueue = 'true' === $scripts_enqueue[ $key ] ? "wp_enqueue_script( '$script_name' );" : '';medium
remote_enqueuebuiltinincludes/generator/class-wpcode-generator-script.php283wp_register_script( '$script_name', '$scripts_urls[$key]', {$this->array_to_code_string($dependencies)}, '$scripts_versions[$key]', $scripts_locations[$key] );medium
Resolved shace01147183d9a621f4f1d3b4cd7d4447fd5f1257
View raw JSON
{
    "slug": "insert-headers-and-footers",
    "finding_count": 4,
    "findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/generator/class-wpcode-generator-style.php",
            "line": 280,
            "snippet": "$enqueue      = 'true' === $styles_enqueue[ $key ] ? \"wp_enqueue_style( '$style' );\" : '';",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/generator/class-wpcode-generator-style.php",
            "line": 285,
            "snippet": "wp_register_style( '$style', '$styles_urls[$key]', {$this->array_to_code_string($dependencies)}, '$styles_versions[$key]'$media );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/generator/class-wpcode-generator-script.php",
            "line": 279,
            "snippet": "$enqueue      = 'true' === $scripts_enqueue[ $key ] ? \"wp_enqueue_script( '$script_name' );\" : '';",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/generator/class-wpcode-generator-script.php",
            "line": 283,
            "snippet": "wp_register_script( '$script_name', '$scripts_urls[$key]', {$this->array_to_code_string($dependencies)}, '$scripts_versions[$key]', $scripts_locations[$key] );",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "ce01147183d9a621f4f1d3b4cd7d4447fd5f1257"
}
High bulk_committer_takeover All in One SEO Pack Importer Resolved · benign_plugin_creation 19d ago
Committerpbaylies
Member since2011-05-02
Plugins joined5
Spread days0
Earliest join2012-12-13 16:30:54
Latest join2012-12-13 20:20:30
Combined installs800
Sample plugins
SlugActive installsFirst commit at
all-in-one-seo-pack-importer5002012-12-13 19:52:52
display-name-author-permalink2002012-12-13 20:09:12
ft-calendar1002012-12-13 18:59:36
moderate-selected-posts02012-12-13 20:20:30
simplemap02012-12-13 16:30:54
Triage note 2026 05 03Peter Baylies (Purcado dev), 2012 oldtimer cohort. All 5 plugins committed same day = original portfolio publication on wp.org account creation.
View raw JSON
{
    "committer": "pbaylies",
    "member_since": "2011-05-02",
    "plugins_joined": 5,
    "spread_days": 0,
    "earliest_join": "2012-12-13 16:30:54",
    "latest_join": "2012-12-13 20:20:30",
    "combined_installs": 800,
    "sample_plugins": [
        {
            "slug": "all-in-one-seo-pack-importer",
            "active_installs": 500,
            "first_commit_at": "2012-12-13 19:52:52"
        },
        {
            "slug": "display-name-author-permalink",
            "active_installs": 200,
            "first_commit_at": "2012-12-13 20:09:12"
        },
        {
            "slug": "ft-calendar",
            "active_installs": 100,
            "first_commit_at": "2012-12-13 18:59:36"
        },
        {
            "slug": "moderate-selected-posts",
            "active_installs": 0,
            "first_commit_at": "2012-12-13 20:20:30"
        },
        {
            "slug": "simplemap",
            "active_installs": 0,
            "first_commit_at": "2012-12-13 16:30:54"
        }
    ],
    "triage_note_2026_05_03": "Peter Baylies (Purcado dev), 2012 oldtimer cohort. All 5 plugins committed same day = original portfolio publication on wp.org account creation."
}
High code_scan_delta Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform Resolved · false_positive_cdn_known_good 22d ago
Slugsugar-calendar-lite
Previous version3.11.0
Current version3.11.0
New findings
PatternKindFileLineSnippetConfidence
remote_enqueuebuiltinincludes/admin/assets.php46wp_register_script( 'sugar_calendar_admin_calendar', "{$url}js/sc-calendar.js", $dialog, $ver, false );medium
remote_enqueuebuiltinincludes/admin/assets.php52wp_register_script( 'sugar_calendar_admin_taxonomy', "{$url}js/sc-taxonomy.js", $dialog, $ver, false );medium
remote_enqueuebuiltinincludes/admin/assets.php67wp_register_style( 'sugar_calendar_admin_calendar', "{$url}css/{$path}sc-calendar.css", $deps, $ver, 'all' );medium
remote_enqueuebuiltinincludes/admin/assets.php68wp_register_style( 'sugar_calendar_admin_datepicker', "{$url}css/{$path}sc-datepicker.css", $deps, $ver, 'all' );medium
remote_enqueuebuiltinincludes/admin/assets.php74wp_register_style( 'sugar_calendar_admin_taxonomy', "{$url}css/{$path}sc-taxonomy.css", $wpui, $ver, 'all' );medium
New finding count5
View raw JSON
{
    "slug": "sugar-calendar-lite",
    "previous_version": "3.11.0",
    "current_version": "3.11.0",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/admin/assets.php",
            "line": 46,
            "snippet": "wp_register_script( 'sugar_calendar_admin_calendar', \"{$url}js/sc-calendar.js\", $dialog, $ver, false );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/admin/assets.php",
            "line": 52,
            "snippet": "wp_register_script( 'sugar_calendar_admin_taxonomy', \"{$url}js/sc-taxonomy.js\", $dialog, $ver, false );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/admin/assets.php",
            "line": 67,
            "snippet": "wp_register_style( 'sugar_calendar_admin_calendar', \"{$url}css/{$path}sc-calendar.css\", $deps, $ver, 'all' );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/admin/assets.php",
            "line": 68,
            "snippet": "wp_register_style( 'sugar_calendar_admin_datepicker', \"{$url}css/{$path}sc-datepicker.css\", $deps, $ver, 'all' );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/admin/assets.php",
            "line": 74,
            "snippet": "wp_register_style( 'sugar_calendar_admin_taxonomy', \"{$url}css/{$path}sc-taxonomy.css\", $wpui, $ver, 'all' );",
            "confidence": "medium"
        }
    ],
    "new_finding_count": 5
}
High code_scan_delta Contact Form & SMTP Plugin for WordPress by PirateForms Resolved · false_positive_cdn_known_good 22d ago
Slugpirate-forms
Previous version2.6.1
Current version2.6.1
New findings
PatternKindFileLineSnippetConfidenceDetails
remote_enqueuebuiltinpublic/class-pirateforms-public.php137wp_register_script( 'google-recaptcha', 'https://www.google.com/recaptcha/api.js?hl=' . $pirate_forms_contactus_language, [ 'jquery' ], $this->version, true );medium
Url
https://www.google.com/recaptcha/api.js?hl=
Url host
www.google.com
New finding count1
View raw JSON
{
    "slug": "pirate-forms",
    "previous_version": "2.6.1",
    "current_version": "2.6.1",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "public/class-pirateforms-public.php",
            "line": 137,
            "snippet": "wp_register_script( 'google-recaptcha', 'https://www.google.com/recaptcha/api.js?hl=' . $pirate_forms_contactus_language, [ 'jquery' ], $this->version, true );",
            "confidence": "medium",
            "details": {
                "url": "https://www.google.com/recaptcha/api.js?hl=",
                "url_host": "www.google.com"
            }
        }
    ],
    "new_finding_count": 1
}
High code_scan_delta WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager Resolved · false_positive_cdn_known_good 22d ago
Sluginsert-headers-and-footers
Previous version2.3.5
Current version2.3.5
New findings
PatternKindFileLineSnippetConfidence
remote_enqueuebuiltinincludes/generator/class-wpcode-generator-style.php285wp_register_style( '$style', '$styles_urls[$key]', {$this->array_to_code_string($dependencies)}, '$styles_versions[$key]'$media );medium
remote_enqueuebuiltinincludes/generator/class-wpcode-generator-script.php283wp_register_script( '$script_name', '$scripts_urls[$key]', {$this->array_to_code_string($dependencies)}, '$scripts_versions[$key]', $scripts_locations[$key] );medium
New finding count2
View raw JSON
{
    "slug": "insert-headers-and-footers",
    "previous_version": "2.3.5",
    "current_version": "2.3.5",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/generator/class-wpcode-generator-style.php",
            "line": 285,
            "snippet": "wp_register_style( '$style', '$styles_urls[$key]', {$this->array_to_code_string($dependencies)}, '$styles_versions[$key]'$media );",
            "confidence": "medium"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "includes/generator/class-wpcode-generator-script.php",
            "line": 283,
            "snippet": "wp_register_script( '$script_name', '$scripts_urls[$key]', {$this->array_to_code_string($dependencies)}, '$scripts_versions[$key]', $scripts_locations[$key] );",
            "confidence": "medium"
        }
    ],
    "new_finding_count": 2
}
High committer_younger_than_plugin WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager Resolved · benign_company_employee 25d ago
Sluginsert-headers-and-footers
Committer slugdeb255
Committer display nameDave
Committer employer
Committer member since2017-02-28
Committer first commit2017-03-08 05:20:37
Committer commit count18
Plugin listed authorsmub
Earliest plugin commit2012-07-11 20:38:49
Plugin age at join days1,700
Committer age at join days8
Active installs3,000,000
View raw JSON
{
    "slug": "insert-headers-and-footers",
    "committer_slug": "deb255",
    "committer_display_name": "Dave",
    "committer_employer": null,
    "committer_member_since": "2017-02-28",
    "committer_first_commit": "2017-03-08 05:20:37",
    "committer_commit_count": 18,
    "plugin_listed_author": "smub",
    "earliest_plugin_commit": "2012-07-11 20:38:49",
    "plugin_age_at_join_days": 1700,
    "committer_age_at_join_days": 8,
    "active_installs": 3000000
}
High committer_younger_than_plugin Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation Resolved · benign_company_employee 25d ago
Slugoptinmonster
Committer slugmattawesomemotive
Committer display namemattawesomemotive
Committer employer
Committer member since2023-04-17
Committer first commit2023-07-26 20:06:51
Committer commit count44
Plugin listed authorsmub
Earliest plugin commit2015-04-23 14:13:00
Plugin age at join days3,016
Committer age at join days100
Active installs1,000,000
View raw JSON
{
    "slug": "optinmonster",
    "committer_slug": "mattawesomemotive",
    "committer_display_name": "mattawesomemotive",
    "committer_employer": null,
    "committer_member_since": "2023-04-17",
    "committer_first_commit": "2023-07-26 20:06:51",
    "committer_commit_count": 44,
    "plugin_listed_author": "smub",
    "earliest_plugin_commit": "2015-04-23 14:13:00",
    "plugin_age_at_join_days": 3016,
    "committer_age_at_join_days": 100,
    "active_installs": 1000000
}
High committer_younger_than_plugin Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Resolved · benign_company_employee 25d ago
Slugeasy-wp-smtp
Committer slugsixfingersam
Committer display nameIgnazio Setti
Committer employer
Committer member since2024-09-23
Committer first commit2024-09-26 08:21:02
Committer commit count8
Plugin listed authorsmub
Earliest plugin commit2013-04-16 18:52:05
Plugin age at join days4,180
Committer age at join days3
Active installs500,000
View raw JSON
{
    "slug": "easy-wp-smtp",
    "committer_slug": "sixfingersam",
    "committer_display_name": "Ignazio Setti",
    "committer_employer": null,
    "committer_member_since": "2024-09-23",
    "committer_first_commit": "2024-09-26 08:21:02",
    "committer_commit_count": 8,
    "plugin_listed_author": "smub",
    "earliest_plugin_commit": "2013-04-16 18:52:05",
    "plugin_age_at_join_days": 4180,
    "committer_age_at_join_days": 3,
    "active_installs": 500000
}
High committer_younger_than_plugin ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Resolved · benign_company_employee 25d ago
Sluggoogle-analytics-dashboard-for-wp
Committer slugdpaternina
Committer display nameDavid Paternina
Committer employer
Committer member since2024-06-28
Committer first commit2024-10-22 14:36:42
Committer commit count38
Plugin listed authorsmub
Earliest plugin commit2014-07-09 06:06:05
Plugin age at join days3,758
Committer age at join days116
Active installs300,000
View raw JSON
{
    "slug": "google-analytics-dashboard-for-wp",
    "committer_slug": "dpaternina",
    "committer_display_name": "David Paternina",
    "committer_employer": null,
    "committer_member_since": "2024-06-28",
    "committer_first_commit": "2024-10-22 14:36:42",
    "committer_commit_count": 38,
    "plugin_listed_author": "smub",
    "earliest_plugin_commit": "2014-07-09 06:06:05",
    "plugin_age_at_join_days": 3758,
    "committer_age_at_join_days": 116,
    "active_installs": 300000
}
High committer_younger_than_plugin ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Resolved · benign_company_employee 25d ago
Sluggoogle-analytics-dashboard-for-wp
Committer slugmicheleam
Committer display namemicheleam
Committer employer
Committer member since2023-04-11
Committer first commit2023-04-11 16:18:34
Committer commit count33
Plugin listed authorsmub
Earliest plugin commit2014-07-09 06:06:05
Plugin age at join days3,198
Committer age at join days0
Active installs300,000
View raw JSON
{
    "slug": "google-analytics-dashboard-for-wp",
    "committer_slug": "micheleam",
    "committer_display_name": "micheleam",
    "committer_employer": null,
    "committer_member_since": "2023-04-11",
    "committer_first_commit": "2023-04-11 16:18:34",
    "committer_commit_count": 33,
    "plugin_listed_author": "smub",
    "earliest_plugin_commit": "2014-07-09 06:06:05",
    "plugin_age_at_join_days": 3198,
    "committer_age_at_join_days": 0,
    "active_installs": 300000
}
High bulk_committer_takeover Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Resolved · audit:benign 1mo ago
Committeralexopen
Member since2024-08-02
Plugins joined5
Spread days33
Earliest join2026-02-26 16:40:44
Latest join2026-04-01 15:25:09
Combined installs1,370,000
Sample plugins
SlugActive installsFirst commit at
instagram-feed1,000,0002026-02-26 17:15:19
custom-twitter-feeds100,0002026-02-26 16:40:44
feeds-for-youtube100,0002026-02-26 17:03:40
reviews-feed100,0002026-02-26 17:20:07
feeds-for-tiktok70,0002026-04-01 15:25:09
View raw JSON
{
    "committer": "alexopen",
    "member_since": "2024-08-02",
    "plugins_joined": 5,
    "spread_days": 33,
    "earliest_join": "2026-02-26 16:40:44",
    "latest_join": "2026-04-01 15:25:09",
    "combined_installs": 1370000,
    "sample_plugins": [
        {
            "slug": "instagram-feed",
            "active_installs": 1000000,
            "first_commit_at": "2026-02-26 17:15:19"
        },
        {
            "slug": "custom-twitter-feeds",
            "active_installs": 100000,
            "first_commit_at": "2026-02-26 16:40:44"
        },
        {
            "slug": "feeds-for-youtube",
            "active_installs": 100000,
            "first_commit_at": "2026-02-26 17:03:40"
        },
        {
            "slug": "reviews-feed",
            "active_installs": 100000,
            "first_commit_at": "2026-02-26 17:20:07"
        },
        {
            "slug": "feeds-for-tiktok",
            "active_installs": 70000,
            "first_commit_at": "2026-04-01 15:25:09"
        }
    ]
}
Medium code_scan_match FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin Resolved · code_scan_fp_class_ad_tracking 17d ago
Slugtrustpulse-api
Finding count2
Findings
PatternKindFileLineSnippetConfidence
add_footer_scriptioc:code_patterntrustpulse.php212add_action( 'wp_enqueue_scripts', array( $this, 'add_footer_script_if_enabled' ) );medium
add_footer_scriptioc:code_patterntrustpulse.php283public function add_footer_script_if_enabled() {medium
Resolved sha2db26bfc443cdb8b358f3e77e559d4f22778f1f2
View raw JSON
{
    "slug": "trustpulse-api",
    "finding_count": 2,
    "findings": [
        {
            "pattern": "add_footer_script",
            "kind": "ioc:code_pattern",
            "file": "trustpulse.php",
            "line": 212,
            "snippet": "add_action( 'wp_enqueue_scripts', array( $this, 'add_footer_script_if_enabled' ) );",
            "confidence": "medium"
        },
        {
            "pattern": "add_footer_script",
            "kind": "ioc:code_pattern",
            "file": "trustpulse.php",
            "line": 283,
            "snippet": "public function add_footer_script_if_enabled() {",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "2db26bfc443cdb8b358f3e77e559d4f22778f1f2"
}
Medium code_scan_match Easy Digital Downloads – eCommerce Payments and Subscriptions made easy Resolved · code_scan_fp_class_genre_encoding 17d ago
Slugeasy-digital-downloads
Finding count5
Findings
PatternKindFileLineSnippetConfidence
eval_callbuiltinlibraries/Carbon/src/Carbon/Traits/Mixin.php103$context = eval(self::getAnonymousClassCodeForTrait($trait));medium
base64_decodebuiltinsrc/Gateways/Square/Connection.php118$token_json = base64_decode( $encoded_tokens );medium
base64_decodebuiltinincludes/gateways/libs/amazon/IpnHandler.php226$signature = base64_decode($this->getMandatoryField("Signature"));medium
base64_decodebuiltinincludes/deprecated-functions.php501if ( base64_encode( base64_decode( $expire, true ) ) === $expire ) {medium
base64_decodebuiltinincludes/deprecated-functions.php502$expire = base64_decode( $expire ); // If it is a base64 string, decode it. Old expiration dates were in base64medium
Resolved sha11db55284a5947151031b5c69184dc81c1ff5035
View raw JSON
{
    "slug": "easy-digital-downloads",
    "finding_count": 5,
    "findings": [
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "libraries/Carbon/src/Carbon/Traits/Mixin.php",
            "line": 103,
            "snippet": "$context = eval(self::getAnonymousClassCodeForTrait($trait));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Gateways/Square/Connection.php",
            "line": 118,
            "snippet": "$token_json = base64_decode( $encoded_tokens );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "includes/gateways/libs/amazon/IpnHandler.php",
            "line": 226,
            "snippet": "$signature       = base64_decode($this->getMandatoryField(\"Signature\"));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "includes/deprecated-functions.php",
            "line": 501,
            "snippet": "if ( base64_encode( base64_decode( $expire, true ) ) === $expire ) {",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "includes/deprecated-functions.php",
            "line": 502,
            "snippet": "$expire = base64_decode( $expire ); // If it is a base64 string, decode it. Old expiration dates were in base64",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "11db55284a5947151031b5c69184dc81c1ff5035"
}
Medium code_scan_match All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic Resolved · fp:overgeneric_ioc 19d ago
Slugall-in-one-seo-pack
Finding count2
Findings
PatternKindFileLineSnippetConfidence
Upgradeioc:changelog_phrasereadme.txt216Want to unlock more SEO features? [Upgrade to AIOSEO Pro](https://aioseo.com/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin 'All in One SEO for WordPress').low
Upgradeioc:changelog_phrasereadme.txt450== Upgrade Notice ==low
Triage note 2026 05 03all-in-one-seo-pack: Upgrade changelog_phrase fires on standard "Upgrade Notice" + Pro promo lines. AIOSEO is well-known plugin, no supply-chain signal.
View raw JSON
{
    "slug": "all-in-one-seo-pack",
    "finding_count": 2,
    "findings": [
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 216,
            "snippet": "Want to unlock more SEO features? [Upgrade to AIOSEO Pro](https://aioseo.com/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin 'All in One SEO for WordPress').",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 450,
            "snippet": "== Upgrade Notice ==",
            "confidence": "low"
        }
    ],
    "triage_note_2026_05_03": "all-in-one-seo-pack: Upgrade changelog_phrase fires on standard \"Upgrade Notice\" + Pro promo lines. AIOSEO is well-known plugin, no supply-chain signal."
}
Medium code_scan_match WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin Resolved · fp:overgeneric_ioc 19d ago
Slugwp-mail-smtp
Finding count4
Findings
PatternKindFileLineSnippetConfidence
Upgradeioc:changelog_phrasereadme.txt430- IMPORTANT: Support for PHP 7.2 has been discontinued. If you are running this version, you MUST upgrade PHP before installing or upgrading to WP Mail SMTP v4.5. Failure to do that will disable WP Malow
Upgradeioc:changelog_phrasereadme.txt476- Changed: Removed `WPMailSMTP\Admin\PluginsInstallUpgrader` class and switched to the WordPress Core `Plugin_Upgrader` class.low
Upgradeioc:changelog_phrasereadme.txt500- IMPORTANT: Support for PHP 5.6, 7.0, and 7.1 has been discontinued. If you are running one of those versions, you MUST upgrade PHP before installing or upgrading to WP Mail SMTP v3.8. Failure to dolow
Upgradeioc:changelog_phrasereadme.txt552- IMPORTANT: Support for WordPress versions 5.1.x or lower has been discontinued. If you are using one of those versions, you MUST upgrade WordPress before installing or upgrading to WP Mail SMTP v3.3low
Triage note 2026 05 03wp-mail-smtp: 4 Upgrade hits, all PHP-version-discontinuation notices in changelog.
View raw JSON
{
    "slug": "wp-mail-smtp",
    "finding_count": 4,
    "findings": [
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 430,
            "snippet": "- IMPORTANT: Support for PHP 7.2 has been discontinued. If you are running this version, you MUST upgrade PHP before installing or upgrading to WP Mail SMTP v4.5. Failure to do that will disable WP Ma",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 476,
            "snippet": "- Changed: Removed `WPMailSMTP\\Admin\\PluginsInstallUpgrader` class and switched to the WordPress Core `Plugin_Upgrader` class.",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 500,
            "snippet": "- IMPORTANT: Support for PHP 5.6, 7.0, and 7.1 has been discontinued. If you are running one of those versions, you MUST upgrade PHP before installing or upgrading to WP Mail SMTP v3.8. Failure to do",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 552,
            "snippet": "- IMPORTANT: Support for WordPress versions 5.1.x or lower has been discontinued. If you are using one of those versions, you MUST upgrade WordPress before installing or upgrading to WP Mail SMTP v3.3",
            "confidence": "low"
        }
    ],
    "triage_note_2026_05_03": "wp-mail-smtp: 4 Upgrade hits, all PHP-version-discontinuation notices in changelog."
}
Medium code_scan_match WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More Resolved · fp:overgeneric_ioc 19d ago
Slugwpforms-lite
Finding count11
Findings
PatternKindFileLineSnippetConfidence
base64_decodebuiltinincludes/class-process.php1,348$query_args = base64_decode( $hash );medium
eval_callbuiltinvendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/VarParser/Native.php30$result = eval("\$var = {$expr};");medium
eval_callbuiltinvendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php157return eval('return array(' . $contents . ');');medium
base64_decodebuiltinvendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/URIScheme/data.php81$raw_data = \base64_decode($data);medium
base64_decodebuiltinsrc/Tasks/Meta.php227$decoded = base64_decode( $meta->data );medium
base64_decodebuiltinsrc/Helpers/Crypto.php27return base64_decode( $secret_key ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decodemedium
base64_decodebuiltinsrc/Helpers/Crypto.php91$decoded = base64_decode( (string) $encrypted ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decodemedium
Upgradeioc:changelog_phrasereadme.txt162You can see why WPForms is the best WordPress contact form plugin on the market! Want to unlock these features? [Upgrade to our Pro version](https://wpforms.com/?utm_source=wprepo&utm_medium=link&utm_low
Upgradeioc:changelog_phrasereadme.txt541- IMPORTANT: Support for PHP 7.1 has been discontinued. If you are running PHP 7.1, you MUST upgrade PHP before installing WPForms 1.9.5. Failure to do that will disable WPForms core functionality.low
Upgradeioc:changelog_phrasereadme.txt599- IMPORTANT: Support for PHP 7.0 has been discontinued. If you are running PHP 7.0, you MUST upgrade PHP before installing WPForms 1.9.3. Failure to do that will disable WPForms core functionality.low
Upgradeioc:changelog_phrasereadme.txt821- Fixed: Upgrade to the Pro link had wrong styling on Bluehost hosted sites.low
Triage note 2026 05 03wpforms-lite: base64_decode + eval matches in vendored ezyang/htmlpurifier library + Crypto helpers. WPForms is well-known form plugin.
View raw JSON
{
    "slug": "wpforms-lite",
    "finding_count": 11,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "includes/class-process.php",
            "line": 1348,
            "snippet": "$query_args = base64_decode( $hash );",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "vendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/VarParser/Native.php",
            "line": 30,
            "snippet": "$result = eval(\"\\$var = {$expr};\");",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "vendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php",
            "line": 157,
            "snippet": "return eval('return array(' . $contents . ');');",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "vendor_prefixed/ezyang/htmlpurifier/library/HTMLPurifier/URIScheme/data.php",
            "line": 81,
            "snippet": "$raw_data = \\base64_decode($data);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Tasks/Meta.php",
            "line": 227,
            "snippet": "$decoded = base64_decode( $meta->data );",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Helpers/Crypto.php",
            "line": 27,
            "snippet": "return base64_decode( $secret_key ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "src/Helpers/Crypto.php",
            "line": 91,
            "snippet": "$decoded = base64_decode( (string) $encrypted ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode",
            "confidence": "medium"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 162,
            "snippet": "You can see why WPForms is the best WordPress contact form plugin on the market! Want to unlock these features? [Upgrade to our Pro version](https://wpforms.com/?utm_source=wprepo&utm_medium=link&utm_",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 541,
            "snippet": "- IMPORTANT: Support for PHP 7.1 has been discontinued. If you are running PHP 7.1, you MUST upgrade PHP before installing WPForms 1.9.5. Failure to do that will disable WPForms core functionality.",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 599,
            "snippet": "- IMPORTANT: Support for PHP 7.0 has been discontinued. If you are running PHP 7.0, you MUST upgrade PHP before installing WPForms 1.9.3. Failure to do that will disable WPForms core functionality.",
            "confidence": "low"
        },
        {
            "pattern": "Upgrade",
            "kind": "ioc:changelog_phrase",
            "file": "readme.txt",
            "line": 821,
            "snippet": "- Fixed: Upgrade to the Pro link had wrong styling on Bluehost hosted sites.",
            "confidence": "low"
        }
    ],
    "triage_note_2026_05_03": "wpforms-lite: base64_decode + eval matches in vendored ezyang/htmlpurifier library + Crypto helpers. WPForms is well-known form plugin."
}
Medium committer_younger_than_plugin Login for Google Apps Resolved · no_longer_matches 21d ago
Sluggoogle-apps-login
Committer slugniravbhut
Committer display nameNirav Bhut
Committer employer
Committer member since2018-05-09
Committer first commit2018-05-16 08:48:40
Committer commit count2
Plugin listed authorsmub
Earliest plugin commit2013-11-25 20:54:02
Plugin age at join days1,632
Committer age at join days7
Active installs10,000
View raw JSON
{
    "slug": "google-apps-login",
    "committer_slug": "niravbhut",
    "committer_display_name": "Nirav Bhut",
    "committer_employer": null,
    "committer_member_since": "2018-05-09",
    "committer_first_commit": "2018-05-16 08:48:40",
    "committer_commit_count": 2,
    "plugin_listed_author": "smub",
    "earliest_plugin_commit": "2013-11-25 20:54:02",
    "plugin_age_at_join_days": 1632,
    "committer_age_at_join_days": 7,
    "active_installs": 10000
}
Medium bulk_committer_takeover WP Call Button – Easy Click to Call Button for WordPress Resolved · no_longer_matches 21d ago
Committer_smartik_
Member since2014-01-03
Plugins joined5
Spread days349
Earliest join2023-11-03 18:16:59
Latest join2024-10-18 17:06:42
Combined installs72,500
Sample plugins
SlugActive installsFirst commit at
wp-call-button40,0002024-07-26 14:36:40
transients-manager20,0002024-10-18 17:06:42
wp10110,0002023-11-03 18:16:59
compact-archives2,0002024-07-05 18:08:28
last-viewed-posts5002024-04-01 19:31:49
View raw JSON
{
    "committer": "_smartik_",
    "member_since": "2014-01-03",
    "plugins_joined": 5,
    "spread_days": 349,
    "earliest_join": "2023-11-03 18:16:59",
    "latest_join": "2024-10-18 17:06:42",
    "combined_installs": 72500,
    "sample_plugins": [
        {
            "slug": "wp-call-button",
            "active_installs": 40000,
            "first_commit_at": "2024-07-26 14:36:40"
        },
        {
            "slug": "transients-manager",
            "active_installs": 20000,
            "first_commit_at": "2024-10-18 17:06:42"
        },
        {
            "slug": "wp101",
            "active_installs": 10000,
            "first_commit_at": "2023-11-03 18:16:59"
        },
        {
            "slug": "compact-archives",
            "active_installs": 2000,
            "first_commit_at": "2024-07-05 18:08:28"
        },
        {
            "slug": "last-viewed-posts",
            "active_installs": 500,
            "first_commit_at": "2024-04-01 19:31:49"
        }
    ]
}
Medium bulk_committer_takeover PDF Embedder Resolved · no_longer_matches 21d ago
Committerlevertechadmin
Member since2018-03-29
Plugins joined5
Spread days335
Earliest join2018-08-17 05:24:30
Latest join2019-07-18 07:14:06
Combined installs320,000
Sample plugins
SlugActive installsFirst commit at
pdf-embedder300,0002018-08-21 15:17:27
google-apps-login10,0002019-03-27 13:24:55
google-drive-embedder5,0002018-08-17 05:24:30
all-in-one-intranet4,0002019-03-27 13:32:04
get-params1,0002019-07-18 07:14:06
View raw JSON
{
    "committer": "levertechadmin",
    "member_since": "2018-03-29",
    "plugins_joined": 5,
    "spread_days": 335,
    "earliest_join": "2018-08-17 05:24:30",
    "latest_join": "2019-07-18 07:14:06",
    "combined_installs": 320000,
    "sample_plugins": [
        {
            "slug": "pdf-embedder",
            "active_installs": 300000,
            "first_commit_at": "2018-08-21 15:17:27"
        },
        {
            "slug": "google-apps-login",
            "active_installs": 10000,
            "first_commit_at": "2019-03-27 13:24:55"
        },
        {
            "slug": "google-drive-embedder",
            "active_installs": 5000,
            "first_commit_at": "2018-08-17 05:24:30"
        },
        {
            "slug": "all-in-one-intranet",
            "active_installs": 4000,
            "first_commit_at": "2019-03-27 13:32:04"
        },
        {
            "slug": "get-params",
            "active_installs": 1000,
            "first_commit_at": "2019-07-18 07:14:06"
        }
    ]
}
Medium committer_younger_than_plugin Login for Google Apps Resolved · no_longer_matches 22d ago
Sluggoogle-apps-login
Committer slugniravbhut
Committer display nameNirav Bhut
Committer employer
Committer member since2018-05-09
Committer first commit2018-05-16 08:48:40
Committer commit count2
Plugin listed authorsmub
Earliest plugin commit2013-11-25 20:54:02
Plugin age at join days1,632
Committer age at join days7
Active installs10,000
View raw JSON
{
    "slug": "google-apps-login",
    "committer_slug": "niravbhut",
    "committer_display_name": "Nirav Bhut",
    "committer_employer": null,
    "committer_member_since": "2018-05-09",
    "committer_first_commit": "2018-05-16 08:48:40",
    "committer_commit_count": 2,
    "plugin_listed_author": "smub",
    "earliest_plugin_commit": "2013-11-25 20:54:02",
    "plugin_age_at_join_days": 1632,
    "committer_age_at_join_days": 7,
    "active_installs": 10000
}
Medium committer_younger_than_plugin Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform Resolved · no_longer_matches 22d ago
Slugsugar-calendar-lite
Committer slugspiettojo
Committer display nameSean Michael P
Committer employer
Committer member since2025-06-09
Committer first commit2025-09-30 13:45:49
Committer commit count2
Plugin listed authorsmub
Earliest plugin commit2012-10-05 19:33:19
Plugin age at join days4,742
Committer age at join days113
Active installs10,000
View raw JSON
{
    "slug": "sugar-calendar-lite",
    "committer_slug": "spiettojo",
    "committer_display_name": "Sean Michael P",
    "committer_employer": null,
    "committer_member_since": "2025-06-09",
    "committer_first_commit": "2025-09-30 13:45:49",
    "committer_commit_count": 2,
    "plugin_listed_author": "smub",
    "earliest_plugin_commit": "2012-10-05 19:33:19",
    "plugin_age_at_join_days": 4742,
    "committer_age_at_join_days": 113,
    "active_installs": 10000
}
Medium code_scan_delta FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin Resolved · fp:overgeneric_ioc 22d ago
Slugtrustpulse-api
Previous version1.2.5
Current version1.2.5
New findings
PatternKindFileLineSnippetConfidence
add_footer_scriptioc:code_patterntrustpulse.php212add_action( 'wp_enqueue_scripts', array( $this, 'add_footer_script_if_enabled' ) );medium
add_footer_scriptioc:code_patterntrustpulse.php283public function add_footer_script_if_enabled() {medium
New finding count2
View raw JSON
{
    "slug": "trustpulse-api",
    "previous_version": "1.2.5",
    "current_version": "1.2.5",
    "new_findings": [
        {
            "pattern": "add_footer_script",
            "kind": "ioc:code_pattern",
            "file": "trustpulse.php",
            "line": 212,
            "snippet": "add_action( 'wp_enqueue_scripts', array( $this, 'add_footer_script_if_enabled' ) );",
            "confidence": "medium"
        },
        {
            "pattern": "add_footer_script",
            "kind": "ioc:code_pattern",
            "file": "trustpulse.php",
            "line": 283,
            "snippet": "public function add_footer_script_if_enabled() {",
            "confidence": "medium"
        }
    ],
    "new_finding_count": 2
}
Medium committer_younger_than_plugin WP Lightbox 2 Resolved · benign_company_employee 25d ago
Slugwp-lightbox-2
Committer slugcsskevin
Committer display namecsskevin
Committer employer
Committer member since2020-08-16
Committer first commit2020-10-02 12:48:57
Committer commit count3
Plugin listed authorsmub
Earliest plugin commit2011-11-27 17:09:13
Plugin age at join days3,231
Committer age at join days47
Active installs30,000
View raw JSON
{
    "slug": "wp-lightbox-2",
    "committer_slug": "csskevin",
    "committer_display_name": "csskevin",
    "committer_employer": null,
    "committer_member_since": "2020-08-16",
    "committer_first_commit": "2020-10-02 12:48:57",
    "committer_commit_count": 3,
    "plugin_listed_author": "smub",
    "earliest_plugin_commit": "2011-11-27 17:09:13",
    "plugin_age_at_join_days": 3231,
    "committer_age_at_join_days": 47,
    "active_installs": 30000
}
Medium committer_younger_than_plugin FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin Resolved · benign_company_employee 25d ago
Slugtrustpulse-api
Committer slugmattawesomemotive
Committer display namemattawesomemotive
Committer employer
Committer member since2023-04-17
Committer first commit2023-09-19 16:08:02
Committer commit count23
Plugin listed authorsmub
Earliest plugin commit2019-05-16 00:22:26
Plugin age at join days1,587
Committer age at join days155
Active installs20,000
View raw JSON
{
    "slug": "trustpulse-api",
    "committer_slug": "mattawesomemotive",
    "committer_display_name": "mattawesomemotive",
    "committer_employer": null,
    "committer_member_since": "2023-04-17",
    "committer_first_commit": "2023-09-19 16:08:02",
    "committer_commit_count": 23,
    "plugin_listed_author": "smub",
    "earliest_plugin_commit": "2019-05-16 00:22:26",
    "plugin_age_at_join_days": 1587,
    "committer_age_at_join_days": 155,
    "active_installs": 20000
}
Medium bulk_committer_takeover Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Resolved · no_longer_matches 29d ago
Committerahmedgeek
Member since2010-04-21
Plugins joined5
Spread days365
Earliest join2024-04-23 16:03:28
Latest join2025-04-23 18:46:40
Combined installs1,500,000
Sample plugins
SlugActive installsFirst commit at
instagram-feed1,000,0002024-06-12 11:35:17
custom-facebook-feed200,0002025-04-23 18:46:40
custom-twitter-feeds100,0002024-10-03 14:09:24
feeds-for-youtube100,0002024-04-23 16:03:28
reviews-feed100,0002024-04-25 15:14:13
View raw JSON
{
    "committer": "ahmedgeek",
    "member_since": "2010-04-21",
    "plugins_joined": 5,
    "spread_days": 365,
    "earliest_join": "2024-04-23 16:03:28",
    "latest_join": "2025-04-23 18:46:40",
    "combined_installs": 1500000,
    "sample_plugins": [
        {
            "slug": "instagram-feed",
            "active_installs": 1000000,
            "first_commit_at": "2024-06-12 11:35:17"
        },
        {
            "slug": "custom-facebook-feed",
            "active_installs": 200000,
            "first_commit_at": "2025-04-23 18:46:40"
        },
        {
            "slug": "custom-twitter-feeds",
            "active_installs": 100000,
            "first_commit_at": "2024-10-03 14:09:24"
        },
        {
            "slug": "feeds-for-youtube",
            "active_installs": 100000,
            "first_commit_at": "2024-04-23 16:03:28"
        },
        {
            "slug": "reviews-feed",
            "active_installs": 100000,
            "first_commit_at": "2024-04-25 15:14:13"
        }
    ]
}
Medium bulk_committer_takeover Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Resolved · deduped 1mo ago
Committerahmedgeek
Member since2010-04-21
Plugins joined5
Spread days365
Earliest join2024-04-23 16:03:28
Latest join2025-04-23 18:46:40
Combined installs1,500,000
Sample plugins
SlugActive installsFirst commit at
instagram-feed1,000,0002024-06-12 11:35:17
custom-facebook-feed200,0002025-04-23 18:46:40
custom-twitter-feeds100,0002024-10-03 14:09:24
feeds-for-youtube100,0002024-04-23 16:03:28
reviews-feed100,0002024-04-25 15:14:13
View raw JSON
{
    "committer": "ahmedgeek",
    "member_since": "2010-04-21",
    "plugins_joined": 5,
    "spread_days": 365,
    "earliest_join": "2024-04-23 16:03:28",
    "latest_join": "2025-04-23 18:46:40",
    "combined_installs": 1500000,
    "sample_plugins": [
        {
            "slug": "instagram-feed",
            "active_installs": 1000000,
            "first_commit_at": "2024-06-12 11:35:17"
        },
        {
            "slug": "custom-facebook-feed",
            "active_installs": 200000,
            "first_commit_at": "2025-04-23 18:46:40"
        },
        {
            "slug": "custom-twitter-feeds",
            "active_installs": 100000,
            "first_commit_at": "2024-10-03 14:09:24"
        },
        {
            "slug": "feeds-for-youtube",
            "active_installs": 100000,
            "first_commit_at": "2024-04-23 16:03:28"
        },
        {
            "slug": "reviews-feed",
            "active_installs": 100000,
            "first_commit_at": "2024-04-25 15:14:13"
        }
    ]
}
Medium bulk_committer_takeover Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Resolved · superseded 1mo ago
Committerahmedgeek
Member since2010-04-21
Plugins joined5
Spread days365
Earliest join2024-04-23 16:03:28
Latest join2025-04-23 18:46:40
Combined installs1,500,000
Sample plugins
SlugActive installsFirst commit at
instagram-feed1,000,0002024-06-12 11:35:17
custom-facebook-feed200,0002025-04-23 18:46:40
custom-twitter-feeds100,0002024-10-03 14:09:24
feeds-for-youtube100,0002024-04-23 16:03:28
reviews-feed100,0002024-04-25 15:14:13
View raw JSON
{
    "committer": "ahmedgeek",
    "member_since": "2010-04-21",
    "plugins_joined": 5,
    "spread_days": 365,
    "earliest_join": "2024-04-23 16:03:28",
    "latest_join": "2025-04-23 18:46:40",
    "combined_installs": 1500000,
    "sample_plugins": [
        {
            "slug": "instagram-feed",
            "active_installs": 1000000,
            "first_commit_at": "2024-06-12 11:35:17"
        },
        {
            "slug": "custom-facebook-feed",
            "active_installs": 200000,
            "first_commit_at": "2025-04-23 18:46:40"
        },
        {
            "slug": "custom-twitter-feeds",
            "active_installs": 100000,
            "first_commit_at": "2024-10-03 14:09:24"
        },
        {
            "slug": "feeds-for-youtube",
            "active_installs": 100000,
            "first_commit_at": "2024-04-23 16:03:28"
        },
        {
            "slug": "reviews-feed",
            "active_installs": 100000,
            "first_commit_at": "2024-04-25 15:14:13"
        }
    ]
}
Medium bulk_committer_takeover Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Resolved · superseded 1mo ago
Committerahmedgeek
Member since2010-04-21
Plugins joined5
Spread days365
Earliest join2024-04-23 16:03:28
Latest join2025-04-23 18:46:40
Combined installs1,500,000
Sample plugins
SlugActive installsFirst commit at
instagram-feed1,000,0002024-06-12 11:35:17
custom-facebook-feed200,0002025-04-23 18:46:40
custom-twitter-feeds100,0002024-10-03 14:09:24
feeds-for-youtube100,0002024-04-23 16:03:28
reviews-feed100,0002024-04-25 15:14:13
View raw JSON
{
    "committer": "ahmedgeek",
    "member_since": "2010-04-21",
    "plugins_joined": 5,
    "spread_days": 365,
    "earliest_join": "2024-04-23 16:03:28",
    "latest_join": "2025-04-23 18:46:40",
    "combined_installs": 1500000,
    "sample_plugins": [
        {
            "slug": "instagram-feed",
            "active_installs": 1000000,
            "first_commit_at": "2024-06-12 11:35:17"
        },
        {
            "slug": "custom-facebook-feed",
            "active_installs": 200000,
            "first_commit_at": "2025-04-23 18:46:40"
        },
        {
            "slug": "custom-twitter-feeds",
            "active_installs": 100000,
            "first_commit_at": "2024-10-03 14:09:24"
        },
        {
            "slug": "feeds-for-youtube",
            "active_installs": 100000,
            "first_commit_at": "2024-04-23 16:03:28"
        },
        {
            "slug": "reviews-feed",
            "active_installs": 100000,
            "first_commit_at": "2024-04-25 15:14:13"
        }
    ]
}
Medium bulk_committer_takeover Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Resolved · superseded 1mo ago
Committerahmedgeek
Member since2010-04-21
Plugins joined5
Spread days365
Earliest join2024-04-23 16:03:28
Latest join2025-04-23 18:46:40
Combined installs1,500,000
Sample plugins
SlugActive installsFirst commit at
instagram-feed1,000,0002024-06-12 11:35:17
custom-facebook-feed200,0002025-04-23 18:46:40
custom-twitter-feeds100,0002024-10-03 14:09:24
feeds-for-youtube100,0002024-04-23 16:03:28
reviews-feed100,0002024-04-25 15:14:13
View raw JSON
{
    "committer": "ahmedgeek",
    "member_since": "2010-04-21",
    "plugins_joined": 5,
    "spread_days": 365,
    "earliest_join": "2024-04-23 16:03:28",
    "latest_join": "2025-04-23 18:46:40",
    "combined_installs": 1500000,
    "sample_plugins": [
        {
            "slug": "instagram-feed",
            "active_installs": 1000000,
            "first_commit_at": "2024-06-12 11:35:17"
        },
        {
            "slug": "custom-facebook-feed",
            "active_installs": 200000,
            "first_commit_at": "2025-04-23 18:46:40"
        },
        {
            "slug": "custom-twitter-feeds",
            "active_installs": 100000,
            "first_commit_at": "2024-10-03 14:09:24"
        },
        {
            "slug": "feeds-for-youtube",
            "active_installs": 100000,
            "first_commit_at": "2024-04-23 16:03:28"
        },
        {
            "slug": "reviews-feed",
            "active_installs": 100000,
            "first_commit_at": "2024-04-25 15:14:13"
        }
    ]
}

Plugins authored (106)

Plugin Version Installs Last updated Status
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More ·wpforms-lite 1.10.0.4 6M+ 1mo ago Active
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin ·wp-mail-smtp 4.8.0 4M+ 1mo ago Active
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic ·all-in-one-seo-pack 4.9.6.2 3M+ 1mo ago Active
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager ·insert-headers-and-footers 2.3.5 3M+ 2mo ago Active
Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More ·duplicator 1.5.16 1M+ 2mo ago Active
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation ·optinmonster 2.16.22 1M+ 6mo ago Active
One Click Demo Import ·one-click-demo-import 3.4.1 1M+ 1mo ago Active
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin ·instagram-feed 6.10.1 1M+ 2mo ago Active
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more ·easy-wp-smtp 2.14.0 500k+ 1mo ago Active
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery ·nextgen-gallery 4.2.0 400k+ 28d ago Active
WP Mail Logging ·wp-mail-logging 1.16.0 300k+ 3mo ago Active
PDF Embedder ·pdf-embedder 4.9.3 300k+ 4mo ago Active
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) ·google-analytics-dashboard-for-wp 9.1.3 300k+ 1mo ago Active
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress ·custom-facebook-feed 4.7.6 200k+ 2mo ago Active
Table of Contents Plus ·table-of-contents-plus 2411.1 200k+ 1y ago Active
UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds ·userfeedback-lite 1.11.1 200k+ 2mo ago Active
Custom Twitter Feeds – A Tweets Widget or X Feed Widget ·custom-twitter-feeds 2.5.5 100k+ 22d ago Active
WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA) ·wpconsent-cookies-banner-privacy-suite 1.1.5 100k+ 28d ago Active
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More ·envira-gallery-lite 1.12.5 100k+ 29d ago Active
Feeds for YouTube (YouTube video, channel, and gallery plugin) ·feeds-for-youtube 2.6.5 100k+ 29d ago Active
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More ·reviews-feed 2.5.4 100k+ 27d ago Active
Feeds for TikTok (TikTok feed, video, and gallery plugin) ·feeds-for-tiktok 1.5.1 70k+ 29d ago Active
Sydney Toolbox ·sydney-toolbox 1.36 50k+ 1y ago Active
SearchWP Live Ajax Search ·searchwp-live-ajax-search 1.8.7 50k+ 5mo ago Active
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy ·easy-digital-downloads 3.6.7 40k+ 1mo ago Active
WP Call Button – Easy Click to Call Button for WordPress ·wp-call-button 1.4.4 40k+ 2mo ago Active
aThemes Starter Sites ·athemes-starter-sites 1.1.8 40k+ 29d ago Active
WP Lightbox 2 ·wp-lightbox-2 3.0.7 30k+ 3mo ago Active
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers ·rafflepress 1.12.22 30k+ 1mo ago Active
Contact Form & SMTP Plugin for WordPress by PirateForms ·pirate-forms 2.6.1 30k+ 1y ago Active
Slider by Soliloquy – Responsive Image Slider for WordPress ·soliloquy-lite 2.8.1 30k+ 6mo ago Active
FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin ·trustpulse-api 1.2.5 20k+ 9mo ago Active
Transients Manager ·transients-manager 2.0.7 20k+ 1y ago Active
Change Mail Sender ·cb-change-mail-sender 1.3.0 20k+ 1y ago Active
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More ·charitable 1.8.10.4 10k+ 1mo ago Active
Pre-Orders, Product Labels, Buy Now, Quick View, Discount Rules and More for WooCommerce – Merchant ·merchant 2.2.5 10k+ 1mo ago Active
Login for Google Apps ·google-apps-login 3.5.2 10k+ 1y ago Active
PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget ·pushengage 4.2.1 10k+ 2mo ago Active
WP101 Video Tutorial Plugin ·wp101 5.4.1 10k+ 1y ago Active
Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform ·sugar-calendar-lite 3.11.0 10k+ 1mo ago Active
Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe ·stripe 4.17.1 9k+ 1mo ago Active
aThemes Addons for Elementor ·athemes-addons-for-elementor-lite 1.1.8 8k+ 2mo ago Active
aThemes Blocks ·athemes-blocks 1.1.4 6k+ 5mo ago Active
SearchWP Modal Search Form ·searchwp-modal-search-form 0.5.7 5k+ 5mo ago Active
Embed Files from Google Drive ·google-drive-embedder 5.3.0 5k+ 1y ago Active
Intranet & Private Site – All-In-One Intranet ·all-in-one-intranet 1.8.1 4k+ 2mo ago Active
Disable New User Notification Emails ·disable-new-user-notifications 2.0.0 4k+ 4y ago Active
Gallery Carousel Without JetPack ·carousel-without-jetpack 0.7.5 4k+ 8y ago Active
AffiliateWP – Affiliate Area Tabs ·affiliatewp-affiliate-area-tabs 1.4.2 4k+ 1y ago Active
Athemes Toolbox ·athemes-toolbox 1.08 3k+ 5y ago Active
Compact Archives ·compact-archives 4.1.1 2k+ 3mo ago Active
Affiliate Area Shortcodes by AffiliateWP ·affiliatewp-affiliate-area-shortcodes 1.3.1 2k+ 8mo ago Active
AffiliateWP – Affiliate Product Rates ·affiliatewp-affiliate-product-rates 1.2.1 2k+ 1y ago Active
AffiliateWP – Order Details For Affiliates ·affiliatewp-order-details-for-affiliates 1.3.0 2k+ 1y ago Active
AffiliateWP – Leaderboard ·affiliatewp-leaderboard 1.2.0 1k+ 1y ago Active
Airi Demo Importer ·airi-demo-importer 1.0.3 1k+ 5y ago Active
AffiliateWP – Affiliate Info ·affiliatewp-affiliate-info 1.2.0 1k+ 1y ago Active
AffiliateWP – Allowed Products ·affiliatewp-allowed-products 1.3.0 1k+ 1y ago Active
AffiliateWP – WooCommerce Redirect Affiliates ·affiliatewp-woocommerce-redirect-affiliates 1.2.1 1k+ 1y ago Active
EDD Auto Register ·edd-auto-register 1.4.5 1k+ 2y ago Active
Batch Comment Spam Deletion ·batch-comment-spam-deletion 1.0.6 1k+ 8y ago Active
BuddyPress for LearnDash ·buddypress-learndash 1.3.0 1k+ 5y ago Active
AffiliateWP – External Referral Links ·affiliatewp-external-referral-links 1.2.2 800 8mo ago Active
BP Auto Group Join ·bp-auto-group-join 1.0.4 800 5y ago Active
BuddyPress Edit Activity ·buddypress-edit-activity 1.1.1 800 6y ago Active
AffiliateWP – Allow Own Referrals ·affiliatewp-allow-own-referrals 1.2.1 700 1y ago Active
AffiliateWP Checkout Referrals ·affiliatewp-checkout-referrals 1.2.2 600 1y ago Active
Force Plugin Updates Check ·force-plugin-updates-check 1.0.2 500 8y ago Active
Simple Post Expiration ·simple-post-expiration 1.0.1 500 9y ago Active
Beacon Lead Magnets and Lead Capture ·beacon-by 1.5.9 500 5mo ago Active
AffiliateWP – Store Credit ·affiliatewp-store-credit 2.6.2 500 1y ago Active
AffiliateWP – Force Pending Referrals ·affiliatewp-force-pending-referrals 1.2.0 500 1y ago Active
All in One SEO Pack Importer ·all-in-one-seo-pack-importer .1.5.2 500 7y ago Active
AffiliateWP – Sign Up Bonus ·affiliatewp-sign-up-bonus 1.3.1 400 1y ago Active
Disable All WP Updates ·disable-all-wp-updates 1.1.0 400 4y ago Active
WPChat – Live Chat & Messaging Widget for Customer Support ·smashballoon-wpchat-livechat-customer-support 1.3.1 300 1mo ago Active
WPControl – The Easiest Optimization Plugin for WordPress ·wpcontrol 1.0.1 200 4y ago Active
bbPress GDPR ·bbp-gdpr 1.0.2 100 6y ago Active
Easy Digital Downloads – Terms Per Product ·edd-terms-per-product 1.0.7 100 5y ago Active
FT Calendar ·ft-calendar 1.6.1.1 100 7y ago Active
Restrict Uploads ·restrict-uploads 0.1.1 100 14y ago Active
Simple Notices ·simple-notices 1.0.7 100 10y ago Active
BuddyPress GDPR ·bp-gdpr 1.0.1 90 6y ago Active
BuddyPress for Sensei ·sensei-buddypress 1.2.3 80 7y ago Active
Easy Digital Downloads – Continue Shopping ·easy-digital-downloads-continue-shopping 1.0.4 70 5y ago Active
Featured Comments ·feature-comments 1.2.6 30 9y ago Active
Easy Digital Downloads – Digital Badge ·edd-digital-badge 1.0 30 9y ago Active
Prevent Skype Overwriting ·prevent-skype-overwriting 0.1 30 14y ago Active
Love It ·love-it 1.0.5 20 10y ago Active
EDD TaxJar ·edd-taxjar 1.0.2 10 5y ago Active
Easy Digital Downloads – Lock Downloads to IP ·easy-digital-downloads-lock-downloads-to-ip 1.0.1 10 5y ago Active
Easy Digital Downloads – Software Licensing – Renew All ·edd-sl-renew-all 1.0.2 10 10y ago Active
EDD – Status Board ·edd-status-board 1.1.9 10 5y ago Active
WordPress Full Screen Search Overlay ·full-screen-search-overlay 1.0.1 Closed
Sugar Calendar – WP All Import Add-on ·sugar-calendar-wp-all-import 1.0.1 Closed
Sugar Calendar – Google Maps ·sugar-event-calendar-google-maps 1.4.1 Closed
Sugar Calendar – Gravity Forms Bridge ·sugar-event-calendar-gravity-forms 1.2.0 Closed
Floating Social Bar ·floating-social-bar 1.1.7 Closed
Facebook Open Graph Meta in WordPress ·facebook-open-graph-meta-in-wordpress 0.2 Closed
AffiliateWP – Show Affiliate Coupons ·affiliatewp-show-affiliate-coupons 1.0.7 Closed
EZP Coming Soon Page ·easy-pie-coming-soon 1.0.7.4 Closed
EZP Maintenance Mode ·easy-pie-maintenance-mode 1.0.2 Closed
ActiveLayer Anti-Spam: Spam Protection for Forms & Comments ·activelayer-anti-spam-spam-protection-for-forms-comments 1.1.0 1mo ago Active
SimpleMap Store Locator ·simplemap 2.6.1 Closed
YouTube Subscribe Bar ·subscribe-bar-youtube 1.1.0 Closed
Google Analytics Dashboard ·google-analytics-dashboard 2.1.1 Closed

SVN commit access (11)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Gallery Carousel Without JetPack smub 4k+ 23 13y ago 13y ago Active
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) chriscct7 2M+ 7 10y ago 10y ago Active
Restrict Uploads smub 100 7 14y ago 14y ago Active
WordPress Full Screen Search Overlay smub 4 10y ago 10y ago Closed
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin smub 4M+ 4 8y ago 8y ago Active
Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation smub 1M+ 4 5y ago 5y ago Active
WP Lightbox 2 smub 30k+ 4 10y ago 10y ago Active
Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More smub 100k+ 3 8y ago 8y ago Active
Prevent Skype Overwriting smub 30 3 14y ago 14y ago Active
Slider by Soliloquy – Responsive Image Slider for WordPress smub 30k+ 2 8y ago 8y ago Active
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More smub 6M+ 1 9y ago 7y ago Active

Contributor on other plugins (31)

Plugins where this account is listed in the readme contributors (distinct from SVN commit access).

Plugin Primary author Version Installs
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) chriscct7 10.1.3 2M+
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode seedprod 6.20.0 700k+
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links aioseo 1.2.10 300k+
Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce jkohlbach 13.5.4 80k+
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin uncannyowl 7.2.3 50k+
Missed Scheduled Posts Publisher by WPBeginner wpbeginner 2.1.1 30k+
File Upload Types by WPForms jaredatch 1.5.0 30k+
WP Editor benjaminprojas 1.2.9.3 20k+
Advanced Coupons for WooCommerce Coupons & Store Credit jkohlbach 4.7.2 20k+
Search & Replace Everything by WPCode – Find and Replace Media, Text, Links, and More wpcodeteam 1.0.9 20k+
Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices jkohlbach 2.2.7.2 20k+
Store Toolkit – WooCommerce Extensions, Quick Enhancements & Handy Tools jkohlbach 2.4.4 8k+
Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers jkohlbach 2.7.8 7k+
WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors wcvendors 2.6.8 4k+
All In One SEO Pack for WooCommerce jkohlbach 1.3.4 3k+
Invoice Gateway for WooCommerce – Invoice Payment Gateway jkohlbach 1.1.5 2k+
Import Shopify To WP wpbeginner 1.0.1 700
EDD Hide Download sumobi 1.2.11.1 600
Last Viewed Posts by WPBeginner jottlieb 1.0.2 500
Vibe AI – MCP Server for WordPress. Connect Claude, ChatGPT & Cursor seedprod 1.2.1 400
StoreAgent – WooCommerce AI Chatbot & AI Content Tools jkohlbach 1.1.4 300
Easy Digital Downloads – Additional Shortcodes cklosows 1.4.2 300
SaveTo Wishlist Lite – WooCommerce Wishlist jkohlbach 1.0.5 200
Database Reset Pro – Clean & Reset WordPress Database seedprod 1.0.2 200
Comment Moderation Role by WPBeginner wpbeginner 1.1.2 200
Duplicate Post by AIOSEO – Easily Clone and Republish Content aioseo 1.0.0 100
Easy Digital Downloads – Variable Pricing Descriptions sumobi 1.1 100
MyPayKit – Payment Forms for Square seedprod 1.0.9 70
Sugar Calendar Bookings Scheduling Appointments Lite sugarcalendar 1.4.0 20
jQuery Tabber Widget noumaan 1.0.2 10
ClickSocial – Social Media Scheduler & Poster smashballoon 1.3.1