WP Beacon

Spacetime

@spacetime · wordpress.org profile ↗
Member since
2010-11-13
Location
Employer
Job title
Authored
1
SVN commit access
1
Readme contributor
0
Combined install base
300k+ across 1 plugins

Alerts (0)

No open alerts.

Show 3 resolved alerts
Critical code_pattern Ad Inserter – Ad Manager & AdSense Ads Resolved · oos_vuln_security_finder 5d ago
Slugad-inserter
Patternunserialize_after_remote_call
Kindbuiltin
Version2.8.13
Hit count1
First hit
File
ad-inserter.php
Line
7,294
Snippet
L7293: $response = wp_remote_post ($url, array ('body' => $request)); → L7294: $plugin_info = @unserialize ($response ['body']);
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "ad-inserter",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "2.8.13",
    "hit_count": 1,
    "first_hit": {
        "file": "ad-inserter.php",
        "line": 7294,
        "snippet": "L7293: $response = wp_remote_post ($url, array ('body' => $request));  \u2192  L7294: $plugin_info = @unserialize ($response ['body']);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}
Critical code_scan_delta Ad Inserter – Ad Manager & AdSense Ads Resolved · fp_wporg_official_api 7d ago
Slugad-inserter
Previous version2.8.13
Current version2.8.13
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinad-inserter.php7,294L7293: $response = wp_remote_post ($url, array ('body' => $request)); → L7294: $plugin_info = @unserialize ($response ['body']);high
New finding count1
View raw JSON
{
    "slug": "ad-inserter",
    "previous_version": "2.8.13",
    "current_version": "2.8.13",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "ad-inserter.php",
            "line": 7294,
            "snippet": "L7293: $response = wp_remote_post ($url, array ('body' => $request));  \u2192  L7294: $plugin_info = @unserialize ($response ['body']);",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}
Medium code_scan_match Ad Inserter – Ad Manager & AdSense Ads Resolved · fp_w3tc_codegen_template 5d ago
Slugad-inserter
Finding count86
Findings
PatternKindFileLineSnippetConfidence
eval_callbuiltinclass.php644eval ("?>". $code . "<?php ");medium
base64_decodebuiltinclass.php2,792$this->w3tc_code = '$ai_code = base64_decode (\''.base64_encode ($code).'\'); $ai_enabled = true;';medium
base64_decodebuiltinclass.php2,810$w3tc_code .= 'echo base64_decode (\'' . base64_encode ($html_code) . '\');';medium
base64_decodebuiltinclass.php2,854$base64_code .= 'echo base64_decode (\'' . base64_encode ($html_code) . '\');';medium
base64_decodebuiltinclass.php3,985$ai_wp_data [AI_ACTIVE_GROUP_NAMES] = array_merge ($ai_wp_data [AI_ACTIVE_GROUP_NAMES], json_decode (base64_decode ($matches [1])));medium
base64_decodebuiltinclass.php3,988if (($ai_wp_data [AI_WP_DEBUGGING] & AI_DEBUG_PROCESSING) != 0) ai_log ('ACTIVATED GROUPS: "' . implode (', ', json_decode (base64_decode ($matches [1]))) . '"');medium
base64_decodebuiltinclass.php3,993$processed_code = $debug_list->bar (__('ACTIVATED GROUPS', 'ad-inserter') . ': ' . implode (', ', json_decode (base64_decode ($matches [1]))), '', '') . $processed_code;medium
base64_decodebuiltinclass.php4,088$current_group_name = implode (', ', json_decode (base64_decode ($matches [1])));medium
base64_decodebuiltinclass.php4,139$ad_index_code = ' global $ai_groups; $ai_index = 0; if (isset ($ai_groups) && count ($ai_groups) != 0) {foreach ($ai_groups as $group_name) {foreach (unserialize (base64_decode (\''.medium
base64_decodebuiltinclass.php4,162$this->w3tc_code .= '$ai_code = unserialize (base64_decode (\''.base64_encode (serialize ($ads)).'\'));'.$ad_index_code;medium
base64_decodebuiltinclass.php4,171$this->w3tc_code .= ' if ($ai_index != 0) {$version_names = unserialize (base64_decode (\''.base64_encode (serialize ($this->rotate_names)).'\')); $ai_version_name = $version_names [$ai_inmedium
base64_decodebuiltinclass.php4,177$this->w3tc_code .= ' if ($ai_enabled) {$groups_marker = base64_decode (\'' . base64_encode ($groups_marker) .medium
base64_decodebuiltinclass.php4,178'\'); global $ai_groups; if (preg_match ($groups_marker, $ai_code, $matches)) {if (!isset ($ai_groups)) $ai_groups = array (); $ai_groups = array_merge ($ai_groups, json_decode (base64medium
base64_decodebuiltinclass.php4,268$this->w3tc_code .= '$ai_amp_separator = base64_decode (\'' . base64_encode (AD_AMP_SEPARATOR) . '\'); $ai_amp_page = ' . ($ai_wp_data [AI_WP_AMP_PAGE] ? 'true' : 'false') . '; $ai_amp_enablmedium
base64_decodebuiltinclass.php4,281$this->w3tc_code .= '$ai_head_separator = base64_decode (\'' . base64_encode (AD_HEAD_SEPARATOR) . '\');';medium
View raw JSON
{
    "slug": "ad-inserter",
    "finding_count": 86,
    "findings": [
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "class.php",
            "line": 644,
            "snippet": "eval (\"?>\". $code . \"<?php \");",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 2792,
            "snippet": "$this->w3tc_code = '$ai_code = base64_decode (\\''.base64_encode ($code).'\\'); $ai_enabled = true;';",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 2810,
            "snippet": "$w3tc_code .= 'echo base64_decode (\\'' . base64_encode ($html_code) . '\\');';",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 2854,
            "snippet": "$base64_code .= 'echo base64_decode (\\'' . base64_encode ($html_code) . '\\');';",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 3985,
            "snippet": "$ai_wp_data [AI_ACTIVE_GROUP_NAMES] = array_merge ($ai_wp_data [AI_ACTIVE_GROUP_NAMES], json_decode (base64_decode ($matches [1])));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 3988,
            "snippet": "if (($ai_wp_data [AI_WP_DEBUGGING] & AI_DEBUG_PROCESSING) != 0) ai_log ('ACTIVATED GROUPS: \"' . implode (', ', json_decode (base64_decode ($matches [1]))) . '\"');",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 3993,
            "snippet": "$processed_code = $debug_list->bar (__('ACTIVATED GROUPS', 'ad-inserter') . ': ' . implode (', ', json_decode (base64_decode ($matches [1]))), '', '') . $processed_code;",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 4088,
            "snippet": "$current_group_name = implode (', ', json_decode (base64_decode ($matches [1])));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 4139,
            "snippet": "$ad_index_code = ' global $ai_groups; $ai_index = 0; if (isset ($ai_groups) && count ($ai_groups) != 0) {foreach ($ai_groups as $group_name) {foreach (unserialize (base64_decode (\\''.",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 4162,
            "snippet": "$this->w3tc_code .= '$ai_code = unserialize (base64_decode (\\''.base64_encode (serialize ($ads)).'\\'));'.$ad_index_code;",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 4171,
            "snippet": "$this->w3tc_code .= ' if ($ai_index != 0) {$version_names = unserialize (base64_decode (\\''.base64_encode (serialize ($this->rotate_names)).'\\')); $ai_version_name = $version_names [$ai_in",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 4177,
            "snippet": "$this->w3tc_code .= ' if ($ai_enabled) {$groups_marker = base64_decode (\\'' . base64_encode ($groups_marker) .",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 4178,
            "snippet": "'\\'); global $ai_groups; if (preg_match ($groups_marker, $ai_code, $matches)) {if (!isset ($ai_groups)) $ai_groups = array (); $ai_groups = array_merge ($ai_groups, json_decode (base64",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 4268,
            "snippet": "$this->w3tc_code .= '$ai_amp_separator = base64_decode (\\'' . base64_encode (AD_AMP_SEPARATOR) . '\\'); $ai_amp_page = ' . ($ai_wp_data [AI_WP_AMP_PAGE] ? 'true' : 'false') . '; $ai_amp_enabl",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "class.php",
            "line": 4281,
            "snippet": "$this->w3tc_code .= '$ai_head_separator = base64_decode (\\'' . base64_encode (AD_HEAD_SEPARATOR) . '\\');';",
            "confidence": "medium"
        }
    ]
}

Plugins authored (1)

Plugin Version Installs Last updated Status
Ad Inserter – Ad Manager & AdSense Ads ·ad-inserter 2.8.13 300k+ 1mo ago Active

SVN commit access (1)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Ad Inserter – Ad Manager & AdSense Ads spacetime 300k+ 200 4y ago 7d ago Active