WP Beacon

Themeum

@themeum · wordpress.org profile ↗
Member since
2014-03-12
Location
Ollyo, Holding - 1, Patira, Dhaka - 1229, Bangladesh
Employer
Themeum
Job title
Authored
16 (3 closed)
SVN commit access
11
Readme contributor
0
Combined install base
664k+ across 16 plugins

Alerts (0)

No open alerts.

Show 3 resolved alerts
Critical code_pattern Kirki – Freeform Website Builder & Customizer Resolved · no_longer_matches 7d ago
Slugkirki
Patternunserialize_after_remote_call
Kindbuiltin
Version5.2.3
Hit count3
First hit
File
customizer/packages/controls/tabs/edd/EDD_SL_Plugin_Updater.php
Line
545
Snippet
L527: $request = wp_remote_post( → L545: $request->sections = maybe_unserialize( $request->sections );
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "kirki",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "5.2.3",
    "hit_count": 3,
    "first_hit": {
        "file": "customizer/packages/controls/tabs/edd/EDD_SL_Plugin_Updater.php",
        "line": 545,
        "snippet": "L527: $request = wp_remote_post(  \u2192  L545: $request->sections = maybe_unserialize( $request->sections );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta Kirki – Freeform Website Builder & Customizer Resolved · fp_edd_updater_library 7d ago
Slugkirki
Previous version5.2.3
Current version5.2.3
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltincustomizer/packages/controls/tabs/edd/EDD_SL_Plugin_Updater.php545L527: $request = wp_remote_post( → L545: $request->sections = maybe_unserialize( $request->sections );high
unserialize_after_remote_callbuiltincustomizer/packages/controls/tabs/edd/EDD_SL_Plugin_Updater.php551L542: $request = json_decode( wp_remote_retrieve_body( $request ) ); → L551: $request->banners = maybe_unserialize( $request->banners );high
unserialize_after_remote_callbuiltincustomizer/packages/controls/tabs/edd/EDD_SL_Plugin_Updater.php555L542: $request = json_decode( wp_remote_retrieve_body( $request ) ); → L555: $request->icons = maybe_unserialize( $request->icons );high
New finding count3
View raw JSON
{
    "slug": "kirki",
    "previous_version": "5.2.3",
    "current_version": "5.2.3",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "customizer/packages/controls/tabs/edd/EDD_SL_Plugin_Updater.php",
            "line": 545,
            "snippet": "L527: $request = wp_remote_post(  \u2192  L545: $request->sections = maybe_unserialize( $request->sections );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "customizer/packages/controls/tabs/edd/EDD_SL_Plugin_Updater.php",
            "line": 551,
            "snippet": "L542: $request = json_decode( wp_remote_retrieve_body( $request ) );  \u2192  L551: $request->banners = maybe_unserialize( $request->banners );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "customizer/packages/controls/tabs/edd/EDD_SL_Plugin_Updater.php",
            "line": 555,
            "snippet": "L542: $request = json_decode( wp_remote_retrieve_body( $request ) );  \u2192  L555: $request->icons = maybe_unserialize( $request->icons );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}
High committer_younger_than_plugin Kirki – Freeform Website Builder & Customizer Resolved · benign_company_employee 5d ago
Slugkirki
Committer slugdeployer
Committer display namedeployer.seravo.com
Committer employer
Committer member since2015-08-08
Committer first commit2016-03-20 19:52:01
Committer commit count2
Plugin listed authorthemeum
Earliest plugin commit2014-05-27 21:36:58
Plugin age at join days662
Committer age at join days225
Active installs500,000
View raw JSON
{
    "slug": "kirki",
    "committer_slug": "deployer",
    "committer_display_name": "deployer.seravo.com",
    "committer_employer": null,
    "committer_member_since": "2015-08-08",
    "committer_first_commit": "2016-03-20 19:52:01",
    "committer_commit_count": 2,
    "plugin_listed_author": "themeum",
    "earliest_plugin_commit": "2014-05-27 21:36:58",
    "plugin_age_at_join_days": 662,
    "committer_age_at_join_days": 225,
    "active_installs": 500000
}

Plugins authored (16)

Plugin Version Installs Last updated Status
Kirki – Freeform Website Builder & Customizer ·kirki 6.0.2 500k+ 2d ago Active
Tutor LMS – eLearning and online course solution ·tutor 3.9.10 100k+ 3d ago Active
Tutor LMS Elementor Addons ·tutor-lms-elementor-addons 3.0.2 30k+ 2mo ago Active
TutorMate ·tutormate 3.0.1 10k+ 11mo ago Active
WP Mega Menu ·wp-megamenu 1.4.2 9k+ 4y ago Active
Qubely – Advanced Gutenberg Blocks ·qubely 1.8.14 8k+ 1y ago Active
WP Crowdfunding ·wp-crowdfunding 2.1.17 3k+ 9mo ago Active
Tutor LMS – Migration Tool ·tutor-lms-migration-tool 2.4.1 1k+ 5mo ago Active
Tutor LMS BunnyNet Integration ·tutor-lms-bunnynet-integration 1.0.1 1k+ 1mo ago Active
Certificate customizer for Tutor LMS ·certificate-customizer-for-tutor-lms 1.0.1 1k+ 4y ago Active
Tutor LMS Divi Modules ·tutor-lms-divi-modules 3.0.0 1k+ 1y ago Active
Oxygen Tutor LMS ·oxygen-tutor-lms 2.0.3 200 3y ago Active
Growfund – Ultimate Donation & Crowdfunding Solution ·growfund 1.0.11 50 26d ago Active
WP Support Desk ·wp-support-desk 1.1.1 Closed
WP Page Builder ·wp-pagebuilder 1.2.8 Closed
Sales Booster for WooCommerce ·sales-booster-for-woocommerce 1.0.0 Closed

SVN commit access (11)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Qubely – Advanced Gutenberg Blocks themeum 8k+ 116 7y ago 1y ago Active
WP Crowdfunding themeum 3k+ 73 8y ago 9mo ago Active
WP Mega Menu themeum 9k+ 72 8y ago 4y ago Active
Tutor LMS Elementor Addons themeum 30k+ 31 5y ago 2mo ago Active
Tutor LMS – Migration Tool themeum 1k+ 22 6y ago 5mo ago Active
TutorMate themeum 10k+ 9 4y ago 11mo ago Active
Tutor LMS Divi Modules themeum 1k+ 6 4y ago 1y ago Active
Certificate customizer for Tutor LMS themeum 1k+ 5 6y ago 4y ago Active
Tutor LMS BunnyNet Integration themeum 1k+ 4 3y ago 1mo ago Active
Tutor LMS – eLearning and online course solution themeum 100k+ 1 7y ago 3d ago Active
Kirki – Freeform Website Builder & Customizer themeum 500k+ 1 2y ago 2d ago Active