WP Beacon

Dmitry V. (CEO of "UKR Solution")

@ukrsolution · wordpress.org profile ↗
Member since
2016-01-08
Location
Employer
UKR Solution
Job title
CEO
Authored
5
SVN commit access
3
Readme contributor
0
Combined install base
3k+ across 5 plugins

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) Resolved · benign_architectural_concern 2d ago
Slugbarcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Patternunserialize_after_remote_call
Kindbuiltin
Version1.12.1
Hit count1
First hit
File
src/features/updater/WpAutoUpdate.php
Line
149
Snippet
L146: $request = wp_remote_post($this->update_path, $params); → L149: $serverData = @unserialize($request['body']);
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.12.1",
    "hit_count": 1,
    "first_hit": {
        "file": "src/features/updater/WpAutoUpdate.php",
        "line": 149,
        "snippet": "L146: $request = wp_remote_post($this->update_path, $params);  \u2192  L149: $serverData = @unserialize($request['body']);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}
Critical code_pattern Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce Resolved · benign_architectural_concern 2d ago
Sluga4-barcode-generator
Patternunserialize_after_remote_call
Kindbuiltin
Version3.4.12
Hit count1
First hit
File
class/Updater/WpAutoUpdate.php
Line
148
Snippet
L145: $request = wp_remote_post($this->update_path, $params); → L148: $serverData = @unserialize($request['body']);
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "a4-barcode-generator",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.4.12",
    "hit_count": 1,
    "first_hit": {
        "file": "class/Updater/WpAutoUpdate.php",
        "line": 148,
        "snippet": "L145: $request = wp_remote_post($this->update_path, $params);  \u2192  L148: $serverData = @unserialize($request['body']);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

Plugins authored (5)

Plugin Version Installs Last updated Status
Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) ·barcode-scanner-lite-pos-to-manage-products-inventory-and-orders 1.12.1 1k+ 8d ago Active
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce ·a4-barcode-generator 3.4.12 1k+ 7mo ago Active
UPC/EAN/GTIN Barcode Generator/Importer ·upc-ean-barcode-generator 2.0.4 500 6mo ago Active
Barcode Generator for WooCommerce – Show barcodes on products, orders, invoices and other pages ·embedding-barcodes-into-product-pages-and-orders 2.0.5 300 9mo ago Active
Price Comparison Shopping Engine ·price-comparison-shopping-engine 1.0.7 10 8y ago Active

SVN commit access (3)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce ukrsolution 1k+ 370 9y ago 7mo ago Active
Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) ukrsolution 1k+ 148 4y ago 8d ago Active
UPC/EAN/GTIN Barcode Generator/Importer ukrsolution 500 28 4y ago 6mo ago Active