ZealousWeb

@zealopensource · wordpress.org profile ↗

Member since: 2015-04-01
Location: Ahmedabad, Gujarat - 380015. India
Employer: ZealousWeb
Job title: Open Source Plugins Library - WordPress, Magento & Joomla
Authored: 21 (2 closed)
SVN commit access: 12
Readme contributor: 0
Combined install base: 7k+ across 21 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert

Critical code_pattern Abandoned Contact Form 7 Resolved · vendor_self_update_zealousweb_legit 1mo ago

Slug	abandoned-contact-form-7
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`2.2`
Hit count	1
First hit	File `inc/class.cf7af.update.php` Line 162 Snippet L155: $request = wp_remote_post( $this->update_path, $params ); → L162: return @unserialize( $request['body'] );
Explanation	a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.

View raw JSON

{
    "slug": "abandoned-contact-form-7",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "2.2",
    "hit_count": 1,
    "first_hit": {
        "file": "inc/class.cf7af.update.php",
        "line": 162,
        "snippet": "L155: $request = wp_remote_post( $this->update_path, $params );  \u2192  L162: return @unserialize( $request['body'] );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

Plugins authored (21)

Plugin	Version	Installs	Last updated	Status
Generate PDF using Contact Form 7 ·`generate-pdf-using-contact-form-7`	4.1.6	4k+	8mo ago	Active
Track Geolocation Of Users Using Contact Form 7 ·`track-geolocation-of-users-using-contact-form-7`	3.0.2	900	6d ago	Active
Accept PayPal Payments using Contact Form 7 ·`contact-form-7-paypal-extension`	4.0.6	600	9d ago	Active
User Registration Using Contact Form 7 ·`user-registration-using-contact-form-7`	2.7	500	6d ago	Active
Embed Videos For Product Image Gallery Using WooCommerce ·`woocommerce-embed-videos-to-product-image-gallery`	3.7	400	5mo ago	Active
Accept Stripe Payments Using Contact Form 7 ·`accept-stripe-payments-using-contact-form-7`	3.3	100	5mo ago	Active
Smart Showcase for Google Reviews ·`smart-showcase-for-google-reviews`	1.0.7	100	8d ago	Active
Accept Authorize.NET Payments Using Contact Form 7 ·`accept-authorize-net-payments-using-contact-form-7`	2.9	100	6d ago	Active
Abandoned Contact Form 7 ·`abandoned-contact-form-7`	2.4	100	22d ago	Active
Customer who viewed this item also viewed using Woocommerce ·`woocommerce-customer-who-viewed-this-item-also-viewed`	3.4	50	5mo ago	Active
Accept Elavon Payments using Contact Form 7 ·`contact-form-7-elavon-converge`	3.5	30	1y ago	Active
Video Lightbox For Guten Blocks ·`video-lightbox-for-guten-blocks`	1.0.5	20	7d ago	Active
Grid Masonry for Guten blocks ·`grid-masonry-for-guten-blocks`	1.0.7	20	7d ago	Active
Push Notifications For Web ·`push-notifications-for-web`	2.0	10	9mo ago	Active
Media Carousel for Guten Blocks ·`media-carousel-for-guten-blocks`	1.0.4	10	7d ago	Active
Repeater Entries Widget ·`repeater-entries-widget`	1.6	10	5mo ago	Active
Accept SagePay Payments Using Contact Form 7 ·`accept-sagepay-payments-using-contact-form-7`	2.2	10	1y ago	Active
Accept 2Checkout Payments Using Contact Form 7 ·`accept-2checkout-payments-using-contact-form-7`	1.7	10	5mo ago	Active
Smart Appointment & Booking ·`smart-appointment-booking`	2.0.2	—	6d ago	Active
accept-qpay-payments-using-contact-form-7 ·`accept-qpay-payments-using-contact-form-7`	1.1	—	—	Closed
accept-worldpay-payments-using-contact-form-7 ·`accept-worldpay-payments-using-contact-form-7`	1.1	—	—	Closed

SVN commit access (12)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
Embed Videos For Product Image Gallery Using WooCommerce	zealopensource	400	134	11y ago	5mo ago	Active
Generate PDF using Contact Form 7	zealopensource	4k+	132	6y ago	8mo ago	Active
Customer who viewed this item also viewed using Woocommerce	zealopensource	50	95	11y ago	5mo ago	Active
Accept Elavon Payments using Contact Form 7	zealopensource	30	71	10y ago	1y ago	Active
Accept Stripe Payments Using Contact Form 7	zealopensource	100	63	5y ago	5mo ago	Active
Grid Masonry for Guten blocks	zealopensource	20	18	2y ago	9mo ago	Active
Abandoned Contact Form 7	zealopensource	100	2	5y ago	22d ago	Active
User Registration Using Contact Form 7	zealopensource	500	1	5y ago	6d ago	Active
Accept Authorize.NET Payments Using Contact Form 7	zealopensource	100	1	5y ago	6d ago	Active
Smart Showcase for Google Reviews	zealopensource	100	1	1y ago	8d ago	Active
Accept PayPal Payments using Contact Form 7	zealopensource	600	1	11y ago	9d ago	Active
Track Geolocation Of Users Using Contact Form 7	zealopensource	900	1	5y ago	6d ago	Active