WP Beacon

aapanel WP Toolkit

aapanel-wp-toolkit · by aapanel · wordpress.org ↗ · SVN ↗
Active installs
1k+
Current version
1.2
Added
2025-02-10
Last updated
2025-07-29 (9mo ago)
First seen by beacon
11d ago
Total downloads
4,374

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern Resolved · false_positive_defensive_string_check 2026-04-30 15:25:31 (2d ago)
Slugaapanel-wp-toolkit
Patternserialized_admin_role
Kindbuiltin
Version1.2
Hit count1
First hit
File
includes/class-aapanel-wp-toolkit-agent.php
Line
47
Snippet
$user_id = $wpdb->get_var("select `user_id` from " . $wpdb->usermeta . " where `meta_key` = '" . $wpdb->prefix . "capabilities' and `meta_value` like '%s:13:\"administrator\";b:1;%'"); // retrieve s
Explanationplugin source contains `s:13:"administrator"` — the PHP-serialized representation of the `administrator` role meta value. Used to bypass `wp_insert_user()` by writing directly to `wp_usermeta` with a hand-crafted capabilities string. Near-zero FP because legit code uses `WP_User::set_role()` instead of building the serialized form by hand.
View raw JSON
{
    "slug": "aapanel-wp-toolkit",
    "pattern": "serialized_admin_role",
    "kind": "builtin",
    "version": "1.2",
    "hit_count": 1,
    "first_hit": {
        "file": "includes/class-aapanel-wp-toolkit-agent.php",
        "line": 47,
        "snippet": "$user_id = $wpdb->get_var(\"select `user_id` from \" . $wpdb->usermeta . \" where `meta_key` = '\" . $wpdb->prefix . \"capabilities' and `meta_value` like '%s:13:\\\"administrator\\\";b:1;%'\"); // retrieve s"
    },
    "explanation": "plugin source contains `s:13:\"administrator\"` \u2014 the PHP-serialized representation of the `administrator` role meta value. Used to bypass `wp_insert_user()` by writing directly to `wp_usermeta` with a hand-crafted capabilities string. Near-zero FP because legit code uses `WP_User::set_role()` instead of building the serialized form by hand."
}

SVN committers (2)

Accounts with actual commit access to aapanel-wp-toolkit on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
aapanel 2024-08-08 14 2025-02-10 · r3237706 2025-07-29 · r3335634
plugin-master 2007-03-09 1 2025-01-06 · r3217828 2025-01-06 · r3217828

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
aapanel 2024-08-08 14 commits Active

Versions (3 most recent)

Version Released Download
1.2 2025-07-29 · 9mo ago zip
1.1 2025-07-29 · 9mo ago zip
1.0 2025-02-10 · 1y ago zip