WP Beacon

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot · by quantumcloud · wordpress.org ↗ · SVN ↗
Active installs
6k+
Current version
8.2.5
Added
2018-08-30
Last updated
2026-05-01 (1d ago)
First seen by beacon
10d ago
Total downloads
1,235,102

Historical audits (1)

Past investigations, all resolved. No current threat.
  • Benign Audit #18 baseline 0.9.0 → head 8.2.4 2d ago

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern Resolved · audit:benign 2026-04-30 11:06:27 (2d ago)
Slugchatbot
Patternunserialize_after_remote_call
Kindbuiltin
Version8.2.4
Hit count2
First hit
File
includes/integration/openai/plugin-upgrader/classes/plugin-upgrader.php
Line
190
Snippet
L185: $request = wp_remote_post($this->update_path, $params ); → L190: return @unserialize( $request['body'] );
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "chatbot",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "8.2.4",
    "hit_count": 2,
    "first_hit": {
        "file": "includes/integration/openai/plugin-upgrader/classes/plugin-upgrader.php",
        "line": 190,
        "snippet": "L185: $request = wp_remote_post($this->update_path, $params );  \u2192  L190: return @unserialize( $request['body'] );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

SVN committers (1)

Accounts with actual commit access to chatbot on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
QuantumCloud 2011-12-11 1 2021-02-09 · r2471877 2026-04-29 · r3518409

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
QuantumCloud 2011-12-11 1 commits Active

Versions (100 most recent)

Version Released Download
8.2.5 zip
8.2.4 2026-04-29 · 3d ago zip
8.2.3 2026-04-28 · 4d ago zip
8.2.2 2026-04-24 · 8d ago zip
8.2.1 2026-04-23 · 9d ago
8.2.0 2026-04-16 · 16d ago
8.1.0 2026-04-14 · 18d ago zip
8.0.0 2026-04-13 · 19d ago zip
7.9.9 2026-04-09 · 23d ago zip
7.9.8 2026-04-07 · 25d ago zip
7.9.7 2026-04-06 · 26d ago zip
7.9.6 2026-04-03 · 29d ago zip
7.9.5 2026-04-02 · 1mo ago zip
7.9.4 2026-03-31 · 1mo ago zip
7.9.3 2026-03-27 · 1mo ago zip
7.9.2 2026-03-24 · 1mo ago zip
7.9.1 2026-03-19 · 1mo ago zip
7.9.0 2026-03-18 · 1mo ago zip
7.8.9 2026-03-16 · 1mo ago zip
7.8.8 2026-03-12 · 1mo ago zip
7.8.7 2026-03-10 · 1mo ago zip
7.8.6 2026-03-05 · 1mo ago zip
7.8.5 2026-03-03 · 2mo ago zip
7.8.4 2026-02-26 · 2mo ago zip
7.8.3 2026-02-24 · 2mo ago zip
7.8.2 2026-02-20 · 2mo ago zip
7.8.1 2026-02-19 · 2mo ago zip
7.8.0 2026-02-17 · 2mo ago zip
7.7.9 2026-02-13 · 2mo ago zip
7.7.8 2026-02-13 · 2mo ago zip
7.7.7 2026-02-10 · 2mo ago zip
7.7.6 2026-02-06 · 2mo ago zip
7.7.5 2026-02-03 · 2mo ago zip
7.7.4 2026-02-02 · 2mo ago zip
7.7.3 2026-01-23 · 3mo ago zip
7.7.2 2026-01-21 · 3mo ago zip
7.7.1 2026-01-20 · 3mo ago zip
7.7.0 2026-01-19 · 3mo ago zip
7.6.9 2026-01-15 · 3mo ago zip
7.6.8 2026-01-13 · 3mo ago zip
7.6.7 2026-01-08 · 3mo ago zip
7.6.6 2026-01-06 · 3mo ago zip
7.6.5 2026-01-01 · 4mo ago zip
7.6.4 2025-12-30 · 4mo ago zip
7.6.3 2025-12-24 · 4mo ago zip
7.6.2 2025-12-23 · 4mo ago zip
7.6.1 2025-12-19 · 4mo ago zip
7.6.0 2025-12-19 · 4mo ago zip
7.5.9 2025-12-18 · 4mo ago zip
7.5.8 2025-12-17 · 4mo ago zip
7.5.7 2025-12-15 · 4mo ago zip
7.5.6 2025-12-12 · 4mo ago zip
7.5.5 2025-12-11 · 4mo ago zip
7.5.4 2025-12-09 · 4mo ago zip
7.5.3 2025-12-04 · 4mo ago zip
7.5.2 2025-12-03 · 5mo ago zip
7.5.1 2025-12-01 · 5mo ago zip
7.5.0 2025-11-28 · 5mo ago zip
7.4.9 2025-11-27 · 5mo ago zip
7.4.8 2025-11-25 · 5mo ago zip
7.4.7 2025-11-21 · 5mo ago zip
7.4.6 2025-11-20 · 5mo ago zip
7.4.5 2025-11-18 · 5mo ago zip
7.4.4 2025-11-14 · 5mo ago zip
7.4.3 2025-11-12 · 5mo ago zip
7.4.2 2025-11-11 · 5mo ago zip
7.4.1 2025-11-10 · 5mo ago zip
7.4.0 2025-11-07 · 5mo ago zip
7.3.9 2025-11-06 · 5mo ago zip
7.3.8 2025-11-04 · 5mo ago zip
7.3.7 2025-11-03 · 6mo ago zip
7.3.6 2025-10-31 · 6mo ago zip
7.3.5 2025-10-28 · 6mo ago zip
7.3.4 2025-10-27 · 6mo ago zip
7.3.3 2025-10-27 · 6mo ago zip
7.3.2 2025-10-24 · 6mo ago zip
7.3.1 2025-10-23 · 6mo ago zip
7.3.0 2025-10-21 · 6mo ago zip
7.2.9 2025-10-17 · 6mo ago zip
7.2.8 2025-10-14 · 6mo ago zip
7.2.7 2025-10-14 · 6mo ago zip
7.2.6 2025-10-06 · 6mo ago zip
7.2.5 2025-10-06 · 6mo ago zip
7.2.4 2025-10-02 · 7mo ago zip
7.2.3 2025-09-30 · 7mo ago zip
7.2.2 2025-09-25 · 7mo ago zip
7.2.1 2025-09-23 · 7mo ago zip
7.2.0 2025-09-18 · 7mo ago zip
7.1.9 2025-09-16 · 7mo ago zip
7.1.8 2025-09-11 · 7mo ago zip
7.1.7 2025-09-09 · 7mo ago zip
7.1.6 2025-08-28 · 8mo ago zip
7.1.5 2025-08-28 · 8mo ago zip
7.1.4 2025-08-26 · 8mo ago zip
7.1.3 2025-08-22 · 8mo ago zip
7.1.2 2025-08-21 · 8mo ago zip
7.1.1 2025-08-20 · 8mo ago zip
7.1.0 2025-08-18 · 8mo ago zip
7.0.0 2025-08-15 · 8mo ago zip
6.9.9 2025-08-14 · 8mo ago zip