WP Google Core Web Vitals Fix

cls-lcp-issues-fix · by roshellco · wordpress.org ↗ · SVN ↗
This plugin is closed on wordpress.org. Closed 2026-04-07. Reason: guideline-violation.
Active installs
Current version
1.0.8
Added
2021-10-18
Last updated
First seen by beacon
2mo ago
Total downloads

Audits (1)

Malicious Audit #45 baseline → head 1.0.4 suspect roshellco 18d ago

A SiteGuarding burner with a full remote-code-execution + persistence backdoor — Tier A. Surfaced by the closed-plugin blob scan (the new payload-decode scanner), which matched cmsplughub.com in the trunk that the old PHP-only IOC grep had been seeing only as obfuscated fragments.

Read full audit →

Alerts (0)

No open alerts.

Show 1 resolved alert
High closed_blob_scan Resolved · audited_malicious 2026-06-15 10:50:21 (18d ago)
Slugcls-lcp-issues-fix
Committerroshellco
First commit at2021-10-18 22:43:59
TierA
Mechanismremote-PHP download (siteguarding.com/ext/vitals → core.web.vitals.php) + wp-config.php include_once persistence (marker FD5503D3B128) + webanalyze/ dir; cmsplughub.com links + str_replace-obfuscated chat domain
Active installs0
ExplanationSiteGuarding burner-fleet member surfaced by the closed-plugin blob scan (2026-06-15). Tier A. remote-PHP download (siteguarding.com/ext/vitals → core.web.vitals.php) + wp-config.php include_once persistence (marker FD5503D3B128) + webanalyze/ dir; cmsplughub.com links + str_replace-obfuscated chat domain
View raw JSON
{
    "slug": "cls-lcp-issues-fix",
    "committer": "roshellco",
    "first_commit_at": "2021-10-18 22:43:59",
    "tier": "A",
    "mechanism": "remote-PHP download (siteguarding.com/ext/vitals \u2192 core.web.vitals.php) + wp-config.php include_once persistence (marker FD5503D3B128) + webanalyze/ dir; cmsplughub.com links + str_replace-obfuscated chat domain",
    "active_installs": 0,
    "explanation": "SiteGuarding burner-fleet member surfaced by the closed-plugin blob scan (2026-06-15). Tier A. remote-PHP download (siteguarding.com/ext/vitals \u2192 core.web.vitals.php) + wp-config.php include_once persistence (marker FD5503D3B128) + webanalyze/ dir; cmsplughub.com links + str_replace-obfuscated chat domain"
}

SVN committers (2)

Accounts with actual commit access to cls-lcp-issues-fix on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
SEOBoost 2020-08-21 11 2022-01-27 · r2666889 2025-07-15 · r3328268
plugin-master 2007-03-09 1 2021-10-18 · r2616146 2021-10-18 · r2616146

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
SEOBoost 2020-08-21 11 commits Active

Versions (5 most recent)

Version Released Download
1.0.8 2025-07-15 · 11mo ago
1.0.7 2025-06-05 · 1y ago
1.0.6 2025-05-28 · 1y ago
1.0.5 2025-04-21 · 1y ago
1.0.4 2025-03-25 · 1y ago