WP Beacon

Duplicate Post

copy-delete-posts · by inisev · wordpress.org ↗ · SVN ↗
Active installs
300k+
Current version
1.5.3
Added
2020-03-25
Last updated
2026-03-13 (1mo ago)
First seen by beacon
11d ago
Total downloads
4,383,379

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern Resolved · no_longer_matches 2026-04-24 17:08:39 (7d ago)
Slugcopy-delete-posts
Patternunserialize_after_remote_call
Kindbuiltin
Version1.5.3
Hit count1
First hit
File
analyst/src/Storage/FileStorage.php
Line
55
Snippet
L43: $encoded = @file_get_contents($filePath); → L55: return @unserialize($raw);
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "copy-delete-posts",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.5.3",
    "hit_count": 1,
    "first_hit": {
        "file": "analyst/src/Storage/FileStorage.php",
        "line": 55,
        "snippet": "L43: $encoded = @file_get_contents($filePath);  \u2192  L55: return @unserialize($raw);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta Resolved · fp_local_disk_cache 2026-04-24 16:18:59 (7d ago)
Slugcopy-delete-posts
Previous version1.5.3
Current version1.5.3
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinanalyst/src/Storage/FileStorage.php55L43: $encoded = @file_get_contents($filePath); → L55: return @unserialize($raw);high
New finding count1
View raw JSON
{
    "slug": "copy-delete-posts",
    "previous_version": "1.5.3",
    "current_version": "1.5.3",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "analyst/src/Storage/FileStorage.php",
            "line": 55,
            "snippet": "L43: $encoded = @file_get_contents($filePath);  \u2192  L55: return @unserialize($raw);",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

SVN committers (5)

Accounts with actual commit access to copy-delete-posts on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
iClyde 2019-12-29 38 2021-05-25 · r2537340 2025-04-22 · r3279475
copydelete Young account 2020-03-27 29 2020-03-27 · r2269106 2021-04-21 · r2519316
copydeleteposts Young account 2020-03-21 12 2020-03-25 · r2267036 2020-04-19 · r2286692
shihabsoft 2018-11-01 3 2026-02-06 · r3455545 2026-03-13 · r3481711
plugin-master 2007-03-09 1 2020-03-24 · r2266884 2020-03-24 · r2266884

Readme contributors (3)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
copydelete 2020-03-27 29 commits Active
copydeleteposts 2020-03-21 12 commits Active
Inisev 2021-05-20 Active

Versions (54 most recent)

Version Released Download
1.5.3 2026-03-13 · 1mo ago zip
1.5.2 2026-02-12 · 2mo ago zip
1.5.1 2026-02-06 · 2mo ago zip
1.5.0 2025-04-22 · 1y ago zip
1.4.9 2024-09-20 · 1y ago zip
1.4.8 2024-07-31 · 1y ago zip
1.4.7 2024-07-17 · 1y ago zip
1.4.6 2024-02-13 · 2y ago zip
1.4.5 2024-01-19 · 2y ago zip
1.4.4 2023-11-18 · 2y ago zip
1.4.3 2023-08-21 · 2y ago zip
1.4.2 2023-08-03 · 2y ago zip
1.4.1 2023-07-27 · 2y ago zip
1.4.0 2023-06-07 · 2y ago zip
1.3.9 2023-03-07 · 3y ago zip
1.3.8 2023-02-08 · 3y ago zip
1.3.7 2022-12-30 · 3y ago zip
1.3.6 2022-11-24 · 3y ago zip
1.3.5 2022-11-22 · 3y ago zip
1.3.4 2022-11-02 · 3y ago zip
1.3.3 2022-10-31 · 3y ago zip
1.3.2 2022-09-20 · 3y ago zip
1.3.1 2022-08-31 · 3y ago zip
1.3.0 2022-05-30 · 3y ago zip
1.2.9 2022-04-12 · 4y ago zip
1.2.8 2022-03-07 · 4y ago zip
1.2.7 2022-02-11 · 4y ago zip
1.2.6 2022-01-11 · 4y ago zip
1.2.5 2021-12-09 · 4y ago zip
1.2.4 2021-12-02 · 4y ago zip
1.2.3 2021-11-25 · 4y ago zip
1.2.2 2021-11-17 · 4y ago zip
1.2.1 2021-11-02 · 4y ago zip
1.2.0 2021-10-26 · 4y ago zip
1.1.9 2021-09-15 · 4y ago zip
1.1.8 2021-08-07 · 4y ago zip
1.1.7 2021-07-23 · 4y ago zip
1.1.6 2021-03-15 · 5y ago zip
1.1.5 2021-03-01 · 5y ago zip
1.1.4 2021-02-12 · 5y ago zip
1.1.3 2021-02-03 · 5y ago zip
1.1.2 2020-11-19 · 5y ago zip
1.1.1 2020-09-30 · 5y ago zip
1.1.0 2020-09-26 · 5y ago zip
1.0.9 2020-08-25 · 5y ago zip
1.0.8 2020-08-17 · 5y ago zip
1.0.7 2020-07-22 · 5y ago zip
1.0.6 2020-04-27 · 6y ago zip
1.0.5 2020-04-22 · 6y ago zip
1.0.3 2020-04-02 · 6y ago zip
1.0.4 2020-04-02 · 6y ago zip
1.0.2 2020-04-01 · 6y ago zip
1.0.1 2020-03-27 · 6y ago zip
1.0.0 2020-03-27 · 6y ago zip