Rebrand, not an acquisition — now WPManageNinja LLC.
Same owner throughout; this is a brand rename, not an ownership transfer.
Committers under the team's naming convention are expected and will not fire takeover events.
source ↗
a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
"slug": "fluent-smtp",
"pattern": "unserialize_after_remote_call",
"kind": "builtin",
"version": "2.2.95",
"hit_count": 1,
"first_hit": {
"file": "app/Services/NotificationHelper.php",
"line": 328,
"snippet": "L312: $body = wp_remote_retrieve_body($response); \u2192 L328: $sendingTo = self::unserialize(Arr::get($logData, 'to'));"
},
"explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Accounts with actual commit access to fluent-smtp on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.
Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?