WP Beacon

FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider

fluent-smtp · by techjewel · wordpress.org ↗ · SVN ↗
Active installs
500k+
Current version
2.2.95
Added
2021-01-18
Last updated
2025-12-28 (4mo ago)
First seen by beacon
11d ago
Total downloads
4,083,152

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern Resolved · no_longer_matches 2026-04-24 17:01:47 (8d ago)
Slugfluent-smtp
Patternunserialize_after_remote_call
Kindbuiltin
Version2.2.95
Hit count1
First hit
File
app/Services/NotificationHelper.php
Line
328
Snippet
L312: $body = wp_remote_retrieve_body($response); → L328: $sendingTo = self::unserialize(Arr::get($logData, 'to'));
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "fluent-smtp",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "2.2.95",
    "hit_count": 1,
    "first_hit": {
        "file": "app/Services/NotificationHelper.php",
        "line": 328,
        "snippet": "L312: $body = wp_remote_retrieve_body($response);  \u2192  L328: $sendingTo = self::unserialize(Arr::get($logData, 'to'));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta Resolved · fp_proximity_only_different_vars 2026-04-24 15:52:01 (8d ago)
Slugfluent-smtp
Previous version2.2.95
Current version2.2.95
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinapp/Services/NotificationHelper.php328L312: $body = wp_remote_retrieve_body($response); → L328: $sendingTo = self::unserialize(Arr::get($logData, 'to'));high
New finding count1
View raw JSON
{
    "slug": "fluent-smtp",
    "previous_version": "2.2.95",
    "current_version": "2.2.95",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "app/Services/NotificationHelper.php",
            "line": 328,
            "snippet": "L312: $body = wp_remote_retrieve_body($response);  \u2192  L328: $sendingTo = self::unserialize(Arr::get($logData, 'to'));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

SVN committers (2)

Accounts with actual commit access to fluent-smtp on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
Shahjahan Jewel 2012-10-04 48 2021-01-18 · r2458343 2025-12-28 · r3428610
plugin-master 2007-03-09 1 2021-01-14 · r2456648 2021-01-14 · r2456648

Readme contributors (4)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
Shahjahan Jewel 2012-10-04 48 commits Active
Mahmudul Hasan Arif 2017-08-17 Active
Sheikh Heera 2012-01-16 Active
WPManageNinja 2018-05-26 Active

Versions (28 most recent)

Version Released Download
2.2.95 2025-12-28 · 4mo ago zip
2.2.92 2025-08-28 · 8mo ago zip
2.2.90 2025-02-07 · 1y ago zip
2.2.83 2024-11-21 · 1y ago zip
2.2.82 2024-11-21 · 1y ago zip
2.2.81 2024-10-20 · 1y ago zip
2.2.80 2024-08-14 · 1y ago zip
2.2.73 2024-06-04 · 1y ago zip
2.2.72 2024-03-16 · 2y ago zip
2.2.71 2024-01-01 · 2y ago zip
2.2.7 2024-01-01 · 2y ago zip
2.2.6 2023-10-01 · 2y ago zip
2.2.5 2023-07-06 · 2y ago zip
2.2.4 2023-02-04 · 3y ago zip
2.2.3 2023-02-04 · 3y ago zip
2.2.2 2022-11-11 · 3y ago zip
2.2.1 2022-11-08 · 3y ago zip
2.2.0 2022-08-20 · 3y ago zip
2.1.2 2022-07-05 · 3y ago zip
2.1.1 2022-03-12 · 4y ago zip
2.1.0 2021-10-24 · 4y ago zip
2.0.2 2021-09-21 · 4y ago zip
2.0.1 2021-07-28 · 4y ago zip
2.0.0 2021-07-27 · 4y ago zip
1.2.0 2021-05-26 · 4y ago zip
1.1.1 2021-04-16 · 5y ago zip
1.1.0 2021-04-15 · 5y ago zip
1.0.1 2021-01-24 · 5y ago zip