WP Beacon

Formidable PRO2PDF

formidablepro-2-pdf · by alexandre67fr · wordpress.org ↗ · SVN ↗
Active installs
1k+
Current version
3.24
Added
2015-04-30
Last updated
2026-05-09 (1mo ago)
First seen by beacon
1mo ago
Total downloads
97,824

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_scan_delta Resolved · fp_unserialize_on_db_row_not_remote_body 2026-06-06 01:37:05 (6d ago)
Slugformidablepro-2-pdf
Previous version3.23
Current version3.24
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinfpropdf.php626L613: $request = wp_remote_get($url); → L626: $files = @unserialize($row['value']);high
New finding count1
View raw JSON
{
    "slug": "formidablepro-2-pdf",
    "previous_version": "3.23",
    "current_version": "3.24",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "fpropdf.php",
            "line": 626,
            "snippet": "L613: $request = wp_remote_get($url);  \u2192  L626: $files = @unserialize($row['value']);",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}
Critical code_pattern Resolved · benign_architectural_concern 2026-04-30 15:25:31 (1mo ago)
Slugformidablepro-2-pdf
Patternunserialize_after_remote_call
Kindbuiltin
Version3.23
Hit count1
First hit
File
fpropdf.php
Line
604
Snippet
L591: $request = wp_remote_get($url); → L604: $files = @unserialize($row['value']);
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "formidablepro-2-pdf",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.23",
    "hit_count": 1,
    "first_hit": {
        "file": "fpropdf.php",
        "line": 604,
        "snippet": "L591: $request = wp_remote_get($url);  \u2192  L604: $files = @unserialize($row['value']);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

SVN committers (5)

Accounts with actual commit access to formidablepro-2-pdf on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
alexandre67fr Young account 2015-04-12 118 2015-04-30 · r1149920 2016-05-03 · r1409357
aizatmustafin Young account 2016-05-02 36 2016-05-05 · r1411269 2017-01-09 · r1570927
webethics Young account 2017-01-17 7 2017-01-20 · r1578473 2017-02-16 · r1597295
E2Pdf Young account 2017-01-31 2 2017-01-31 · r1586004 2026-05-09 · r3527357
plugin-master 2007-03-09 1 2015-04-29 · r1149516 2015-04-29 · r1149516

Readme contributors (2)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
alexandre67fr 2015-04-12 118 commits Active
rasmarcus 2015-05-01 Active

Versions (94 most recent)

Version Released Download
3.24 2026-05-09 · 1mo ago zip
3.23 2025-09-08 · 9mo ago zip
3.22 2025-07-14 · 11mo ago zip
3.21 2025-06-03 · 1y ago zip
3.20 2025-05-31 · 1y ago zip
3.19 2025-05-27 · 1y ago zip
3.18 2025-05-18 · 1y ago zip
3.09 2022-12-21 · 3y ago zip
3.08 2022-11-14 · 3y ago zip
2.65 2017-05-14 · 9y ago zip
2.34 2016-09-06 · 9y ago zip
2.30 2016-06-06 · 10y ago zip
2.29 2016-05-20 · 10y ago zip
2.28 2016-05-14 · 10y ago zip
2.27 2016-05-05 · 10y ago zip
2.26 2016-04-20 · 10y ago zip
2.25 2016-04-20 · 10y ago zip
2.24 2016-04-13 · 10y ago zip
2.23 2016-04-05 · 10y ago zip
2.22 2016-03-31 · 10y ago zip
2.21 2016-03-22 · 10y ago zip
2.20 2016-03-02 · 10y ago zip
2.19 2016-02-29 · 10y ago zip
2.18 2016-02-26 · 10y ago zip
2.17 2016-02-25 · 10y ago zip
2.16 2016-02-24 · 10y ago zip
2.15 2016-02-24 · 10y ago zip
2.14 2016-02-23 · 10y ago zip
2.13 2016-02-16 · 10y ago zip
2.12 2016-02-12 · 10y ago zip
2.11 2016-02-09 · 10y ago zip
2.10 2016-02-09 · 10y ago zip
2.9 2016-02-05 · 10y ago zip
2.8 2016-02-04 · 10y ago zip
2.7 2016-01-31 · 10y ago zip
2.6 2016-01-31 · 10y ago zip
2.5 2016-01-22 · 10y ago zip
2.4 2016-01-22 · 10y ago zip
2.0 2015-12-26 · 10y ago zip
1.7.39 2015-12-17 · 10y ago zip
1.7.38 2015-12-14 · 10y ago zip
1.7.37 2015-12-09 · 10y ago zip
1.7.36 2015-12-09 · 10y ago zip
1.7.35 2015-12-03 · 10y ago zip
1.7.34 2015-12-02 · 10y ago zip
1.7.32 2015-11-30 · 10y ago zip
1.7.31 2015-11-26 · 10y ago zip
1.7.30 2015-11-25 · 10y ago zip
1.7.29 2015-11-02 · 10y ago zip
1.7.28 2015-11-01 · 10y ago zip
1.7.27 2015-10-29 · 10y ago zip
1.7.26 2015-10-28 · 10y ago zip
1.7.25 2015-10-28 · 10y ago zip
1.7.24 2015-10-18 · 10y ago zip
1.7.23 2015-10-18 · 10y ago zip
1.7.22 2015-10-14 · 10y ago zip
1.7.21 2015-10-13 · 10y ago zip
1.7.20 2015-10-08 · 10y ago zip
1.7.19 2015-10-07 · 10y ago zip
1.7.18 2015-10-06 · 10y ago zip
1.7.17 2015-10-01 · 10y ago zip
1.7.16 2015-10-01 · 10y ago zip
1.7.15 2015-09-22 · 10y ago zip
1.7.14 2015-09-21 · 10y ago zip
1.7.13 2015-09-21 · 10y ago zip
1.7.12 2015-09-17 · 10y ago zip
1.7.11 2015-09-16 · 10y ago zip
1.7.10 2015-09-11 · 10y ago zip
1.7.9 2015-09-09 · 10y ago zip
1.7.8 2015-09-09 · 10y ago zip
1.7.7 2015-09-03 · 10y ago zip
1.7.6 2015-09-02 · 10y ago zip
1.7.5 2015-08-31 · 10y ago zip
1.7.4 2015-08-28 · 10y ago zip
1.7.3 2015-08-28 · 10y ago zip
1.7.2 2015-08-27 · 10y ago zip
1.7.1 2015-08-24 · 10y ago zip
1.7.0 2015-08-22 · 10y ago zip
1.6.0.17 2015-08-10 · 10y ago zip
1.6.0.16 2015-08-10 · 10y ago zip
1.6.0.15 2015-07-20 · 10y ago zip
1.6.0.14 2015-07-16 · 10y ago zip
1.6.0.13 2015-07-10 · 10y ago zip
1.6.0.12 2015-06-30 · 10y ago zip
1.6.0.11 2015-06-24 · 10y ago zip
1.6.0.10 2015-06-11 · 11y ago zip
1.6.0.9 2015-06-08 · 11y ago zip
1.6.0.8 2015-06-08 · 11y ago zip
1.6.0.7 2015-05-27 · 11y ago zip
1.6.0.6 2015-05-26 · 11y ago zip
1.6.0.4 2015-05-13 · 11y ago zip
1.6 2015-05-13 · 11y ago zip
1.6.0.2 2015-05-13 · 11y ago zip
1.6.0.3 2015-05-13 · 11y ago zip