InfiniteWP Client

iwp-client · by revmakx · wordpress.org ↗ · SVN ↗

Active installs: 200k+
Current version: 1.13.5
Added: 2012-04-02
Last updated: 2026-02-26 (2mo ago)
First seen by beacon: 1mo ago
Total downloads: 8,275,883

Alerts (0)

No open alerts.

Show 3 resolved alerts

Medium code_scan_match Resolved · code_scan_fp_class_genre_encoding 2026-05-05 11:30:22 (17d ago)

Slug iwp-client

Finding count 28

Findings

Pattern	Kind	File	Line	Snippet	Confidence
`base64_decode`	`builtin`	`backup.class.multicall.php`	2,817	`$value = gzinflate (base64_decode(str_replace('ZIP', '', $value)));`	`medium`
`gzinflate`	`builtin`	`backup.class.multicall.php`	2,817	`$value = gzinflate (base64_decode(str_replace('ZIP', '', $value)));`	`medium`
`base64_decode`	`builtin`	`addons/file_editor/file_editor.class.php`	198	`$fileContent = base64_decode($fileContent);`	`medium`
`gzinflate`	`builtin`	`addons/file_editor/file_editor.class.php`	199	`$fileContent = gzinflate($fileContent);`	`medium`
`base64_decode`	`builtin`	`core.class.php`	1,103	$signature = base64_decode($_GET['signature']);	`medium`
`base64_decode`	`builtin`	`core.class.php`	1,106	`$signature_new = base64_decode($_GET['signature_new']);`	`medium`
`base64_decode`	`builtin`	`lib/Google2/Utils.php`	42	`return base64_decode($b64);`	`medium`
`base64_decode`	`builtin`	`lib/Dropbox2/OAuth/Consumer/ConsumerAbstract.php`	229	`$code = base64_decode($code);`	`medium`
`base64_decode`	`builtin`	`lib/Dropbox2/OAuth/Storage/Encrypter.php`	89	`$cipherText = base64_decode($cipherText);`	`medium`
`base64_decode`	`builtin`	`lib/Google/Utils.php`	44	`return base64_decode($b64);`	`medium`
`gzinflate`	`builtin`	`lib/amazon_s3_bwd_comp/sdk.class.php`	1,239	`elseif (($uncompressed = gzinflate($body)) !== false)`	`medium`
`base64_decode`	`builtin`	`helper.class.php`	341	`return base64_decode(get_option('iwp_client_public_key'));`	`medium`
`base64_decode`	`builtin`	`helper.class.php`	349	`return base64_decode(get_option('iwp_client_nossl_key'));`	`medium`
`eval_call`	`builtin`	`init.php`	2,173	`eval($params['code']);`	`medium`
`base64_decode`	`builtin`	`init.php`	144	`$data = trim(base64_decode($request_raw_data));`	`medium`

Resolved sha 1b79f5bd0cbe360eec44ce8d6d3fc1c39116823a

View raw JSON

{
    "slug": "iwp-client",
    "finding_count": 28,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "backup.class.multicall.php",
            "line": 2817,
            "snippet": "$value = gzinflate (base64_decode(str_replace('**ZIP**', '', $value)));",
            "confidence": "medium"
        },
        {
            "pattern": "gzinflate",
            "kind": "builtin",
            "file": "backup.class.multicall.php",
            "line": 2817,
            "snippet": "$value = gzinflate (base64_decode(str_replace('**ZIP**', '', $value)));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "addons/file_editor/file_editor.class.php",
            "line": 198,
            "snippet": "$fileContent = base64_decode($fileContent);",
            "confidence": "medium"
        },
        {
            "pattern": "gzinflate",
            "kind": "builtin",
            "file": "addons/file_editor/file_editor.class.php",
            "line": 199,
            "snippet": "$fileContent = gzinflate($fileContent);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "core.class.php",
            "line": 1103,
            "snippet": "$signature  = base64_decode($_GET['signature']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "core.class.php",
            "line": 1106,
            "snippet": "$signature_new = base64_decode($_GET['signature_new']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Google2/Utils.php",
            "line": 42,
            "snippet": "return base64_decode($b64);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Dropbox2/OAuth/Consumer/ConsumerAbstract.php",
            "line": 229,
            "snippet": "$code = base64_decode($code);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Dropbox2/OAuth/Storage/Encrypter.php",
            "line": 89,
            "snippet": "$cipherText = base64_decode($cipherText);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/Google/Utils.php",
            "line": 44,
            "snippet": "return base64_decode($b64);",
            "confidence": "medium"
        },
        {
            "pattern": "gzinflate",
            "kind": "builtin",
            "file": "lib/amazon_s3_bwd_comp/sdk.class.php",
            "line": 1239,
            "snippet": "elseif (($uncompressed = gzinflate($body)) !== false)",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "helper.class.php",
            "line": 341,
            "snippet": "return base64_decode(get_option('iwp_client_public_key'));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "helper.class.php",
            "line": 349,
            "snippet": "return base64_decode(get_option('iwp_client_nossl_key'));",
            "confidence": "medium"
        },
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "init.php",
            "line": 2173,
            "snippet": "eval($params['code']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "init.php",
            "line": 144,
            "snippet": "$data = trim(base64_decode($request_raw_data));",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "1b79f5bd0cbe360eec44ce8d6d3fc1c39116823a"
}

Critical code_pattern Resolved · no_longer_matches 2026-04-24 17:01:47 (28d ago)

Slug	iwp-client
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`1.13.5`
Hit count	1
First hit	File `backup/backup.php` Line 2,276 Snippet L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp')); → L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.

View raw JSON

{
    "slug": "iwp-client",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.13.5",
    "hit_count": 1,
    "first_hit": {
        "file": "backup/backup.php",
        "line": 2276,
        "snippet": "L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));  \u2192  L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}

Critical code_scan_delta Resolved · fp_local_disk_cache 2026-04-24 16:22:40 (28d ago)

Slug iwp-client

Previous version 1.13.5

Current version 1.13.5

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`backup/backup.php`	2,276	L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp')); → L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));	`high`

New finding count 1

View raw JSON

{
    "slug": "iwp-client",
    "previous_version": "1.13.5",
    "current_version": "1.13.5",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "backup/backup.php",
            "line": 2276,
            "snippet": "L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));  \u2192  L2276: $var = maybe_unserialize(file_get_contents($cache_file_base.'-info.tmp'));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

SVN committers (3)

Accounts with actual commit access to iwp-client on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
infinitewp Young account	2012-01-11	191	2012-04-02 · r526157	2024-04-29 · r3078586
revmakx	2024-07-31	9	2024-12-05 · r3202851	2026-02-26 · r3470158
plugin-master	2007-03-09	1	2012-03-26 · r523627	2012-03-26 · r523627

Readme contributors (4)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
infinitewp	2012-01-11	191 commits	Active
revmakx	2024-07-31	9 commits	Active
Amrit Anandh	2019-08-05	—	Active
Kuppuraj	2016-06-30	—	Active

Versions (88 most recent)

Version	Released	Download
1.13.5	2026-02-26 · 2mo ago	zip
1.13.3	2025-06-05 · 11mo ago	zip
1.13.2	2025-02-17 · 1y ago	zip
1.13.1	2024-12-05 · 1y ago	zip
1.13.0	2024-04-29 · 2y ago	zip
1.12.5	2024-01-03 · 2y ago	zip
1.12.3.1	2023-12-08 · 2y ago	zip
1.12.3	2023-06-30 · 2y ago	zip
1.12.1	2023-06-14 · 2y ago	zip
1.11.1	2023-05-04 · 3y ago	zip
1.11.0	2023-01-10 · 3y ago	zip
1.9.9	2022-09-21 · 3y ago	zip
1.9.8	2022-05-18 · 4y ago	zip
1.9.6	2022-02-14 · 4y ago	zip
1.9.4.11	2021-07-22 · 4y ago	zip
1.9.4.8.2	2021-01-25 · 5y ago	zip
1.9.4.6	2020-07-13 · 5y ago	zip
1.9.4.5	2020-01-08 · 6y ago	zip
1.9.4.4	2019-12-17 · 6y ago	zip
1.9.4.1	2019-07-25 · 6y ago	zip
1.8.6	2019-02-12 · 7y ago	zip
1.8.5	2018-09-04 · 7y ago	zip
1.8.3	2018-07-09 · 7y ago	zip
1.8.1	2018-04-03 · 8y ago	zip
1.6.6.3	2017-09-29 · 8y ago	zip
1.6.5.1	2017-09-07 · 8y ago	zip
1.6.4.2	2017-07-10 · 8y ago	zip
1.6.4	2017-05-02 · 9y ago	zip
1.6.3.2	2017-01-04 · 9y ago	zip
1.6.1.1	2016-08-12 · 9y ago	zip
1.6.0	2016-06-27 · 9y ago	zip
1.5.1.3	2016-06-01 · 9y ago	zip
1.5.1.1	2016-03-18 · 10y ago	zip
1.5.1	2016-03-14 · 10y ago	zip
1.5.0	2016-01-09 · 10y ago	zip
1.4.3	2015-11-18 · 10y ago	zip
1.4.2.2	2015-09-24 · 10y ago	zip
1.4.1	2015-08-31 · 10y ago	zip
1.3.16	2015-07-28 · 10y ago	zip
1.3.15	2015-07-08 · 10y ago	zip
1.3.14	2015-07-03 · 10y ago	zip
1.3.13	2015-05-13 · 11y ago	zip
1.3.12	2015-03-31 · 11y ago	zip
1.3.11	2015-03-27 · 11y ago	zip
1.3.10	2015-01-27 · 11y ago	zip
1.3.8	2014-12-02 · 11y ago	zip
1.3.7	2014-11-21 · 11y ago	zip
1.3.6	2014-09-01 · 11y ago	zip
1.3.5	2014-08-19 · 11y ago	zip
1.3.4	2014-08-11 · 11y ago	zip
1.3.3	2014-07-28 · 11y ago	zip
1.3.2	2014-07-23 · 11y ago	zip
1.2.15	2014-07-18 · 11y ago	zip
1.3.0	2014-07-18 · 11y ago	zip
1.3.1	2014-07-18 · 11y ago	zip
1.2.14	2014-05-27 · 11y ago	zip
1.2.13	2014-05-14 · 12y ago	zip
1.2.12	2014-05-07 · 12y ago	zip
1.2.11	2014-04-16 · 12y ago	zip
1.2.10	2014-04-10 · 12y ago	zip
1.2.9	2014-04-10 · 12y ago	zip
1.2.8	2014-01-21 · 12y ago	zip
1.2.7	2014-01-13 · 12y ago	zip
1.2.6	2013-11-18 · 12y ago	zip
1.2.5	2013-10-30 · 12y ago	zip
1.2.4	2013-10-16 · 12y ago	zip
1.2.3	2013-09-11 · 12y ago	zip
1.2.2	2013-09-06 · 12y ago	zip
1.2.1	2013-08-28 · 12y ago	zip
1.2.0	2013-08-26 · 12y ago	zip
1.1.10	2013-04-05 · 13y ago	zip
1.1.9	2013-04-02 · 13y ago	zip
1.1.8	2013-02-21 · 13y ago	zip
1.1.7	2013-02-21 · 13y ago	zip
1.1.6	2012-12-14 · 13y ago	zip
1.1.5	2012-12-13 · 13y ago	zip
1.1.4	2012-12-07 · 13y ago	zip
1.1.3	2012-12-03 · 13y ago	zip
1.1.2	2012-10-05 · 13y ago	zip
1.1.1	2012-10-05 · 13y ago	zip
1.1.0	2012-09-11 · 13y ago	zip
1.0.4	2012-08-28 · 13y ago	zip
1.0.3	2012-06-11 · 13y ago	zip
1.0.2	2012-05-16 · 14y ago	zip
1.0.0	2012-05-12 · 14y ago	zip
1.0.1	2012-05-12 · 14y ago	zip
0.1.5	2012-04-18 · 14y ago	zip
0.1.4	2012-04-02 · 14y ago	zip