WP Beacon

KnowledgeBase with AI ChatBot HelpDesk – KBx

knowledgebase-helpdesk · by quantumcloud · wordpress.org ↗ · SVN ↗
Active installs
50
Current version
3.7.3
Added
2017-04-19
Last updated
2026-02-16 (3mo ago)
First seen by beacon
1mo ago
Total downloads
21,905

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern Resolved · vendored_qcld_openai_autoupdate_proprietary_lib_fp 2026-05-08 16:16:54 (1mo ago)
Slugknowledgebase-helpdesk
Patternunserialize_after_remote_call
Kindbuiltin
Version3.7.3
Hit count1
First hit
File
kbx-wpbot/chatbot/includes/openai/plugin-upgrader/classes/plugin-upgrader.php
Line
189
Snippet
L184: $request = wp_remote_post($this->update_path, $params ); → L189: return @unserialize( $request['body'] );
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "knowledgebase-helpdesk",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.7.3",
    "hit_count": 1,
    "first_hit": {
        "file": "kbx-wpbot/chatbot/includes/openai/plugin-upgrader/classes/plugin-upgrader.php",
        "line": 189,
        "snippet": "L184: $request = wp_remote_post($this->update_path, $params );  \u2192  L189: return @unserialize( $request['body'] );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

SVN committers (2)

Accounts with actual commit access to knowledgebase-helpdesk on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
QuantumCloud 2011-12-11 101 2017-04-19 · r1640574 2026-02-16 · r3462527
plugin-master 2007-03-09 1 2017-04-10 · r1634637 2017-04-10 · r1634637

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
QuantumCloud 2011-12-11 101 commits Active

Versions (73 most recent)

Version Released Download
3.7.3 2026-02-16 · 3mo ago zip
3.7.1 2025-12-17 · 5mo ago zip
3.7.0 2025-01-17 · 1y ago zip
3.6.9 2024-12-19 · 1y ago zip
3.6.8 2024-12-11 · 1y ago zip
3.6.7 2024-11-28 · 1y ago zip
3.6.6 2024-11-24 · 1y ago zip
3.6.5 2024-11-12 · 1y ago zip
3.6.4 2024-10-15 · 1y ago zip
3.6.3 2024-10-14 · 1y ago zip
3.6.2 2024-10-11 · 1y ago zip
3.6.1 2024-10-08 · 1y ago zip
3.6.0 2024-09-27 · 1y ago zip
3.5.9 2024-09-25 · 1y ago zip
3.5.8 2024-09-24 · 1y ago zip
3.5.7 2024-09-12 · 1y ago zip
3.5.6 2024-08-30 · 1y ago zip
3.5.4 2024-07-29 · 1y ago zip
3.5.3 2024-07-25 · 1y ago zip
3.5.2 2024-05-30 · 2y ago zip
3.5.1 2024-04-17 · 2y ago zip
3.5.0 2024-04-08 · 2y ago zip
3.4.9 2024-01-09 · 2y ago zip
3.4.8 2023-12-29 · 2y ago zip
3.4.7 2023-12-22 · 2y ago zip
3.4.6 2023-12-19 · 2y ago zip
3.4.5 2023-11-24 · 2y ago zip
3.4.4 2023-11-17 · 2y ago zip
3.4.3 2023-11-06 · 2y ago zip
3.4.2 2023-10-26 · 2y ago zip
3.4.1 2023-08-09 · 2y ago zip
3.4.0 2023-07-11 · 2y ago zip
3.3.9 2023-01-30 · 3y ago zip
3.3.8 2022-12-07 · 3y ago zip
3.3.7 2022-11-08 · 3y ago zip
3.3.6 2022-11-03 · 3y ago zip
3.3.5 2022-06-27 · 3y ago zip
3.3.4 2022-06-01 · 4y ago zip
3.3.3 2021-08-13 · 4y ago zip
3.3.1 2021-08-02 · 4y ago zip
3.3.0 2021-07-27 · 4y ago zip
3.2.9 2021-07-12 · 4y ago zip
3.2.8 2021-06-23 · 4y ago zip
3.2.7 2021-06-18 · 4y ago zip
3.2.6 2021-06-17 · 4y ago zip
3.2.5 2021-06-15 · 4y ago zip
3.2.4 2021-05-07 · 5y ago zip
3.2.3 2020-10-20 · 5y ago zip
3.2.2 2020-05-12 · 6y ago zip
3.2.1 2020-02-27 · 6y ago zip
3.2.0 2019-10-11 · 6y ago zip
3.1.0 2019-10-08 · 6y ago zip
3.0.0 2019-09-12 · 6y ago zip
2.9.0 2019-09-04 · 6y ago zip
2.8.0 2019-07-16 · 6y ago zip
2.7.0 2019-06-25 · 6y ago zip
2.6.0 2019-03-11 · 7y ago zip
2.5.0 2019-02-26 · 7y ago zip
2.4.0 2019-01-17 · 7y ago zip
2.3.0 2019-01-08 · 7y ago zip
2.2.0 2018-12-19 · 7y ago zip
2.1.0 2018-12-11 · 7y ago zip
2.0.0 2018-09-28 · 7y ago zip
1.9.0 2018-09-12 · 7y ago zip
1.8.0 2018-09-11 · 7y ago zip
1.7.0 2018-09-11 · 7y ago zip
1.6.0 2018-08-28 · 7y ago zip
1.5.0 2018-03-15 · 8y ago zip
1.4.0 2018-01-02 · 8y ago zip
1.3.0 2017-11-22 · 8y ago zip
1.2.0 2017-09-08 · 8y ago zip
1.1.0 2017-09-07 · 8y ago zip
0.9.0 2017-04-28 · 9y ago zip