Nexter Extension – Security, Performance, Code Snippets & Site Toolkit

nexter-extension · by posimyththemes · wordpress.org ↗ · SVN ↗
Active installs
10k+
Current version
4.6.15
Added
2021-03-12
Last updated
2026-06-30 (2d ago)
First seen by beacon
2mo ago
Total downloads
261,472

Statistics

2024-06-17 → 2026-07-01 · 745 days
Downloads today
3,806
7-day total 9,842
Week over week
▲ +41%
vs prior 7 days
30-day trend
rising
▼ -8% MoM
Abandonment
○○○○○
healthy
Downloads/day Linear trend
4k3k2k1k02024-062024-102025-022025-062025-102026-022026-07
4k3k2k1k02026-042026-042026-052026-052026-062026-06
4k3k2k95202026-062026-062026-062026-062026-062026-06

Active versions

4.64.54.4
4.6 · 68.6%4.5 · 9.8%4.4 · 8.3%other · 7.1%4.3 · 6.3%

Ratings

5★
12
4★
0
3★
0
2★
0
1★
1

Support: 2/2 resolved

Alerts (0)

No open alerts.

Show 5 resolved alerts
Critical code_scan_delta Resolved · fp_unserialize_wporg_themes_api 2026-07-02 03:46:10 (18h ago)
Slugnexter-extension
Previous version4.6.11
Current version4.6.15
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltininclude/panel-settings/class-nxt-panel-ajax-router.php806L796: $response = wp_remote_post($theme_api_url, $args); → L806: $theme_info = @unserialize( $body );high
unserialize_after_remote_callbuiltininclude/panel-settings/class-nxt-panel-ajax-router.php898L897: $body = wp_remote_retrieve_body( $response ); → L898: $plugin_info = @unserialize( $body );high
New finding count2
View raw JSON
{
    "slug": "nexter-extension",
    "previous_version": "4.6.11",
    "current_version": "4.6.15",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 806,
            "snippet": "L796: $response = wp_remote_post($theme_api_url, $args);  \u2192  L806: $theme_info = @unserialize( $body );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 898,
            "snippet": "L897: $body = wp_remote_retrieve_body( $response );  \u2192  L898: $plugin_info = @unserialize( $body );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 2
}
Critical code_scan_delta Resolved · fp_legacy_custom_updater_unserialize_posimyth 2026-06-06 01:17:19 (26d ago)
Slugnexter-extension
Previous version4.6.10
Current version4.6.11
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltininclude/panel-settings/class-nxt-panel-ajax-router.php782L772: $response = wp_remote_post($theme_api_url, $args); → L782: $theme_info = @unserialize( $body );high
unserialize_after_remote_callbuiltininclude/panel-settings/class-nxt-panel-ajax-router.php874L873: $body = wp_remote_retrieve_body( $response ); → L874: $plugin_info = @unserialize( $body );high
New finding count2
View raw JSON
{
    "slug": "nexter-extension",
    "previous_version": "4.6.10",
    "current_version": "4.6.11",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 782,
            "snippet": "L772: $response = wp_remote_post($theme_api_url, $args);  \u2192  L782: $theme_info = @unserialize( $body );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 874,
            "snippet": "L873: $body = wp_remote_retrieve_body( $response );  \u2192  L874: $plugin_info = @unserialize( $body );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 2
}
Critical code_pattern Resolved · unserialize_after_wp_org_api_legit 2026-05-08 09:56:45 (1mo ago)
Slugnexter-extension
Patternunserialize_after_remote_call
Kindbuiltin
Version4.6.8
Hit count2
First hit
File
include/panel-settings/class-nxt-panel-ajax-router.php
Line
779
Snippet
L769: $response = wp_remote_post($theme_api_url, $args); → L779: $theme_info = @unserialize( $body );
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "nexter-extension",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "4.6.8",
    "hit_count": 2,
    "first_hit": {
        "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
        "line": 779,
        "snippet": "L769: $response = wp_remote_post($theme_api_url, $args);  \u2192  L779: $theme_info = @unserialize( $body );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}
High code_scan_delta Resolved · unserialize_after_wp_org_api_legit 2026-05-08 03:42:25 (1mo ago)
Slugnexter-extension
Previous version4.6.7
Current version4.6.8
New findings
PatternKindFileLineSnippetConfidenceDetails
remote_enqueuebuiltininclude/panel-settings/extensions/nexter-ext-adobe-font.php190wp_enqueue_style( 'nexter-adobe-typekit','https://use.typekit.net/'.esc_attr($font_val['project_id']).'.css', [], NEXTER_EXT_VER );medium
Url
https://use.typekit.net/
Url host
use.typekit.net
unserialize_after_remote_callbuiltininclude/panel-settings/class-nxt-panel-ajax-router.php779L769: $response = wp_remote_post($theme_api_url, $args); → L779: $theme_info = @unserialize( $body );high
unserialize_after_remote_callbuiltininclude/panel-settings/class-nxt-panel-ajax-router.php871L870: $body = wp_remote_retrieve_body( $response ); → L871: $plugin_info = @unserialize( $body );high
New finding count3
View raw JSON
{
    "slug": "nexter-extension",
    "previous_version": "4.6.7",
    "current_version": "4.6.8",
    "new_findings": [
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "include/panel-settings/extensions/nexter-ext-adobe-font.php",
            "line": 190,
            "snippet": "wp_enqueue_style( 'nexter-adobe-typekit','https://use.typekit.net/'.esc_attr($font_val['project_id']).'.css', [], NEXTER_EXT_VER );",
            "confidence": "medium",
            "details": {
                "url": "https://use.typekit.net/",
                "url_host": "use.typekit.net"
            }
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 779,
            "snippet": "L769: $response = wp_remote_post($theme_api_url, $args);  \u2192  L779: $theme_info = @unserialize( $body );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 871,
            "snippet": "L870: $body = wp_remote_retrieve_body( $response );  \u2192  L871: $plugin_info = @unserialize( $body );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}
Critical code_scan_match Resolved · dead_endpoint_or_gated 2026-05-05 13:13:07 (1mo ago)
Slugnexter-extension
Finding count3
Findings
PatternKindFileLineSnippetConfidenceDetails
unserialize_after_remote_callbuiltininclude/panel-settings/class-nxt-panel-ajax-router.php779L769: $response = wp_remote_post($theme_api_url, $args); → L779: $theme_info = @unserialize( $body );high
unserialize_after_remote_callbuiltininclude/panel-settings/class-nxt-panel-ajax-router.php871L870: $body = wp_remote_retrieve_body( $response ); → L871: $plugin_info = @unserialize( $body );high
remote_enqueuebuiltininclude/panel-settings/extensions/nexter-ext-adobe-font.php190wp_enqueue_style( 'nexter-adobe-typekit','https://use.typekit.net/'.esc_attr($font_val['project_id']).'.css', [], NEXTER_EXT_VER );medium
Url
https://use.typekit.net/
Url host
use.typekit.net
Resolved sha20dc3c2b4ca1db5173676e40fea3b86880ee9bb2
View raw JSON
{
    "slug": "nexter-extension",
    "finding_count": 3,
    "findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 779,
            "snippet": "L769: $response = wp_remote_post($theme_api_url, $args);  \u2192  L779: $theme_info = @unserialize( $body );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "include/panel-settings/class-nxt-panel-ajax-router.php",
            "line": 871,
            "snippet": "L870: $body = wp_remote_retrieve_body( $response );  \u2192  L871: $plugin_info = @unserialize( $body );",
            "confidence": "high"
        },
        {
            "pattern": "remote_enqueue",
            "kind": "builtin",
            "file": "include/panel-settings/extensions/nexter-ext-adobe-font.php",
            "line": 190,
            "snippet": "wp_enqueue_style( 'nexter-adobe-typekit','https://use.typekit.net/'.esc_attr($font_val['project_id']).'.css', [], NEXTER_EXT_VER );",
            "confidence": "medium",
            "details": {
                "url": "https://use.typekit.net/",
                "url_host": "use.typekit.net"
            }
        }
    ],
    "resolved_sha": "20dc3c2b4ca1db5173676e40fea3b86880ee9bb2"
}

SVN committers (3)

Accounts with actual commit access to nexter-extension on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
POSIMYTH 2018-02-10 81 2021-03-12 · r2494297 2026-01-09 · r3435642
Jigar Panchal 2020-06-11 27 2025-08-05 · r3339459 2026-06-25 · r3585784
plugin-master 2007-03-09 1 2021-03-08 · r2490006 2021-03-08 · r2490006

Readme contributors (3)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
POSIMYTH 2018-02-10 81 commits Active
Nirmal Kavaiya 2018-07-11 Active
Sagar Patel 2018-03-08 Active

Versions (86 most recent)

Version Released Download
4.6.15 zip
4.6.13 zip
4.6.14 zip
4.6.12 zip
4.6.11 2026-05-28 · 1mo ago zip
4.6.10 2026-05-21 · 1mo ago zip
4.6.9 2026-05-11 · 1mo ago zip
4.6.8 2026-05-07 · 1mo ago zip
4.6.7 2026-04-13 · 2mo ago zip
4.6.6 2026-04-12 · 2mo ago zip
4.6.5 2026-04-08 · 2mo ago zip
4.6.4 2026-04-07 · 2mo ago zip
4.6.3 2026-04-06 · 2mo ago zip
4.6.2 2026-03-25 · 3mo ago zip
4.6.1 2026-03-18 · 3mo ago zip
4.6.0 2026-03-13 · 3mo ago zip
4.5.3 2026-02-05 · 4mo ago zip
4.5.2 2026-02-02 · 5mo ago zip
4.5.1 2026-01-23 · 5mo ago zip
4.5.0 2026-01-23 · 5mo ago zip
4.4.7 2026-01-09 · 5mo ago zip
4.4.6 2025-12-17 · 6mo ago zip
4.4.5 2025-12-12 · 6mo ago zip
4.4.4 2025-12-09 · 6mo ago zip
4.4.3 2025-12-01 · 7mo ago zip
4.4.2 2025-11-27 · 7mo ago zip
4.4.1 2025-11-25 · 7mo ago zip
4.4.0 2025-11-24 · 7mo ago zip
4.3.5 2025-10-10 · 8mo ago zip
4.3.4 2025-09-10 · 9mo ago zip
4.3.3 2025-09-10 · 9mo ago zip
4.3.2 2025-09-09 · 9mo ago zip
4.3.1 2025-09-03 · 10mo ago zip
4.3.0 2025-09-02 · 10mo ago zip
4.2.4 2025-08-06 · 11mo ago zip
4.2.3 2025-08-05 · 11mo ago zip
4.2.2 2025-06-06 · 1y ago zip
4.2.1 2025-05-30 · 1y ago zip
4.2.0 2025-05-28 · 1y ago zip
4.1.3 2025-05-01 · 1y ago zip
4.1.2 2025-04-29 · 1y ago zip
4.1.1 2025-04-18 · 1y ago zip
4.1.0 2025-04-09 · 1y ago zip
4.0.9 2025-04-09 · 1y ago zip
4.0.8 2025-04-02 · 1y ago zip
4.0.7 2025-02-18 · 1y ago zip
4.0.6 2025-02-06 · 1y ago zip
4.0.5 2025-01-29 · 1y ago zip
4.0.4 2025-01-27 · 1y ago zip
4.0.3 2024-12-26 · 1y ago zip
4.0.2 2024-12-24 · 1y ago zip
4.0.1 2024-12-23 · 1y ago zip
4.0.0 2024-12-23 · 1y ago zip
3.2.3 2024-12-04 · 1y ago zip
3.2.2 2024-11-27 · 1y ago zip
3.2.1 2024-10-12 · 1y ago zip
3.2.0 2024-04-19 · 2y ago zip
3.1.5 2024-04-01 · 2y ago zip
3.1.4 2024-03-22 · 2y ago zip
3.1.3 2024-02-22 · 2y ago zip
3.1.2 2024-02-20 · 2y ago zip
3.1.1 2024-02-06 · 2y ago zip
3.1.0 2023-11-30 · 2y ago zip
3.0.6 2023-11-21 · 2y ago zip
3.0.5 2023-10-03 · 2y ago zip
3.0.4 2023-08-21 · 2y ago zip
3.0.3 2023-08-18 · 2y ago zip
3.0.2 2023-08-10 · 2y ago zip
3.0.1 2023-08-10 · 2y ago zip
3.0.0 2023-07-25 · 2y ago zip
2.0.4 2023-06-15 · 3y ago zip
2.0.3 2022-11-28 · 3y ago zip
2.0.2 2022-11-17 · 3y ago zip
2.0.1 2022-09-03 · 3y ago zip
2.0.0 2022-06-29 · 4y ago zip
1.0.10 2022-04-20 · 4y ago zip
1.0.9 2022-04-05 · 4y ago zip
1.0.8 2022-01-12 · 4y ago zip
1.0.7 2021-11-24 · 4y ago zip
1.0.6 2021-09-29 · 4y ago zip
1.0.5 2021-09-27 · 4y ago zip
1.0.4 2021-09-22 · 4y ago zip
1.0.3 2021-07-17 · 4y ago zip
1.0.2 2021-07-16 · 4y ago zip
1.0.1 2021-05-19 · 5y ago zip
1.0.0 2021-03-12 · 5y ago zip