Ocean Extra

ocean-extra · by oceanwp · wordpress.org ↗ · SVN ↗

Acquired by OceanWP. Previously owned by OceanWP team. New committers from that team's naming convention are expected and will not fire takeover events. source ↗

Active installs: 500k+
Current version: 2.5.5
Added: 2016-10-23
Last updated: 2026-03-31 (1mo ago)
First seen by beacon: 10d ago
Total downloads: 26,874,475

Alerts (0)

No open alerts.

Show 4 resolved alerts

Critical code_pattern Resolved · no_longer_matches 2026-04-24 17:08:39 (7d ago)

Slug	ocean-extra
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`2.5.5`
Hit count	3
First hit	File `includes/panel/classes/importers/class-settings-importer.php` Line 25 Snippet L24: $raw = file_get_contents( $file ); → L25: $data = @unserialize( $raw, [ 'allowed_classes' => false ] );
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.

View raw JSON

{
    "slug": "ocean-extra",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "2.5.5",
    "hit_count": 3,
    "first_hit": {
        "file": "includes/panel/classes/importers/class-settings-importer.php",
        "line": 25,
        "snippet": "L24: $raw  = file_get_contents( $file );  \u2192  L25: $data = @unserialize( $raw, [ 'allowed_classes' => false ]  );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}

Critical code_scan_delta Resolved · fp_safe_deserialize_allowed_classes_false 2026-04-24 15:50:40 (7d ago)

Slug ocean-extra

Previous version 2.5.5

Current version 2.5.5

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`includes/panel/classes/importers/class-settings-importer.php`	25	L24: $raw = file_get_contents( $file ); → L25: $data = @unserialize( $raw, [ 'allowed_classes' => false ] );	`high`
`unserialize_after_remote_call`	`builtin`	`includes/onboarding/class/importer/theme-settings.php`	38	L32: $raw = file_get_contents( $file ); → L38: $data = @unserialize( $raw, [ 'allowed_classes' => false ] );	`high`
`unserialize_after_remote_call`	`builtin`	`includes/themepanel/theme-panel.php`	434	L433: $raw = file_get_contents( $file ); → L434: $data = @unserialize( $raw, [ 'allowed_classes' => false ] );	`high`

New finding count 3

View raw JSON

{
    "slug": "ocean-extra",
    "previous_version": "2.5.5",
    "current_version": "2.5.5",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/panel/classes/importers/class-settings-importer.php",
            "line": 25,
            "snippet": "L24: $raw  = file_get_contents( $file );  \u2192  L25: $data = @unserialize( $raw, [ 'allowed_classes' => false ]  );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/onboarding/class/importer/theme-settings.php",
            "line": 38,
            "snippet": "L32: $raw = file_get_contents( $file );  \u2192  L38: $data = @unserialize( $raw, [ 'allowed_classes' => false ] );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/themepanel/theme-panel.php",
            "line": 434,
            "snippet": "L433: $raw  = file_get_contents( $file );  \u2192  L434: $data = @unserialize( $raw, [ 'allowed_classes' => false ]  );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

Medium bulk_committer_takeover Resolved · no_longer_matches 2026-04-24 10:51:04 (8d ago)

Committer

apprimit

Member since

2016-01-12

Plugins joined

Spread days

182

Earliest join

2020-04-01 13:38:37

Latest join

2020-09-30 15:51:31

Combined installs

660,000

Sample plugins

Slug	Active installs	First commit at
ocean-extra	500,000	2020-09-30 15:51:31
ocean-social-sharing	70,000	2020-04-01 13:49:02
ocean-custom-sidebar	30,000	2020-04-01 13:38:37
ocean-product-sharing	20,000	2020-04-01 13:45:30
ocean-stick-anything	20,000	2020-04-01 13:51:03
ocean-modal-window	10,000	2020-04-01 13:41:01
ocean-posts-slider	10,000	2020-04-01 13:43:09

View raw JSON

{
    "committer": "apprimit",
    "member_since": "2016-01-12",
    "plugins_joined": 7,
    "spread_days": 182,
    "earliest_join": "2020-04-01 13:38:37",
    "latest_join": "2020-09-30 15:51:31",
    "combined_installs": 660000,
    "sample_plugins": [
        {
            "slug": "ocean-extra",
            "active_installs": 500000,
            "first_commit_at": "2020-09-30 15:51:31"
        },
        {
            "slug": "ocean-social-sharing",
            "active_installs": 70000,
            "first_commit_at": "2020-04-01 13:49:02"
        },
        {
            "slug": "ocean-custom-sidebar",
            "active_installs": 30000,
            "first_commit_at": "2020-04-01 13:38:37"
        },
        {
            "slug": "ocean-product-sharing",
            "active_installs": 20000,
            "first_commit_at": "2020-04-01 13:45:30"
        },
        {
            "slug": "ocean-stick-anything",
            "active_installs": 20000,
            "first_commit_at": "2020-04-01 13:51:03"
        },
        {
            "slug": "ocean-modal-window",
            "active_installs": 10000,
            "first_commit_at": "2020-04-01 13:41:01"
        },
        {
            "slug": "ocean-posts-slider",
            "active_installs": 10000,
            "first_commit_at": "2020-04-01 13:43:09"
        }
    ]
}

Medium bulk_committer_takeover Resolved · no_longer_matches 2026-04-24 00:26:43 (8d ago)

Committer

apprimit

Member since

2016-01-12

Plugins joined

Spread days

182

Earliest join

2020-04-01 13:38:37

Latest join

2020-09-30 15:51:31

Combined installs

640,000

Sample plugins

Slug	Active installs	First commit at
ocean-extra	500,000	2020-09-30 15:51:31
ocean-social-sharing	70,000	2020-04-01 13:49:02
ocean-custom-sidebar	30,000	2020-04-01 13:38:37
ocean-product-sharing	20,000	2020-04-01 13:45:30
ocean-stick-anything	20,000	2020-04-01 13:51:03

View raw JSON

{
    "committer": "apprimit",
    "member_since": "2016-01-12",
    "plugins_joined": 5,
    "spread_days": 182,
    "earliest_join": "2020-04-01 13:38:37",
    "latest_join": "2020-09-30 15:51:31",
    "combined_installs": 640000,
    "sample_plugins": [
        {
            "slug": "ocean-extra",
            "active_installs": 500000,
            "first_commit_at": "2020-09-30 15:51:31"
        },
        {
            "slug": "ocean-social-sharing",
            "active_installs": 70000,
            "first_commit_at": "2020-04-01 13:49:02"
        },
        {
            "slug": "ocean-custom-sidebar",
            "active_installs": 30000,
            "first_commit_at": "2020-04-01 13:38:37"
        },
        {
            "slug": "ocean-product-sharing",
            "active_installs": 20000,
            "first_commit_at": "2020-04-01 13:45:30"
        },
        {
            "slug": "ocean-stick-anything",
            "active_installs": 20000,
            "first_commit_at": "2020-04-01 13:51:03"
        }
    ]
}

SVN committers (4)

Accounts with actual commit access to ocean-extra on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
Amit Singh	2016-01-12	107	2020-09-30 · r2391055	2026-03-31 · r3495282
oceanwp Young account	2016-10-19	84	2016-10-23 · r1520440	2020-08-11 · r2357319
svovaf	2010-12-27	9	2019-08-26 · r2145683	2019-09-11 · r2154638
plugin-master	2007-03-09	1	2016-10-23 · r1520092	2016-10-23 · r1520092

Readme contributors (3)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
Amit Singh	2016-01-12	107 commits	Active
oceanwp	2016-10-19	84 commits	Active
Marko OceanWP	2019-08-12	—	Active

Versions (100 most recent)

Version	Released	Download
2.5.5	2026-03-31 · 1mo ago	zip
2.5.4	2026-03-09 · 1mo ago	zip
2.5.3	2026-02-16 · 2mo ago	zip
2.5.2	2025-11-24 · 5mo ago	zip
2.5.1	2025-09-16 · 7mo ago	zip
2.5.0	2025-08-28 · 8mo ago	zip
2.4.9	2025-06-02 · 11mo ago	zip
2.4.8	2025-05-14 · 11mo ago	zip
2.4.7	2025-04-21 · 1y ago	zip
2.4.6	2025-04-03 · 1y ago	zip
2.4.5	2025-02-27 · 1y ago	zip
2.4.4	2025-01-27 · 1y ago	zip
2.4.3	2024-11-27 · 1y ago	zip
2.4.2	2024-10-29 · 1y ago	zip
2.4.1	2024-10-21 · 1y ago	zip
2.4.0	2024-10-16 · 1y ago	zip
2.3.1	2024-10-11 · 1y ago	zip
2.3.0	2024-07-03 · 1y ago	zip
2.2.9	2024-06-05 · 1y ago	zip
2.2.8	2024-05-22 · 1y ago	zip
2.2.7	2024-04-08 · 2y ago	zip
2.2.6	2024-03-12 · 2y ago	zip
2.2.5	2024-02-14 · 2y ago	zip
2.2.4	2023-12-11 · 2y ago	zip
2.2.3	2023-11-27 · 2y ago	zip
2.2.2	2023-11-14 · 2y ago	zip
2.2.1	2023-10-18 · 2y ago	zip
2.2.0	2023-09-06 · 2y ago	zip
2.1.8	2023-07-19 · 2y ago	zip
2.1.7	2023-05-23 · 2y ago	zip
2.1.6	2023-04-10 · 3y ago	zip
2.1.5	2023-04-05 · 3y ago	zip
2.1.4	2023-02-22 · 3y ago	zip
2.1.3	2023-02-13 · 3y ago	zip
2.1.2	2023-02-01 · 3y ago	zip
2.1.1	2023-01-11 · 3y ago	zip
2.1.0	2023-01-10 · 3y ago	zip
1.6.5	2020-08-11 · 5y ago	zip
1.6.4	2020-07-06 · 5y ago	zip
1.6.3	2020-05-13 · 5y ago	zip
1.6.2	2020-04-01 · 6y ago	zip
1.6.1	2020-03-23 · 6y ago	zip
1.6.0	2020-03-11 · 6y ago	zip
1.5.20	2020-01-06 · 6y ago	zip
1.5.19	2019-11-13 · 6y ago	zip
1.5.18	2019-11-04 · 6y ago	zip
1.5.17	2019-11-04 · 6y ago	zip
1.5.16	2019-09-11 · 6y ago	zip
1.5.15	2019-08-29 · 6y ago	zip
1.5.14	2019-08-26 · 6y ago	zip
1.5.13	2019-08-20 · 6y ago	zip
1.5.12	2019-08-18 · 6y ago	zip
1.5.4	2019-04-17 · 7y ago	zip
1.5.3	2019-02-07 · 7y ago	zip
1.5.2	2019-01-30 · 7y ago	zip
1.5.1	2019-01-30 · 7y ago	zip
1.5.0	2019-01-11 · 7y ago	zip
1.4.30	2018-12-17 · 7y ago	zip
1.4.29	2018-12-13 · 7y ago	zip
1.4.28	2018-09-20 · 7y ago	zip
1.4.27	2018-09-20 · 7y ago	zip
1.4.25	2018-09-06 · 7y ago	zip
1.4.26	2018-09-06 · 7y ago	zip
1.4.24	2018-09-04 · 7y ago	zip
1.4.23	2018-08-29 · 7y ago	zip
1.4.22	2018-08-27 · 7y ago	zip
1.4.21	2018-08-27 · 7y ago	zip
1.4.20	2018-08-02 · 7y ago	zip
1.4.19	2018-07-26 · 7y ago	zip
1.4.18	2018-07-10 · 7y ago	zip
1.4.17	2018-07-05 · 7y ago	zip
1.4.16	2018-06-22 · 7y ago	zip
1.4.15	2018-06-21 · 7y ago	zip
1.4.14	2018-06-11 · 7y ago	zip
1.4.13	2018-06-10 · 7y ago	zip
1.4.12	2018-06-03 · 7y ago	zip
1.4.11	2018-04-16 · 8y ago	zip
1.4.10	2018-03-30 · 8y ago	zip
1.4.9	2018-03-25 · 8y ago	zip
1.4.8	2018-03-14 · 8y ago	zip
1.4.7	2018-03-05 · 8y ago	zip
1.4.6	2018-03-04 · 8y ago	zip
1.4.5	2018-03-04 · 8y ago	zip
1.4.4	2018-02-15 · 8y ago	zip
1.4.3	2018-01-28 · 8y ago	zip
1.4.2	2018-01-09 · 8y ago	zip
1.4.1	2018-01-04 · 8y ago	zip
1.4.0	2018-01-02 · 8y ago	zip
1.3.10	2017-12-17 · 8y ago	zip
1.3.9	2017-12-09 · 8y ago	zip
1.3.8	2017-11-16 · 8y ago	zip
1.3.7	2017-11-09 · 8y ago	zip
1.3.6	2017-11-02 · 8y ago	zip
1.3.5	2017-10-18 · 8y ago	zip
1.3.4	2017-10-14 · 8y ago	zip
1.3.3	2017-10-13 · 8y ago	zip
1.3.2	2017-09-17 · 8y ago	zip
1.3.1	2017-08-26 · 8y ago	zip
1.3.0	2017-08-24 · 8y ago	zip
1.2.10	2017-08-02 · 8y ago	zip