PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite · by pixelyoursite · wordpress.org ↗ · SVN ↗
Active installs
500k+
Current version
11.2.0.7
Added
2015-11-26
Last updated
2026-06-09 (23d ago)
First seen by beacon
2mo ago
Total downloads
19,828,821

Statistics

2024-06-17 → 2026-07-01 · 745 days
Downloads today
3,680
7-day total 21,688
Week over week
▼ -18%
vs prior 7 days
30-day trend
declining
▼ -38% MoM
Abandonment
○○○○○
healthy
Downloads/day Linear trend
129k97k65k32k02024-062024-102025-022025-062025-102026-022026-07
84k63k42k21k02026-042026-042026-052026-052026-062026-06
72k54k36k18k02026-062026-062026-062026-062026-062026-06

Active versions

11.2other11.1
11.2 · 65.2%other · 23.5%11.1 · 11.3%

Ratings

5★
214
4★
7
3★
6
2★
7
1★
36

Support: 2/4 resolved

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern Resolved · no_longer_matches 2026-04-24 17:01:47 (2mo ago)
Slugpixelyoursite
Patternunserialize_after_remote_call
Kindbuiltin
Version11.2.0.4
Hit count3
First hit
File
includes/class-plugin-updater.php
Line
401
Snippet
L393: $request = wp_remote_post( $this->api_url, → L401: $request->sections = maybe_unserialize( $request->sections );
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "pixelyoursite",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "11.2.0.4",
    "hit_count": 3,
    "first_hit": {
        "file": "includes/class-plugin-updater.php",
        "line": 401,
        "snippet": "L393: $request    = wp_remote_post( $this->api_url,  \u2192  L401: $request->sections = maybe_unserialize( $request->sections );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta Resolved · fp_edd_updater_library 2026-04-24 15:49:26 (2mo ago)
Slugpixelyoursite
Previous version11.2.0.4
Current version11.2.0.4
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinincludes/class-plugin-updater.php401L393: $request = wp_remote_post( $this->api_url, → L401: $request->sections = maybe_unserialize( $request->sections );high
unserialize_after_remote_callbuiltinincludes/class-plugin-updater.php405L393: $request = wp_remote_post( $this->api_url, → L405: $request->banners = maybe_unserialize( $request->banners );high
unserialize_after_remote_callbuiltinincludes/class-plugin-updater.php463L454: $request = wp_remote_post( $this->api_url, → L463: $version_info->sections = maybe_unserialize( $version_info->sections );high
New finding count3
View raw JSON
{
    "slug": "pixelyoursite",
    "previous_version": "11.2.0.4",
    "current_version": "11.2.0.4",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/class-plugin-updater.php",
            "line": 401,
            "snippet": "L393: $request    = wp_remote_post( $this->api_url,  \u2192  L401: $request->sections = maybe_unserialize( $request->sections );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/class-plugin-updater.php",
            "line": 405,
            "snippet": "L393: $request    = wp_remote_post( $this->api_url,  \u2192  L405: $request->banners = maybe_unserialize( $request->banners );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/class-plugin-updater.php",
            "line": 463,
            "snippet": "L454: $request    = wp_remote_post( $this->api_url,  \u2192  L463: $version_info->sections = maybe_unserialize( $version_info->sections );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

SVN committers (2)

Accounts with actual commit access to pixelyoursite on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
PixelYourSite Young account 2015-11-10 637 2015-11-26 · r1295128 2026-06-09 · r3566032
plugin-master 2007-03-09 1 2015-11-26 · r1294545 2015-11-26 · r1294545

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
PixelYourSite 2015-11-10 637 commits Active

Versions (100 most recent)

Version Released Download
11.2.0.7 zip
11.2.0.6 2026-05-25 · 1mo ago zip
11.2.0.5 2026-05-11 · 1mo ago zip
11.2.0.4 2026-03-18 · 3mo ago zip
11.2.0.3 2026-02-23 · 4mo ago zip
11.2.0.2 2026-02-11 · 4mo ago zip
11.2.0.1 2026-02-05 · 4mo ago zip
11.2.0 2026-02-02 · 5mo ago zip
11.1.5.2 2026-01-05 · 5mo ago zip
11.1.5.1 2025-12-20 · 6mo ago zip
11.1.5 2025-12-10 · 6mo ago zip
11.1.4.2 2025-12-08 · 6mo ago zip
11.1.4.1 2025-12-01 · 7mo ago zip
11.1.4 2025-11-24 · 7mo ago zip
11.1.3 2025-10-15 · 8mo ago zip
11.1.2 2025-10-02 · 9mo ago zip
11.1.1 2025-09-15 · 9mo ago zip
11.1.0 2025-08-27 · 10mo ago zip
11.0.2 2025-08-12 · 10mo ago zip
11.0.1.2 2025-07-23 · 11mo ago zip
11.0.1.1 2025-07-17 · 11mo ago zip
11.0.1 2025-07-16 · 11mo ago zip
11.0.0.4 2025-07-03 · 12mo ago zip
11.0.0.3 2025-06-17 · 1y ago zip
11.0.0.2 2025-06-02 · 1y ago zip
11.0.0.1 2025-05-30 · 1y ago zip
11.0.0 2025-05-29 · 1y ago zip
10.2.1 2025-05-07 · 1y ago zip
10.2.0.2 2025-04-16 · 1y ago zip
10.2.0.1 2025-04-15 · 1y ago zip
10.2.0 2025-04-07 · 1y ago zip
10.1.3 2025-03-31 · 1y ago zip
10.1.2.1 2025-03-04 · 1y ago zip
10.1.1.2 2025-02-28 · 1y ago zip
10.1.1.1 2025-02-19 · 1y ago zip
10.1.1 2025-02-19 · 1y ago zip
10.1.0 2025-02-05 · 1y ago zip
10.0.4 2025-01-16 · 1y ago zip
10.0.3.1 2024-12-27 · 1y ago zip
10.0.3 2024-12-17 · 1y ago zip
10.0.2 2024-12-04 · 1y ago zip
10.0.1.2 2024-11-25 · 1y ago zip
10.0.1.1 2024-11-21 · 1y ago zip
10.0.1 2024-11-19 · 1y ago zip
10.0.0 2024-10-29 · 1y ago zip
9.7.2 2024-08-28 · 1y ago zip
9.7.1 2024-07-31 · 1y ago zip
9.7.0.1 2024-07-15 · 1y ago zip
9.7.0 2024-07-09 · 1y ago zip
9.6.2 2024-06-26 · 2y ago zip
9.6.1.1 2024-06-05 · 2y ago zip
9.6.1 2024-06-03 · 2y ago zip
9.6.0.1 2024-05-24 · 2y ago zip
9.6.0 2024-05-13 · 2y ago zip
9.5.5 2024-04-09 · 2y ago zip
9.5.4 2024-03-27 · 2y ago zip
9.5.3 2024-03-19 · 2y ago zip
9.5.1.1 2024-02-29 · 2y ago zip
9.5.1 2024-02-23 · 2y ago zip
9.5.0.1 2024-02-20 · 2y ago zip
9.5.0 2024-02-19 · 2y ago zip
9.4.7.1 2023-10-24 · 2y ago zip
9.4.7 2023-10-19 · 2y ago zip
9.4.6 2023-09-26 · 2y ago zip
9.4.5.1 2023-09-09 · 2y ago zip
9.4.5 2023-09-08 · 2y ago zip
9.4.3 2023-08-28 · 2y ago zip
9.4.2 2023-08-11 · 2y ago zip
9.4.1 2023-08-03 · 2y ago zip
9.4.0.1 2023-07-06 · 2y ago zip
9.4.0 2023-07-05 · 2y ago zip
9.3.9 2023-06-26 · 3y ago zip
9.3.8.1 2023-06-08 · 3y ago zip
9.3.8 2023-06-07 · 3y ago zip
9.3.7 2023-05-15 · 3y ago zip
9.3.6 2023-04-12 · 3y ago zip
9.3.5 2023-03-21 · 3y ago zip
9.3.4 2023-03-20 · 3y ago zip
9.3.3 2023-03-06 · 3y ago zip
9.3.2 2023-01-25 · 3y ago zip
9.3.1 2023-01-19 · 3y ago zip
9.3.0 2023-01-11 · 3y ago zip
7.3.0 2023-01-11 · 3y ago zip
9.2.2 2022-11-28 · 3y ago zip
9.2.1 2022-10-23 · 3y ago zip
9.2.0 2022-08-23 · 3y ago zip
9.1.1 2022-06-15 · 4y ago zip
9.1.0 2022-06-13 · 4y ago zip
9.0.0 2022-05-07 · 4y ago zip
8.2.18 2022-03-29 · 4y ago zip
8.2.17 2022-03-09 · 4y ago zip
8.2.16 2022-02-07 · 4y ago zip
8.2.15 2021-12-19 · 4y ago zip
8.2.14 2021-12-14 · 4y ago zip
8.2.13 2021-11-21 · 4y ago zip
8.2.12 2021-11-18 · 4y ago zip
8.2.11 2021-11-08 · 4y ago zip
8.2.10 2021-11-05 · 4y ago zip
2.8.10 2021-11-05 · 4y ago zip
2.8.9 2021-11-05 · 4y ago zip