PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite · by pixelyoursite · wordpress.org ↗ · SVN ↗

Active installs: 500k+
Current version: 11.2.0.4
Added: 2015-11-26
Last updated: 2026-03-18 (1mo ago)
First seen by beacon: 11d ago
Total downloads: 19,225,752

Alerts (0)

No open alerts.

Show 2 resolved alerts

Critical code_pattern Resolved · no_longer_matches 2026-04-24 17:01:47 (8d ago)

Slug	pixelyoursite
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`11.2.0.4`
Hit count	3
First hit	File `includes/class-plugin-updater.php` Line 401 Snippet L393: $request = wp_remote_post( $this->api_url, → L401: $request->sections = maybe_unserialize( $request->sections );
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.

View raw JSON

{
    "slug": "pixelyoursite",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "11.2.0.4",
    "hit_count": 3,
    "first_hit": {
        "file": "includes/class-plugin-updater.php",
        "line": 401,
        "snippet": "L393: $request    = wp_remote_post( $this->api_url,  \u2192  L401: $request->sections = maybe_unserialize( $request->sections );"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}

Critical code_scan_delta Resolved · fp_edd_updater_library 2026-04-24 15:49:26 (8d ago)

Slug pixelyoursite

Previous version 11.2.0.4

Current version 11.2.0.4

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`includes/class-plugin-updater.php`	401	L393: $request = wp_remote_post( $this->api_url, → L401: $request->sections = maybe_unserialize( $request->sections );	`high`
`unserialize_after_remote_call`	`builtin`	`includes/class-plugin-updater.php`	405	L393: $request = wp_remote_post( $this->api_url, → L405: $request->banners = maybe_unserialize( $request->banners );	`high`
`unserialize_after_remote_call`	`builtin`	`includes/class-plugin-updater.php`	463	L454: $request = wp_remote_post( $this->api_url, → L463: $version_info->sections = maybe_unserialize( $version_info->sections );	`high`

New finding count 3

View raw JSON

{
    "slug": "pixelyoursite",
    "previous_version": "11.2.0.4",
    "current_version": "11.2.0.4",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/class-plugin-updater.php",
            "line": 401,
            "snippet": "L393: $request    = wp_remote_post( $this->api_url,  \u2192  L401: $request->sections = maybe_unserialize( $request->sections );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/class-plugin-updater.php",
            "line": 405,
            "snippet": "L393: $request    = wp_remote_post( $this->api_url,  \u2192  L405: $request->banners = maybe_unserialize( $request->banners );",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/class-plugin-updater.php",
            "line": 463,
            "snippet": "L454: $request    = wp_remote_post( $this->api_url,  \u2192  L463: $version_info->sections = maybe_unserialize( $version_info->sections );",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

SVN committers (1)

Accounts with actual commit access to pixelyoursite on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
PixelYourSite	2015-11-10	200	2018-01-24 · r1808796	2026-03-18 · r3485589

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
PixelYourSite	2015-11-10	200 commits	Active

Versions (100 most recent)

Version	Released	Download
11.2.0.4	2026-03-18 · 1mo ago	zip
11.2.0.3	2026-02-23 · 2mo ago	zip
11.2.0.2	2026-02-11 · 2mo ago	zip
11.2.0.1	2026-02-05 · 2mo ago	zip
11.2.0	2026-02-02 · 2mo ago	zip
11.1.5.2	2026-01-05 · 3mo ago	zip
11.1.5.1	2025-12-20 · 4mo ago	zip
11.1.5	2025-12-10 · 4mo ago	zip
11.1.4.2	2025-12-08 · 4mo ago	zip
11.1.4.1	2025-12-01 · 5mo ago	zip
11.1.4	2025-11-24 · 5mo ago	zip
11.1.3	2025-10-15 · 6mo ago	zip
11.1.2	2025-10-02 · 7mo ago	zip
11.1.1	2025-09-15 · 7mo ago	zip
11.1.0	2025-08-27 · 8mo ago	zip
11.0.2	2025-08-12 · 8mo ago	zip
11.0.1.2	2025-07-23 · 9mo ago	zip
11.0.1.1	2025-07-17 · 9mo ago	zip
11.0.1	2025-07-16 · 9mo ago	zip
11.0.0.4	2025-07-03 · 10mo ago	zip
11.0.0.3	2025-06-17 · 10mo ago	zip
11.0.0.2	2025-06-02 · 11mo ago	zip
11.0.0.1	2025-05-30 · 11mo ago	zip
11.0.0	2025-05-29 · 11mo ago	zip
10.2.1	2025-05-07 · 12mo ago	zip
10.2.0.2	2025-04-16 · 1y ago	zip
10.2.0.1	2025-04-15 · 1y ago	zip
10.2.0	2025-04-07 · 1y ago	zip
10.1.3	2025-03-31 · 1y ago	zip
10.1.2.1	2025-03-04 · 1y ago	zip
10.1.1.2	2025-02-28 · 1y ago	zip
10.1.1.1	2025-02-19 · 1y ago	zip
10.1.1	2025-02-19 · 1y ago	zip
10.1.0	2025-02-05 · 1y ago	zip
10.0.4	2025-01-16 · 1y ago	zip
10.0.3.1	2024-12-27 · 1y ago	zip
10.0.3	2024-12-17 · 1y ago	zip
10.0.2	2024-12-04 · 1y ago	zip
10.0.1.2	2024-11-25 · 1y ago	zip
10.0.1.1	2024-11-21 · 1y ago	zip
10.0.1	2024-11-19 · 1y ago	zip
10.0.0	2024-10-29 · 1y ago	zip
9.7.2	2024-08-28 · 1y ago	zip
9.7.1	2024-07-31 · 1y ago	zip
9.7.0.1	2024-07-15 · 1y ago	zip
9.7.0	2024-07-09 · 1y ago	zip
9.6.2	2024-06-26 · 1y ago	zip
9.6.1.1	2024-06-05 · 1y ago	zip
9.6.1	2024-06-03 · 1y ago	zip
9.6.0.1	2024-05-24 · 1y ago	zip
9.6.0	2024-05-13 · 1y ago	zip
9.5.5	2024-04-09 · 2y ago	zip
9.5.4	2024-03-27 · 2y ago	zip
9.5.3	2024-03-19 · 2y ago	zip
9.5.1.1	2024-02-29 · 2y ago	zip
9.5.1	2024-02-23 · 2y ago	zip
9.5.0.1	2024-02-20 · 2y ago	zip
9.5.0	2024-02-19 · 2y ago	zip
9.4.7.1	2023-10-24 · 2y ago	zip
9.4.7	2023-10-19 · 2y ago	zip
9.4.6	2023-09-26 · 2y ago	zip
9.4.5.1	2023-09-09 · 2y ago	zip
9.4.5	2023-09-08 · 2y ago	zip
9.4.3	2023-08-28 · 2y ago	zip
9.4.2	2023-08-11 · 2y ago	zip
9.4.1	2023-08-03 · 2y ago	zip
9.4.0.1	2023-07-06 · 2y ago	zip
9.4.0	2023-07-05 · 2y ago	zip
9.3.9	2023-06-26 · 2y ago	zip
9.3.8.1	2023-06-08 · 2y ago	zip
9.3.8	2023-06-07 · 2y ago	zip
9.3.7	2023-05-15 · 2y ago	zip
9.3.6	2023-04-12 · 3y ago	zip
9.3.5	2023-03-21 · 3y ago	zip
9.3.4	2023-03-20 · 3y ago	zip
9.3.3	2023-03-06 · 3y ago	zip
9.3.2	2023-01-25 · 3y ago	zip
9.3.1	2023-01-19 · 3y ago	zip
9.3.0	2023-01-11 · 3y ago	zip
7.3.0	2023-01-11 · 3y ago	zip
9.2.2	2022-11-28 · 3y ago	zip
9.2.1	2022-10-23 · 3y ago	zip
9.2.0	2022-08-23 · 3y ago	zip
9.1.1	2022-06-15 · 3y ago	zip
9.1.0	2022-06-13 · 3y ago	zip
9.0.0	2022-05-07 · 3y ago	zip
8.2.18	2022-03-29 · 4y ago	zip
8.2.17	2022-03-09 · 4y ago	zip
8.2.16	2022-02-07 · 4y ago	zip
8.2.15	2021-12-19 · 4y ago	zip
8.2.14	2021-12-14 · 4y ago	zip
8.2.13	2021-11-21 · 4y ago	zip
8.2.12	2021-11-18 · 4y ago	zip
8.2.11	2021-11-08 · 4y ago	zip
8.2.10	2021-11-05 · 4y ago	zip
2.8.10	2021-11-05 · 4y ago	zip
2.8.9	2021-11-05 · 4y ago	zip
8.2.8	2021-09-16 · 4y ago	zip
8.2.7	2021-09-10 · 4y ago	zip
8.2.6	2021-08-04 · 4y ago	zip