Plugin: portfolio-and-projects

Alerts (0)

No open alerts.

Show 10 resolved alerts

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	portfolio-and-projects
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`1.5.6.1`
Hit count	1
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 696 Snippet L690: $data = @file_get_contents($url); → L696: $info = @unserialize($data);
Explanation	a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.

View raw JSON

{
    "slug": "portfolio-and-projects",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.5.6.1",
    "hit_count": 1,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 696,
        "snippet": "L690: $data = @file_get_contents($url);  \u2192  L696: $info = @unserialize($data);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	portfolio-and-projects
Pattern	`Wpos_Anylc_Admin`
Kind	`ioc:code_pattern`
Version	`1.5.6.1`
Hit count	6
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 15 Snippet `class Wpos_Anylc_Admin {`
Explanation	—

View raw JSON

{
    "slug": "portfolio-and-projects",
    "pattern": "Wpos_Anylc_Admin",
    "kind": "ioc:code_pattern",
    "version": "1.5.6.1",
    "hit_count": 6,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 15,
        "snippet": "class Wpos_Anylc_Admin {"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	portfolio-and-projects
Pattern	`wpos_rest_api_init`
Kind	`ioc:code_pattern`
Version	`1.5.6.1`
Hit count	2
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 72 Snippet `add_action( 'rest_api_init', array($this, 'wpos_rest_api_init') );`
Explanation	—

View raw JSON

{
    "slug": "portfolio-and-projects",
    "pattern": "wpos_rest_api_init",
    "kind": "ioc:code_pattern",
    "version": "1.5.6.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 72,
        "snippet": "add_action( 'rest_api_init', array($this, 'wpos_rest_api_init') );"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	portfolio-and-projects
Pattern	`wpos_handle_analytics_request`
Kind	`ioc:code_pattern`
Version	`1.5.6.1`
Hit count	2
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 593 Snippet 'callback' => array( $this, 'wpos_handle_analytics_request' ),
Explanation	—

View raw JSON

{
    "slug": "portfolio-and-projects",
    "pattern": "wpos_handle_analytics_request",
    "kind": "ioc:code_pattern",
    "version": "1.5.6.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 593,
        "snippet": "'callback'            => array( $this, 'wpos_handle_analytics_request' ),"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	portfolio-and-projects
Pattern	`wpos_get_plugin_version_by_file`
Kind	`ioc:code_pattern`
Version	`1.5.6.1`
Hit count	2
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 657 Snippet `$version = $this->wpos_get_plugin_version_by_file($matching_product['file']);`
Explanation	—

View raw JSON

{
    "slug": "portfolio-and-projects",
    "pattern": "wpos_get_plugin_version_by_file",
    "kind": "ioc:code_pattern",
    "version": "1.5.6.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 657,
        "snippet": "$version = $this->wpos_get_plugin_version_by_file($matching_product['file']);"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	portfolio-and-projects
Pattern	`wpos_process_monthly_data`
Kind	`ioc:code_pattern`
Version	`1.5.6.1`
Hit count	3
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 545 Snippet `$this->wpos_process_monthly_data( $this->analytics_slugs );`
Explanation	—

View raw JSON

{
    "slug": "portfolio-and-projects",
    "pattern": "wpos_process_monthly_data",
    "kind": "ioc:code_pattern",
    "version": "1.5.6.1",
    "hit_count": 3,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 545,
        "snippet": "$this->wpos_process_monthly_data( $this->analytics_slugs );"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	portfolio-and-projects
Pattern	`analytics.essentialplugin.com`
Kind	`ioc:domain`
Version	`1.5.6.1`
Hit count	6
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 17 Snippet `public $analytics_endpoint = 'https://analytics.essentialplugin.com';`
Explanation	—

View raw JSON

{
    "slug": "portfolio-and-projects",
    "pattern": "analytics.essentialplugin.com",
    "kind": "ioc:domain",
    "version": "1.5.6.1",
    "hit_count": 6,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 17,
        "snippet": "public $analytics_endpoint\t= 'https://analytics.essentialplugin.com';"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	portfolio-and-projects
Pattern	https://analytics.essentialplugin.com
Kind	`ioc:url`
Version	`1.5.6.1`
Hit count	5
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 17 Snippet `public $analytics_endpoint = 'https://analytics.essentialplugin.com';`
Explanation	—

View raw JSON

{
    "slug": "portfolio-and-projects",
    "pattern": "https://analytics.essentialplugin.com",
    "kind": "ioc:url",
    "version": "1.5.6.1",
    "hit_count": 5,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 17,
        "snippet": "public $analytics_endpoint\t= 'https://analytics.essentialplugin.com';"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	portfolio-and-projects
Pattern	`$analytics_endpoint`
Kind	`ioc:code_pattern`
Version	`1.5.6.1`
Hit count	1
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 17 Snippet `public $analytics_endpoint = 'https://analytics.essentialplugin.com';`
Explanation	—

View raw JSON

{
    "slug": "portfolio-and-projects",
    "pattern": "$analytics_endpoint",
    "kind": "ioc:code_pattern",
    "version": "1.5.6.1",
    "hit_count": 1,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 17,
        "snippet": "public $analytics_endpoint\t= 'https://analytics.essentialplugin.com';"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	portfolio-and-projects
Pattern	`wpos_monthly_cron_hook`
Kind	`ioc:code_pattern`
Version	`1.5.6.1`
Hit count	4
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 69 Snippet add_action( 'wpos_monthly_cron_hook', array($this, 'wpos_monthly_cron_hook_fn') );
Explanation	—

View raw JSON

{
    "slug": "portfolio-and-projects",
    "pattern": "wpos_monthly_cron_hook",
    "kind": "ioc:code_pattern",
    "version": "1.5.6.1",
    "hit_count": 4,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 69,
        "snippet": "add_action( 'wpos_monthly_cron_hook', array($this, 'wpos_monthly_cron_hook_fn') );"
    },
    "explanation": null
}

SVN committers (5)

Accounts with actual commit access to portfolio-and-projects on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
wponlinesupport	2015-09-02	30	2018-12-07 · r1987848	2025-05-15 · r3293964
anoopranawat	2013-06-24	22	2017-01-03 · r1566838	2019-03-04 · r2043931
essentialplugin	2025-05-12	3	2025-11-12 · r3394335	2026-02-20 · r3465999
Francisco Torres	2012-02-08	1	2026-04-07 · r3501140	2026-04-07 · r3501140
plugin-master	2007-03-09	1	2017-01-02 · r1566470	2017-01-02 · r1566470

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
essentialplugin	2025-05-12	3 commits	Active

Versions (9 most recent)

Version	Released	Download
1.5.6.1	2026-04-07 · 24d ago	—
1.5.6	2026-02-20 · 2mo ago	—
1.5.5	2025-11-12 · 5mo ago	—
1.5.4	2025-05-15 · 11mo ago	—
1.5.3	2025-01-20 · 1y ago	—
1.5.2	2024-11-08 · 1y ago	—
1.5.1	2024-08-01 · 1y ago	—
1.3.5	2023-01-20 · 3y ago	—
1.0.7	2020-11-04 · 5y ago	—

Portfolio and Projects

Alerts (0)

SVN committers (5)

Readme contributors (1)

Versions (9 most recent)