WP Beacon

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp · by saadiqbal · wordpress.org ↗ · SVN ↗
Active installs
300k+
Current version
3.9.1
Added
2017-10-15
Last updated
2026-04-01 (1mo ago)
First seen by beacon
10d ago
Total downloads
19,037,852

Alerts (0)

No open alerts.

Show 2 resolved alerts
Critical code_pattern Resolved · no_longer_matches 2026-04-24 17:01:47 (7d ago)
Slugpost-smtp
Patternunserialize_after_remote_call
Kindbuiltin
Version3.9.1
Hit count3
First hit
File
includes/libs/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php
Line
73
Snippet
L73: return unserialize(file_get_contents($file)); → L73: return unserialize(file_get_contents($file));
Explanationa remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
View raw JSON
{
    "slug": "post-smtp",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.9.1",
    "hit_count": 3,
    "first_hit": {
        "file": "includes/libs/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php",
        "line": 73,
        "snippet": "L73: return unserialize(file_get_contents($file));  \u2192  L73: return unserialize(file_get_contents($file));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta Resolved · fp_vendored_library_local_cache 2026-04-24 15:53:07 (7d ago)
Slugpost-smtp
Previous version3.9.1
Current version3.9.1
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinincludes/libs/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php73L73: return unserialize(file_get_contents($file)); → L73: return unserialize(file_get_contents($file));high
unserialize_after_remote_callbuiltinincludes/libs/HTMLPurifier/HTMLPurifier/ConfigSchema.php72L71: $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/sc → L72: $r = unserialize($contents);high
unserialize_after_remote_callbuiltinincludes/libs/HTMLPurifier/HTMLPurifier/EntityLookup.php26L26: $this->table = unserialize(file_get_contents($file)); → L26: $this->table = unserialize(file_get_contents($file));high
New finding count3
View raw JSON
{
    "slug": "post-smtp",
    "previous_version": "3.9.1",
    "current_version": "3.9.1",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/libs/HTMLPurifier/HTMLPurifier/DefinitionCache/Serializer.php",
            "line": 73,
            "snippet": "L73: return unserialize(file_get_contents($file));  \u2192  L73: return unserialize(file_get_contents($file));",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/libs/HTMLPurifier/HTMLPurifier/ConfigSchema.php",
            "line": 72,
            "snippet": "L71: $contents = file_get_contents(HTMLPURIFIER_PREFIX . '/HTMLPurifier/ConfigSchema/sc  \u2192  L72: $r = unserialize($contents);",
            "confidence": "high"
        },
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/libs/HTMLPurifier/HTMLPurifier/EntityLookup.php",
            "line": 26,
            "snippet": "L26: $this->table = unserialize(file_get_contents($file));  \u2192  L26: $this->table = unserialize(file_get_contents($file));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 3
}

SVN committers (2)

Accounts with actual commit access to post-smtp on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
WPExperts.io 2016-03-28 200 2022-02-23 · r2683779 2026-04-01 · r3496249
yehudah 2011-11-29 101 2019-01-28 · r2020807 2022-02-13 · r2678027

Readme contributors (2)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
WPExperts.io 2016-03-28 200 commits Active
Saad Iqbal 2014-12-28 Active

Versions (100 most recent)

Version Released Download
3.9.1 2026-04-01 · 1mo ago zip
3.9.0 2026-03-17 · 1mo ago zip
3.8.0 2026-01-20 · 3mo ago zip
3.7.0 2025-12-24 · 4mo ago zip
3.6.3 2025-12-17 · 4mo ago zip
3.6.2 2025-12-12 · 4mo ago zip
3.6.1 2025-10-29 · 6mo ago zip
3.6.0 2025-10-14 · 6mo ago zip
3.5.0 2025-09-18 · 7mo ago zip
3.4.2 2025-09-01 · 8mo ago zip
3.4.1 2025-08-20 · 8mo ago zip
3.4.0 2025-08-18 · 8mo ago zip
3.3.0 2025-06-23 · 10mo ago zip
3.2.0 2025-05-19 · 11mo ago zip
3.1.4 2025-04-14 · 1y ago zip
3.1.3 2025-03-03 · 1y ago zip
3.1.2 2025-02-24 · 1y ago zip
3.1.1 2025-02-11 · 1y ago zip
3.1.0 2025-02-10 · 1y ago zip
3.0.2 2025-01-27 · 1y ago zip
3.0.2-beta.1 2025-01-16 · 1y ago zip
3.0.1 2025-01-14 · 1y ago zip
3.0.1-beta.1 2025-01-09 · 1y ago zip
3.0.0 2025-01-07 · 1y ago zip
3.0.0-rc.1 2025-01-06 · 1y ago zip
2.9.14 2024-12-18 · 1y ago zip
2.9.13 2024-12-10 · 1y ago zip
2.9.12 2024-12-02 · 1y ago zip
2.9.11 2024-11-21 · 1y ago zip
2.9.10 2024-11-19 · 1y ago zip
2.9.9 2024-10-21 · 1y ago zip
3.0.0-beta.1 2024-10-16 · 1y ago zip
2.9.8 2024-08-21 · 1y ago zip
2.9.7 2024-07-01 · 1y ago zip
2.9.6 2024-06-27 · 1y ago zip
2.9.5 2024-06-25 · 1y ago zip
2.9.4 2024-06-05 · 1y ago zip
2.9.3 2024-05-22 · 1y ago zip
2.9.2 2024-05-13 · 1y ago zip
2.9.1 2024-05-02 · 2y ago zip
2.9.0 2024-04-16 · 2y ago zip
2.8.12 2024-03-26 · 2y ago zip
2.8.11 2024-01-19 · 2y ago zip
2.8.10 2024-01-18 · 2y ago zip
2.8.9 2024-01-15 · 2y ago zip
2.8.8 2024-01-01 · 2y ago zip
2.8.7 2023-12-20 · 2y ago zip
2.8.6 2023-12-07 · 2y ago zip
2.8.5 2023-11-23 · 2y ago zip
2.8.4 2023-11-20 · 2y ago zip
2.8.3 2023-11-17 · 2y ago zip
2.8.2 2023-11-14 · 2y ago zip
2.8.1 2023-11-13 · 2y ago zip
2.8.0 2023-11-13 · 2y ago zip
2.7.3 2023-11-06 · 2y ago zip
2.8.0-beta.1 2023-11-03 · 2y ago zip
2.7.2 2023-11-01 · 2y ago zip
2.7.1 2023-11-01 · 2y ago zip
2.7.0 2023-10-27 · 2y ago zip
2.6.2 2023-10-19 · 2y ago zip
2.6.1 2023-10-03 · 2y ago zip
2.6.0 2023-09-12 · 2y ago zip
2.5.9.4 2023-08-29 · 2y ago zip
2.5.9.3 2023-08-17 · 2y ago zip
2.5.9.2 2023-08-17 · 2y ago zip
2.5.9.1 2023-08-08 · 2y ago zip
2.5.9.1-beta.1 2023-08-03 · 2y ago zip
2.5.9 2023-07-19 · 2y ago zip
2.5.9-beta.1 2023-07-17 · 2y ago zip
2.5.8 2023-07-13 · 2y ago zip
2.5.8-beta.1 2023-07-07 · 2y ago zip
2.5.7 2023-07-03 · 2y ago zip
2.5.6 2023-06-08 · 2y ago zip
2.5.5 2023-05-31 · 2y ago zip
2.5.4 2023-05-24 · 2y ago zip
2.5.3 2023-05-16 · 2y ago zip
2.5.2 2023-05-12 · 2y ago zip
2.5.1 2023-05-10 · 2y ago zip
2.5.0 2023-05-09 · 2y ago zip
2.5-rc.4 2023-04-27 · 3y ago zip
2.4.9 2023-04-27 · 3y ago zip
2.4.8 2023-04-18 · 3y ago zip
2.5-rc.3 2023-04-10 · 3y ago zip
2.4.7 2023-04-10 · 3y ago zip
2.5-rc.2 2023-03-27 · 3y ago zip
2.4.6 2023-03-27 · 3y ago zip
2.5-rc.1 2023-03-15 · 3y ago zip
2.4.5 2023-03-14 · 3y ago zip
2.5-beta.1 2023-03-09 · 3y ago zip
2.4.4 2023-03-09 · 3y ago zip
2.4.4-Beta.2 2023-03-01 · 3y ago zip
2.4.4-Beta.1 2023-02-28 · 3y ago zip
2.4.3 2023-02-27 · 3y ago zip
2.4.2 2023-02-23 · 3y ago zip
2.4.1 2023-02-23 · 3y ago zip
2.4.2-beta.2 2023-02-23 · 3y ago zip
2.4.2-beta.1 2023-02-22 · 3y ago zip
2.4 2023-02-21 · 3y ago zip
2.3.2 2023-01-18 · 3y ago zip
2.4-beta.1 2023-01-18 · 3y ago zip