WP Beacon

Security Ninja – WordPress Security & Firewall

security-ninja · by cleverplugins · wordpress.org ↗ · SVN ↗
Active installs
7k+
Current version
5.281
Added
2016-08-30
Last updated
2026-04-23 (9d ago)
First seen by beacon
11d ago
Total downloads
862,359

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern Resolved · false_positive_defensive_string_check 2026-04-30 15:25:29 (2d ago)
Slugsecurity-ninja
Patternserialized_admin_role
Kindbuiltin
Version5.281
Hit count2
First hit
File
modules/events-logger/events-logger.php
Line
206
Snippet
'%s:13:"administrator"%',
Explanationplugin source contains `s:13:"administrator"` — the PHP-serialized representation of the `administrator` role meta value. Used to bypass `wp_insert_user()` by writing directly to `wp_usermeta` with a hand-crafted capabilities string. Near-zero FP because legit code uses `WP_User::set_role()` instead of building the serialized form by hand.
View raw JSON
{
    "slug": "security-ninja",
    "pattern": "serialized_admin_role",
    "kind": "builtin",
    "version": "5.281",
    "hit_count": 2,
    "first_hit": {
        "file": "modules/events-logger/events-logger.php",
        "line": 206,
        "snippet": "'%s:13:\"administrator\"%',"
    },
    "explanation": "plugin source contains `s:13:\"administrator\"` \u2014 the PHP-serialized representation of the `administrator` role meta value. Used to bypass `wp_insert_user()` by writing directly to `wp_usermeta` with a hand-crafted capabilities string. Near-zero FP because legit code uses `WP_User::set_role()` instead of building the serialized form by hand."
}

SVN committers (4)

Accounts with actual commit access to security-ninja on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
Lars Koudal 2005-09-06 88 2022-04-28 · r2716169 2026-04-23 · r3513888
cleverplugins 2017-05-19 85 2019-08-23 · r2144450 2022-04-06 · r2705839
WebFactory 2012-02-27 51 2016-08-30 · r1486351 2020-10-01 · r2391852
plugin-master 2007-03-09 1 2016-08-29 · r1485997 2016-08-29 · r1485997

Readme contributors (3)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
Lars Koudal 2005-09-06 88 commits Active
cleverplugins 2017-05-19 85 commits Active
Freemius 2014-12-16 Active

Versions (3 most recent)

Version Released Download
5.281 2026-04-23 · 9d ago
5.277 zip
5.279 2026-04-16 · 16d ago zip