SiteOrigin Widgets Bundle

so-widgets-bundle · by gpriday · wordpress.org ↗ · SVN ↗

Active installs: 400k+
Current version: 1.72.0
Added: 2014-06-01
Last updated: 2026-04-14 (17d ago)
First seen by beacon: 11d ago
Total downloads: 46,789,804

Alerts (0)

No open alerts.

Show 2 resolved alerts

Critical code_pattern Resolved · no_longer_matches 2026-04-24 17:01:47 (7d ago)

Slug	so-widgets-bundle
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`1.72.0`
Hit count	1
First hit	File `base/inc/lib/Less/Parser.php` Line 656 Snippet L656: $cache = unserialize(file_get_contents($cache_file)); → L656: $cache = unserialize(file_get_contents($cache_file));
Explanation	a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.

View raw JSON

{
    "slug": "so-widgets-bundle",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.72.0",
    "hit_count": 1,
    "first_hit": {
        "file": "base/inc/lib/Less/Parser.php",
        "line": 656,
        "snippet": "L656: $cache = unserialize(file_get_contents($cache_file));  \u2192  L656: $cache = unserialize(file_get_contents($cache_file));"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}

Critical code_scan_delta Resolved · fp_vendored_library_local_cache 2026-04-24 15:58:39 (7d ago)

Slug so-widgets-bundle

Previous version 1.72.0

Current version 1.72.0

New findings

Pattern	Kind	File	Line	Snippet	Confidence
`unserialize_after_remote_call`	`builtin`	`base/inc/lib/Less/Parser.php`	656	L656: $cache = unserialize(file_get_contents($cache_file)); → L656: $cache = unserialize(file_get_contents($cache_file));	`high`

New finding count 1

View raw JSON

{
    "slug": "so-widgets-bundle",
    "previous_version": "1.72.0",
    "current_version": "1.72.0",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "base/inc/lib/Less/Parser.php",
            "line": 656,
            "snippet": "L656: $cache = unserialize(file_get_contents($cache_file));  \u2192  L656: $cache = unserialize(file_get_contents($cache_file));",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}

SVN committers (2)

Accounts with actual commit access to so-widgets-bundle on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
Greg - SiteOrigin	2007-10-30	223	2014-06-10 · r929472	2020-09-28 · r2389869
SiteOrigin	2006-11-25	200	2020-11-12 · r2417341	2026-04-14 · r3506329

Readme contributors (3)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
Greg - SiteOrigin	2007-10-30	223 commits	Active
alexgso	2016-02-29	—	Active
Braam Genis	2014-11-26	—	Active

Versions (100 most recent)

Version	Released	Download
1.72.0	2026-04-14 · 17d ago	zip
1.71.0	2026-02-13 · 2mo ago	zip
1.70.4	2026-01-07 · 3mo ago	zip
1.70.3	2025-12-04 · 4mo ago	zip
1.70.2	2025-11-13 · 5mo ago	zip
1.70.1	2025-11-03 · 5mo ago	zip
1.70.0	2025-10-31 · 6mo ago	zip
1.69.3	2025-08-22 · 8mo ago	zip
1.69.2	2025-07-19 · 9mo ago	zip
1.69.1	2025-07-05 · 10mo ago	zip
1.69.0	2025-06-12 · 10mo ago	zip
1.68.5	2025-06-02 · 11mo ago	zip
1.68.4	2025-05-20 · 11mo ago	zip
1.68.3	2025-05-11 · 11mo ago	zip
1.68.2	2025-05-03 · 12mo ago	zip
1.68.1	2025-04-12 · 1y ago	zip
1.68.0	2025-04-10 · 1y ago	zip
1.67.2	2025-03-20 · 1y ago	zip
1.67.1	2025-03-18 · 1y ago	zip
1.67.0	2025-03-17 · 1y ago	zip
1.66.0	2025-03-01 · 1y ago	zip
1.65.1	2025-02-05 · 1y ago	zip
1.65.0	2025-02-03 · 1y ago	zip
1.64.2	2024-12-18 · 1y ago	zip
1.64.1	2024-12-14 · 1y ago	zip
1.64.0	2024-11-24 · 1y ago	zip
1.63.4	2024-10-23 · 1y ago	zip
1.63.3	2024-10-11 · 1y ago	zip
1.63.2	2024-09-23 · 1y ago	zip
1.63.1	2024-08-28 · 1y ago	zip
1.63.0	2024-08-11 · 1y ago	zip
1.62.3	2024-07-23 · 1y ago	zip
1.62.2	2024-06-30 · 1y ago	zip
1.62.1	2024-06-17 · 1y ago	zip
1.62.0	2024-06-06 · 1y ago	zip
1.61.1	2024-05-20 · 1y ago	zip
1.61.0	2024-05-19 · 1y ago	zip
1.60.0	2024-04-26 · 2y ago	zip
1.59.0	2024-04-11 · 2y ago	zip
1.58.12	2024-03-24 · 2y ago	zip
1.58.11	2024-03-23 · 2y ago	zip
1.58.10	2024-03-05 · 2y ago	zip
1.58.9	2024-03-03 · 2y ago	zip
1.58.8	2024-03-02 · 2y ago	zip
1.58.7	2024-02-25 · 2y ago	zip
1.58.6	2024-02-15 · 2y ago	zip
1.58.5	2024-02-12 · 2y ago	zip
1.58.4	2024-02-10 · 2y ago	zip
1.58.3	2024-02-05 · 2y ago	zip
1.58.2	2024-01-27 · 2y ago	zip
1.58.1	2024-01-26 · 2y ago	zip
1.58.0	2024-01-18 · 2y ago	zip
1.57.0	2023-11-24 · 2y ago	zip
1.56.0	2023-11-06 · 2y ago	zip
1.55.2	2023-10-28 · 2y ago	zip
1.55.1	2023-09-23 · 2y ago	zip
1.55.0	2023-09-17 · 2y ago	zip
1.54.0	2023-08-16 · 2y ago	zip
1.53.0	2023-08-09 · 2y ago	zip
1.52.0	2023-07-16 · 2y ago	zip
1.51.0	2023-07-15 · 2y ago	zip
1.50.1	2023-06-12 · 2y ago	zip
1.50.0	2023-05-16 · 2y ago	zip
1.49.2	2023-05-03 · 2y ago	zip
1.49.1	2023-04-26 · 3y ago	zip
1.49.0	2023-04-23 · 3y ago	zip
1.48.0	2023-04-12 · 3y ago	zip
1.47.1	2023-04-04 · 3y ago	zip
1.47.0	2023-03-30 · 3y ago	zip
1.46.7	2023-03-15 · 3y ago	zip
1.46.6	2023-03-01 · 3y ago	zip
1.46.5	2023-02-03 · 3y ago	zip
1.46.4	2023-02-02 · 3y ago	zip
1.46.3	2023-01-24 · 3y ago	zip
1.46.2	2023-01-14 · 3y ago	zip
1.46.1	2023-01-01 · 3y ago	zip
1.46.0	2022-12-23 · 3y ago	zip
1.45.0	2022-12-07 · 3y ago	zip
1.44.2	2022-12-03 · 3y ago	zip
1.44.1	2022-11-25 · 3y ago	zip
1.44.0	2022-11-10 · 3y ago	zip
1.43.0	2022-10-13 · 3y ago	zip
1.42.2	2022-10-06 · 3y ago	zip
1.42.1	2022-09-23 · 3y ago	zip
1.42.0	2022-09-21 · 3y ago	zip
1.41.0	2022-09-13 · 3y ago	zip
1.40.2	2022-09-03 · 3y ago	zip
1.40.1	2022-08-30 · 3y ago	zip
1.40.0	2022-08-20 · 3y ago	zip
1.39.0	2022-08-08 · 3y ago	zip
1.38.3	2022-08-05 · 3y ago	zip
1.38.2	2022-07-27 · 3y ago	zip
1.38.1	2022-07-20 · 3y ago	zip
1.38.0	2022-07-14 · 3y ago	zip
1.37.1	2022-07-08 · 3y ago	zip
1.37.0	2022-06-30 · 3y ago	zip
1.36.0	2022-06-19 · 3y ago	zip
1.35.1	2022-05-25 · 3y ago	zip
1.35.0	2022-05-21 · 3y ago	zip
1.34.0	2022-05-16 · 3y ago	zip