SiteOrigin Widgets Bundle
Active installs 400k+
Current version 1.73.2
Added 2014-06-01
Last updated
2026-07-01 (1d ago)
First seen by beacon 2mo ago
Total downloads 47,059,828
Statistics 2024-06-17 → 2026-07-01 · 745 days
Downloads today
1,547
7-day total 9,631
Week over week
▼ -7%
vs prior 7 days
30-day trend
declining
▼ -76% MoM
Abandonment
●○○○○
downloads down >40% YoY
137k 102k 68k 34k 0 2024-06 2024-10 2025-02 2025-06 2025-10 2026-02 2026-07 98k 74k 49k 25k 0 2026-04 2026-04 2026-05 2026-05 2026-06 2026-06 3k 2k 1k 704 0 2026-06 2026-06 2026-06 2026-06 2026-06 2026-06
Active versions
other 1.73
other · 56.3% 1.73 · 37.7% 1.71 · 6.1%
Ratings
Support: 1/1 resolved
Alerts (0)
No open alerts.
Show 2 resolved alerts
Critical code_pattern
Resolved · no_longer_matches
2026-04-24 17:01:47 (2mo ago)
Slug so-widgets-bundle Pattern unserialize_after_remote_callKind builtinVersion 1.72.0Hit count 1 First hit File base/inc/lib/Less/Parser.phpLine 656 Snippet L656: $cache = unserialize(file_get_contents($cache_file)); → L656: $cache = unserialize(file_get_contents($cache_file)); Explanation a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak.
Copy JSON View raw JSON {
"slug": "so-widgets-bundle",
"pattern": "unserialize_after_remote_call",
"kind": "builtin",
"version": "1.72.0",
"hit_count": 1,
"first_hit": {
"file": "base/inc/lib/Less/Parser.php",
"line": 656,
"snippet": "L656: $cache = unserialize(file_get_contents($cache_file)); \u2192 L656: $cache = unserialize(file_get_contents($cache_file));"
},
"explanation": "a remote HTTP fetch (`wp_remote_*`/`curl_exec`/`file_get_contents`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget used by EP and most WP supply-chain backdoors. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak."
}
Critical code_scan_delta
Resolved · fp_vendored_library_local_cache
2026-04-24 15:58:39 (2mo ago)
Slug so-widgets-bundle Previous version 1.72.0Current version 1.72.0New findings Pattern Kind File Line Snippet Confidence unserialize_after_remote_callbuiltinbase/inc/lib/Less/Parser.php656 L656: $cache = unserialize(file_get_contents($cache_file)); → L656: $cache = unserialize(file_get_contents($cache_file)); high
New finding count 1
Copy JSON View raw JSON {
"slug": "so-widgets-bundle",
"previous_version": "1.72.0",
"current_version": "1.72.0",
"new_findings": [
{
"pattern": "unserialize_after_remote_call",
"kind": "builtin",
"file": "base/inc/lib/Less/Parser.php",
"line": 656,
"snippet": "L656: $cache = unserialize(file_get_contents($cache_file)); \u2192 L656: $cache = unserialize(file_get_contents($cache_file));",
"confidence": "high"
}
],
"new_finding_count": 1
}
SVN committers (3)
Accounts with actual commit access to so-widgets-bundle on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.
Committer
Member since
Commits
First commit
Latest commit
SiteOrigin
2006-11-25
281
2020-11-12 · r2417341
2026-05-19 · r3537949
Greg - SiteOrigin
2007-10-30
234
2014-06-01 · r924729
2020-09-28 · r2389869
plugin-master
2007-03-09
1
2014-05-30 · r923996
2014-05-30 · r923996
Readme contributors (3)
Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?
Versions (100 most recent)
Version
Released
Download
1.73.2
—
zip
1.73.1
2026-05-19 · 1mo ago
zip
1.73.0
2026-05-19 · 1mo ago
zip
1.72.0
2026-04-14 · 2mo ago
zip
1.71.0
2026-02-13 · 4mo ago
zip
1.70.4
2026-01-07 · 5mo ago
zip
1.70.3
2025-12-04 · 7mo ago
zip
1.70.2
2025-11-13 · 7mo ago
zip
1.70.1
2025-11-03 · 8mo ago
zip
1.70.0
2025-10-31 · 8mo ago
zip
1.69.3
2025-08-22 · 10mo ago
zip
1.69.2
2025-07-19 · 11mo ago
zip
1.69.1
2025-07-05 · 12mo ago
zip
1.69.0
2025-06-12 · 1y ago
zip
1.68.5
2025-06-02 · 1y ago
zip
1.68.4
2025-05-20 · 1y ago
zip
1.68.3
2025-05-11 · 1y ago
zip
1.68.2
2025-05-03 · 1y ago
zip
1.68.1
2025-04-12 · 1y ago
zip
1.68.0
2025-04-10 · 1y ago
zip
1.67.2
2025-03-20 · 1y ago
zip
1.67.1
2025-03-18 · 1y ago
zip
1.67.0
2025-03-17 · 1y ago
zip
1.66.0
2025-03-01 · 1y ago
zip
1.65.1
2025-02-05 · 1y ago
zip
1.65.0
2025-02-03 · 1y ago
zip
1.64.2
2024-12-18 · 1y ago
zip
1.64.1
2024-12-14 · 1y ago
zip
1.64.0
2024-11-24 · 1y ago
zip
1.63.4
2024-10-23 · 1y ago
zip
1.63.3
2024-10-11 · 1y ago
zip
1.63.2
2024-09-23 · 1y ago
zip
1.63.1
2024-08-28 · 1y ago
zip
1.63.0
2024-08-11 · 1y ago
zip
1.62.3
2024-07-23 · 1y ago
zip
1.62.2
2024-06-30 · 2y ago
zip
1.62.1
2024-06-17 · 2y ago
zip
1.62.0
2024-06-06 · 2y ago
zip
1.61.1
2024-05-20 · 2y ago
zip
1.61.0
2024-05-19 · 2y ago
zip
1.60.0
2024-04-26 · 2y ago
zip
1.59.0
2024-04-11 · 2y ago
zip
1.58.12
2024-03-24 · 2y ago
zip
1.58.11
2024-03-23 · 2y ago
zip
1.58.10
2024-03-05 · 2y ago
zip
1.58.9
2024-03-03 · 2y ago
zip
1.58.8
2024-03-02 · 2y ago
zip
1.58.7
2024-02-25 · 2y ago
zip
1.58.6
2024-02-15 · 2y ago
zip
1.58.5
2024-02-12 · 2y ago
zip
1.58.4
2024-02-10 · 2y ago
zip
1.58.3
2024-02-05 · 2y ago
zip
1.58.2
2024-01-27 · 2y ago
zip
1.58.1
2024-01-26 · 2y ago
zip
1.58.0
2024-01-18 · 2y ago
zip
1.57.0
2023-11-24 · 2y ago
zip
1.56.0
2023-11-06 · 2y ago
zip
1.55.2
2023-10-28 · 2y ago
zip
1.55.1
2023-09-23 · 2y ago
zip
1.55.0
2023-09-17 · 2y ago
zip
1.54.0
2023-08-16 · 2y ago
zip
1.53.0
2023-08-09 · 2y ago
zip
1.52.0
2023-07-16 · 2y ago
zip
1.51.0
2023-07-15 · 2y ago
zip
1.50.1
2023-06-12 · 3y ago
zip
1.50.0
2023-05-16 · 3y ago
zip
1.49.2
2023-05-03 · 3y ago
zip
1.49.1
2023-04-26 · 3y ago
zip
1.49.0
2023-04-23 · 3y ago
zip
1.48.0
2023-04-12 · 3y ago
zip
1.47.1
2023-04-04 · 3y ago
zip
1.47.0
2023-03-30 · 3y ago
zip
1.46.7
2023-03-15 · 3y ago
zip
1.46.6
2023-03-01 · 3y ago
zip
1.46.5
2023-02-03 · 3y ago
zip
1.46.4
2023-02-02 · 3y ago
zip
1.46.3
2023-01-24 · 3y ago
zip
1.46.2
2023-01-14 · 3y ago
zip
1.46.1
2023-01-01 · 3y ago
zip
1.46.0
2022-12-23 · 3y ago
zip
1.45.0
2022-12-07 · 3y ago
zip
1.44.2
2022-12-03 · 3y ago
zip
1.44.1
2022-11-25 · 3y ago
zip
1.44.0
2022-11-10 · 3y ago
zip
1.43.0
2022-10-13 · 3y ago
zip
1.42.2
2022-10-06 · 3y ago
zip
1.42.1
2022-09-23 · 3y ago
zip
1.42.0
2022-09-21 · 3y ago
zip
1.41.0
2022-09-13 · 3y ago
zip
1.40.2
2022-09-03 · 3y ago
zip
1.40.1
2022-08-30 · 3y ago
zip
1.40.0
2022-08-20 · 3y ago
zip
1.39.0
2022-08-08 · 3y ago
zip
1.38.3
2022-08-05 · 3y ago
zip
1.38.2
2022-07-27 · 3y ago
zip
1.38.1
2022-07-20 · 3y ago
zip
1.38.0
2022-07-14 · 3y ago
zip
1.37.1
2022-07-08 · 3y ago
zip
1.37.0
2022-06-30 · 4y ago
zip
1.36.0
2022-06-19 · 4y ago
zip