WP Beacon

WP responsive FAQ with category plugin

sp-faq · by essentialplugin · wordpress.org ↗ · SVN ↗
Acquired by EssentialPlugin (malicious campaign) on 2025-05-12. New committers from that team's naming convention are expected and will not fire takeover events. source ↗
This plugin is closed on wordpress.org. Closed 2026-04-07.
Active installs
4k+
Current version
3.9.5.1
Added
Last updated
First seen by beacon
10d ago
Total downloads

Alerts (0)

No open alerts.

Show 11 resolved alerts
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
Patternanalytics.essentialplugin.com
Kindioc:domain
Version3.9.5.1
Hit count6
First hit
File
faq.php
Line
39
Snippet
<p><?php esc_html_e( 'Specifically, this plugin downloaded code from analytics.essentialplugin.com and installed it in your site, while the specific case can differ, we know that they were installin
Explanation
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "analytics.essentialplugin.com",
    "kind": "ioc:domain",
    "version": "3.9.5.1",
    "hit_count": 6,
    "first_hit": {
        "file": "faq.php",
        "line": 39,
        "snippet": "<p><?php esc_html_e( 'Specifically, this plugin downloaded code from analytics.essentialplugin.com and installed it in your site, while the specific case can differ, we know that they were installin"
    },
    "explanation": null
}
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
PatternPlugin Wpos Analytics Data Starts
Kindioc:code_pattern
Version3.9.5.1
Hit count1
First hit
File
faq.php
Line
313
Snippet
/* Plugin Wpos Analytics Data Starts */
Explanation
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "Plugin Wpos Analytics Data Starts",
    "kind": "ioc:code_pattern",
    "version": "3.9.5.1",
    "hit_count": 1,
    "first_hit": {
        "file": "faq.php",
        "line": 313,
        "snippet": "/* Plugin Wpos Analytics Data Starts */"
    },
    "explanation": null
}
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
Patternunserialize_after_remote_call
Kindbuiltin
Version3.9.5.1
Hit count1
First hit
File
wpos-analytics/includes/class-anylc-admin.php
Line
696
Snippet
L690: $data = @file_get_contents($url); → L696: $info = @unserialize($data);
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.9.5.1",
    "hit_count": 1,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 696,
        "snippet": "L690: $data = @file_get_contents($url);  \u2192  L696: $info = @unserialize($data);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
PatternWpos_Anylc_Admin
Kindioc:code_pattern
Version3.9.5.1
Hit count6
First hit
File
wpos-analytics/includes/class-anylc-admin.php
Line
15
Snippet
class Wpos_Anylc_Admin {
Explanation
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "Wpos_Anylc_Admin",
    "kind": "ioc:code_pattern",
    "version": "3.9.5.1",
    "hit_count": 6,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 15,
        "snippet": "class Wpos_Anylc_Admin {"
    },
    "explanation": null
}
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
Patternwpos_rest_api_init
Kindioc:code_pattern
Version3.9.5.1
Hit count2
First hit
File
wpos-analytics/includes/class-anylc-admin.php
Line
72
Snippet
add_action( 'rest_api_init', array($this, 'wpos_rest_api_init') );
Explanation
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "wpos_rest_api_init",
    "kind": "ioc:code_pattern",
    "version": "3.9.5.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 72,
        "snippet": "add_action( 'rest_api_init', array($this, 'wpos_rest_api_init') );"
    },
    "explanation": null
}
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
Patternwpos_handle_analytics_request
Kindioc:code_pattern
Version3.9.5.1
Hit count2
First hit
File
wpos-analytics/includes/class-anylc-admin.php
Line
593
Snippet
'callback' => array( $this, 'wpos_handle_analytics_request' ),
Explanation
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "wpos_handle_analytics_request",
    "kind": "ioc:code_pattern",
    "version": "3.9.5.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 593,
        "snippet": "'callback'            => array( $this, 'wpos_handle_analytics_request' ),"
    },
    "explanation": null
}
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
Patternwpos_get_plugin_version_by_file
Kindioc:code_pattern
Version3.9.5.1
Hit count2
First hit
File
wpos-analytics/includes/class-anylc-admin.php
Line
657
Snippet
$version = $this->wpos_get_plugin_version_by_file($matching_product['file']);
Explanation
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "wpos_get_plugin_version_by_file",
    "kind": "ioc:code_pattern",
    "version": "3.9.5.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 657,
        "snippet": "$version = $this->wpos_get_plugin_version_by_file($matching_product['file']);"
    },
    "explanation": null
}
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
Patternwpos_process_monthly_data
Kindioc:code_pattern
Version3.9.5.1
Hit count3
First hit
File
wpos-analytics/includes/class-anylc-admin.php
Line
545
Snippet
$this->wpos_process_monthly_data( $this->analytics_slugs );
Explanation
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "wpos_process_monthly_data",
    "kind": "ioc:code_pattern",
    "version": "3.9.5.1",
    "hit_count": 3,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 545,
        "snippet": "$this->wpos_process_monthly_data( $this->analytics_slugs );"
    },
    "explanation": null
}
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
Patternhttps://analytics.essentialplugin.com
Kindioc:url
Version3.9.5.1
Hit count5
First hit
File
wpos-analytics/includes/class-anylc-admin.php
Line
17
Snippet
public $analytics_endpoint = 'https://analytics.essentialplugin.com';
Explanation
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "https://analytics.essentialplugin.com",
    "kind": "ioc:url",
    "version": "3.9.5.1",
    "hit_count": 5,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 17,
        "snippet": "public $analytics_endpoint\t= 'https://analytics.essentialplugin.com';"
    },
    "explanation": null
}
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
Pattern$analytics_endpoint
Kindioc:code_pattern
Version3.9.5.1
Hit count1
First hit
File
wpos-analytics/includes/class-anylc-admin.php
Line
17
Snippet
public $analytics_endpoint = 'https://analytics.essentialplugin.com';
Explanation
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "$analytics_endpoint",
    "kind": "ioc:code_pattern",
    "version": "3.9.5.1",
    "hit_count": 1,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 17,
        "snippet": "public $analytics_endpoint\t= 'https://analytics.essentialplugin.com';"
    },
    "explanation": null
}
Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)
Slugsp-faq
Patternwpos_monthly_cron_hook
Kindioc:code_pattern
Version3.9.5.1
Hit count4
First hit
File
wpos-analytics/includes/class-anylc-admin.php
Line
69
Snippet
add_action( 'wpos_monthly_cron_hook', array($this, 'wpos_monthly_cron_hook_fn') );
Explanation
View raw JSON
{
    "slug": "sp-faq",
    "pattern": "wpos_monthly_cron_hook",
    "kind": "ioc:code_pattern",
    "version": "3.9.5.1",
    "hit_count": 4,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 69,
        "snippet": "add_action( 'wpos_monthly_cron_hook', array($this, 'wpos_monthly_cron_hook_fn') );"
    },
    "explanation": null
}

SVN committers (5)

Accounts with actual commit access to sp-faq on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
anoopranawat 2013-06-24 116 2013-10-15 · r787984 2019-02-27 · r2040650
wponlinesupport 2015-09-02 30 2018-12-08 · r1988827 2025-05-15 · r3294066
essentialplugin 2025-05-12 3 2025-11-12 · r3394463 2026-02-20 · r3466011
David Perez 2015-09-17 2 2026-04-07 · r3501167 2026-04-07 · r3501169
plugin-master 2007-03-09 1 2013-10-14 · r787903 2013-10-14 · r787903

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
essentialplugin 2025-05-12 3 commits Active

Versions (15 most recent)

Version Released Download
3.9.5.1 2026-04-07 · 24d ago
3.9.5 2026-02-20 · 2mo ago
3.9.4 2025-11-12 · 5mo ago
3.9.3 2025-05-15 · 11mo ago
3.9.2 2025-01-21 · 1y ago
3.9.1 2024-07-25 · 1y ago
3.6.4 2022-10-06 · 3y ago
3.3.4 2020-10-30 · 5y ago
3.2.4 2016-10-27 · 9y ago
3.1.1 2016-01-01 · 10y ago
3.1 2015-11-26 · 10y ago
3.0 2015-09-28 · 10y ago
2.2 2015-09-12 · 10y ago
2.1 2014-05-24 · 11y ago
2.0 2013-10-26 · 12y ago