WP Beacon

Speedaf Express for woocommerce

speedaf-express-for-woocommerce · by speedaf · wordpress.org ↗ · SVN ↗
Active installs
30
Current version
2.0.5
Added
2022-07-23
Last updated
2026-06-10 (5d ago)
First seen by beacon
1mo ago
Total downloads
2,498

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern Resolved · vendor_self_publishing_speedaf_courier_sdk 2026-05-08 16:16:55 (1mo ago)
Slugspeedaf-express-for-woocommerce
Patternhardcoded_ip_url
Kindbuiltin
Version2.0.3
Hit count2
First hit
File
sdk/Configuration.php
Line
8
Snippet
'base_path' => API_DEBUG ? 'http://8.214.27.92:8480/' : 'https://apis.speedaf.com/', // kinldy replace this with the LIVE PATH like 'api.speedaf.com'
Explanationplugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) — legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths.
View raw JSON
{
    "slug": "speedaf-express-for-woocommerce",
    "pattern": "hardcoded_ip_url",
    "kind": "builtin",
    "version": "2.0.3",
    "hit_count": 2,
    "first_hit": {
        "file": "sdk/Configuration.php",
        "line": 8,
        "snippet": "'base_path' => API_DEBUG ? 'http://8.214.27.92:8480/' : 'https://apis.speedaf.com/', // kinldy replace this with the LIVE PATH like 'api.speedaf.com'"
    },
    "explanation": "plugin source hardcodes a raw IPv4 URL (e.g. `https://94.156.79.8/...`) \u2014 legitimate plugins use DNS hostnames because IPs change. Hardcoded IPs in plugin code are almost always either dev leftovers or attacker C2 infrastructure. The June 2024 social-warfare keylogger (audit #14) used `https://94.156.79.8/sc-top.js` for the JS payload host, `/AddSites` for victim registration, `/CMSUsers` for filesystem-recon exfil. Operator infrastructure on raw IPs avoids domain registration / RDAP detection paths. Post-filtered to skip RFC1918/loopback/link-local ranges and `vendor/`/`tests/` paths."
}

SVN committers (2)

Accounts with actual commit access to speedaf-express-for-woocommerce on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
speedaf Young account 2022-06-05 42 2022-07-23 · r2760492 2026-04-14 · r3506400
plugin-master 2007-03-09 1 2022-07-15 · r2757133 2022-07-15 · r2757133

Readme contributors (2)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
speedaf 2022-06-05 42 commits Active
wolf 2005-01-18 Active

Versions (19 most recent)

Version Released Download
2.0.4 zip
2.0.5 zip
2.0.3 2026-04-14 · 2mo ago zip
2.0.2 2025-11-20 · 6mo ago zip
2.0.1 2025-11-20 · 6mo ago zip
2.0.0 2025-11-20 · 6mo ago zip
1.2.2 2023-10-26 · 2y ago zip
1.2.1 2023-10-26 · 2y ago zip
1.2.0 2023-08-17 · 2y ago zip
1.1.0 2022-11-07 · 3y ago zip
1.0.8 2022-10-24 · 3y ago zip
1.0.7 2022-10-13 · 3y ago zip
1.0.6 2022-10-11 · 3y ago zip
1.0.5 2022-09-10 · 3y ago zip
1.0.4 2022-09-07 · 3y ago zip
1.0.3 2022-07-26 · 3y ago zip
1.0.2 2022-07-25 · 3y ago zip
1.0.1 2022-07-23 · 3y ago zip
1.0.0 2022-07-23 · 3y ago zip