WP Beacon
Critical code_pattern
Resolved · direct_mysqli_legit_purpose_nextcloud_db_backup
2026-05-08 16:16:52 (1mo ago)
| Slug | stn-save-to-nextcloud |
|---|---|
| Pattern | direct_mysqli_connect |
| Kind | builtin |
| Version | 2.4.6 |
| Hit count | 1 |
| First hit |
|
| Explanation | plugin instantiates `new mysqli($var['host'], ...)` — a direct MySQL connection bypassing `$wpdb`. Legitimate WordPress plugins always go through `$wpdb` (which already has the connection); a raw `mysqli` connect using parsed wp-config credentials is the credential-harvesting backdoor shape. |
View raw JSON
{
"slug": "stn-save-to-nextcloud",
"pattern": "direct_mysqli_connect",
"kind": "builtin",
"version": "2.4.6",
"hit_count": 1,
"first_hit": {
"file": "inc/CreateBDD.php",
"line": 30,
"snippet": "$mysqli = new mysqli($thisBDD['DB_HOST'], $thisBDD['DB_USER'], $thisBDD['DB_PASSWORD'], $thisBDD['DB_NAME']);"
},
"explanation": "plugin instantiates `new mysqli($var['host'], ...)` \u2014 a direct MySQL connection bypassing `$wpdb`. Legitimate WordPress plugins always go through `$wpdb` (which already has the connection); a raw `mysqli` connect using parsed wp-config credentials is the credential-harvesting backdoor shape."
}