WP Beacon

Starter Sites & Templates by Neve

templates-patterns-collection · by themeisle · wordpress.org ↗ · SVN ↗
Active installs
100k+
Current version
1.2.27
Added
2020-07-29
Last updated
2026-04-23 (29d ago)
First seen by beacon
1mo ago
Total downloads
4,450,263

Alerts (0)

No open alerts.

Show 4 resolved alerts
Critical code_scan_match Resolved · dead_endpoint_or_gated 2026-05-05 11:38:38 (17d ago)
Slugtemplates-patterns-collection
Finding count1
Findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinincludes/TI_Beaver.php167L148: $response = wp_remote_get( esc_url_raw( $url ) ); → L167: if ( @unserialize( $serialized_string ) !== true && preg_match( '/^[aOs]:/', $serializedhigh
Resolved sha9d5e8bf99105ec63a2a55513062262777d7a98bb
View raw JSON
{
    "slug": "templates-patterns-collection",
    "finding_count": 1,
    "findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/TI_Beaver.php",
            "line": 167,
            "snippet": "L148: $response = wp_remote_get( esc_url_raw( $url ) );  \u2192  L167: if ( @unserialize( $serialized_string ) !== true && preg_match( '/^[aOs]:/', $serialized",
            "confidence": "high"
        }
    ],
    "resolved_sha": "9d5e8bf99105ec63a2a55513062262777d7a98bb"
}
Critical code_pattern Resolved · benign_architectural_concern 2026-04-30 15:25:27 (22d ago)
Slugtemplates-patterns-collection
Patternunserialize_after_remote_call
Kindbuiltin
Version1.2.27
Hit count1
First hit
File
includes/TI_Beaver.php
Line
167
Snippet
L148: $response = wp_remote_get( esc_url_raw( $url ) ); → L167: if ( @unserialize( $serialized_string ) !== true && preg_match( '/^[aOs]:/', $serialized
Explanationa remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.
View raw JSON
{
    "slug": "templates-patterns-collection",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.2.27",
    "hit_count": 1,
    "first_hit": {
        "file": "includes/TI_Beaver.php",
        "line": 167,
        "snippet": "L148: $response = wp_remote_get( esc_url_raw( $url ) );  \u2192  L167: if ( @unserialize( $serialized_string ) !== true && preg_match( '/^[aOs]:/', $serialized"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}
Critical code_scan_delta Resolved · false_positive_cdn_known_good 2026-04-30 06:36:16 (22d ago)
Slugtemplates-patterns-collection
Previous version1.2.27
Current version1.2.27
New findings
PatternKindFileLineSnippetConfidence
unserialize_after_remote_callbuiltinincludes/TI_Beaver.php167L148: $response = wp_remote_get( esc_url_raw( $url ) ); → L167: if ( @unserialize( $serialized_string ) !== true && preg_match( '/^[aOs]:/', $serializedhigh
New finding count1
View raw JSON
{
    "slug": "templates-patterns-collection",
    "previous_version": "1.2.27",
    "current_version": "1.2.27",
    "new_findings": [
        {
            "pattern": "unserialize_after_remote_call",
            "kind": "builtin",
            "file": "includes/TI_Beaver.php",
            "line": 167,
            "snippet": "L148: $response = wp_remote_get( esc_url_raw( $url ) );  \u2192  L167: if ( @unserialize( $serialized_string ) !== true && preg_match( '/^[aOs]:/', $serialized",
            "confidence": "high"
        }
    ],
    "new_finding_count": 1
}
Critical domain_younger_than_plugin Resolved · no_longer_matches 2026-04-24 09:26:16 (28d ago)
Slugtemplates-patterns-collection
Domainthemeisle.link
Domain sourcec2_http_call
Domain registered at2025-05-13
Plugin earliest commit2020-07-27 19:07:48
Plugin latest release2026-04-23 13:16:22
Gap days1,750
Domain age at release345
Active installs100,000
View raw JSON
{
    "slug": "templates-patterns-collection",
    "domain": "themeisle.link",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2025-05-13",
    "plugin_earliest_commit": "2020-07-27 19:07:48",
    "plugin_latest_release": "2026-04-23 13:16:22",
    "gap_days": 1750,
    "domain_age_at_release": 345,
    "active_installs": 100000
}

SVN committers (2)

Accounts with actual commit access to templates-patterns-collection on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
Themeisle 2014-05-25 87 2020-07-29 · r2348185 2026-04-23 · r3513860
plugin-master 2007-03-09 1 2020-07-27 · r2347391 2020-07-27 · r2347391

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
Themeisle 2014-05-25 87 commits Active

Versions (73 most recent)

Version Released Download
1.2.27 2026-04-23 · 29d ago
1.2.26 2026-03-31 · 1mo ago zip
1.2.25 2026-03-19 · 2mo ago zip
1.2.24 2025-12-10 · 5mo ago zip
1.2.23 2025-06-05 · 11mo ago zip
1.2.22 2025-05-30 · 11mo ago zip
1.2.21 2025-05-22 · 1y ago zip
1.2.20 2025-04-16 · 1y ago zip
1.2.19 2025-04-16 · 1y ago zip
1.2.18 2025-01-30 · 1y ago zip
1.2.17 2024-12-16 · 1y ago zip
1.2.16 2024-12-04 · 1y ago zip
1.2.15 2024-11-29 · 1y ago zip
1.2.14 2024-11-28 · 1y ago zip
1.2.13 2024-11-12 · 1y ago zip
1.2.12 2024-11-05 · 1y ago zip
1.2.11 2024-09-25 · 1y ago zip
1.2.10 2024-07-18 · 1y ago zip
1.2.9 2024-04-17 · 2y ago zip
1.2.8 2024-04-03 · 2y ago zip
1.2.7 2024-02-23 · 2y ago zip
1.2.6 2024-01-11 · 2y ago zip
1.2.5 2023-10-26 · 2y ago zip
1.2.4 2023-10-17 · 2y ago zip
1.2.3 2023-10-09 · 2y ago zip
1.2.2 2023-10-05 · 2y ago zip
1.2.1 2023-09-25 · 2y ago zip
1.2.0 2023-09-25 · 2y ago zip
1.1.39 2023-06-19 · 2y ago zip
1.1.38 2023-04-25 · 3y ago zip
1.1.37 2023-03-31 · 3y ago zip
1.1.36 2023-03-17 · 3y ago zip
1.1.35 2023-02-27 · 3y ago zip
1.1.34 2023-02-15 · 3y ago zip
1.1.33 2023-02-03 · 3y ago zip
1.1.32 2023-01-20 · 3y ago zip
1.1.31 2023-01-19 · 3y ago zip
1.1.30 2022-11-25 · 3y ago zip
1.1.29 2022-11-18 · 3y ago zip
1.1.28 2022-11-10 · 3y ago zip
1.1.27 2022-11-03 · 3y ago zip
1.1.26 2022-09-13 · 3y ago zip
1.1.25 2022-07-28 · 3y ago zip
1.1.24 2022-07-12 · 3y ago zip
1.1.23 2022-06-30 · 3y ago zip
1.1.22 2022-05-27 · 3y ago zip
1.1.21 2022-02-21 · 4y ago zip
1.1.20 2021-12-23 · 4y ago zip
1.1.19 2021-12-07 · 4y ago zip
1.1.18 2021-10-07 · 4y ago zip
1.1.17 2021-08-30 · 4y ago zip
1.1.16 2021-08-03 · 4y ago zip
1.1.15 2021-08-03 · 4y ago zip
1.1.14 2021-07-05 · 4y ago zip
1.1.13 2021-05-31 · 4y ago zip
1.1.12 2021-05-17 · 5y ago zip
1.1.11 2021-05-13 · 5y ago zip
1.1.10 2021-05-05 · 5y ago zip
1.1.9 2021-04-29 · 5y ago zip
1.1.8 2021-04-29 · 5y ago zip
1.1.7 2021-04-12 · 5y ago zip
1.1.6 2021-03-16 · 5y ago zip
1.1.5 2021-03-16 · 5y ago zip
1.1.4 2021-02-22 · 5y ago zip
1.1.3 2021-02-10 · 5y ago zip
1.1.2 2020-12-17 · 5y ago zip
1.1.1 2020-12-08 · 5y ago zip
1.1.0 2020-11-24 · 5y ago zip
1.0.11 2020-10-13 · 5y ago zip
1.0.10 2020-09-21 · 5y ago zip
1.0.9 2020-08-26 · 5y ago zip
1.0.8 2020-07-29 · 5y ago zip
1.0.7 2020-07-29 · 5y ago zip