WP Beacon

Payment gateway for WooCommerce – Woo Alipay

woo-alipay · by frogerme · wordpress.org ↗ · SVN ↗
Active installs
40
Current version
1.1.3
Added
2020-01-29
Last updated
2020-04-12 (6y ago)
First seen by beacon
1mo ago
Total downloads

Alerts (0)

No open alerts.

Show 1 resolved alert
Critical code_pattern Resolved · vendored_alipay_lotusphp_sdk_lib_fp 2026-05-08 16:16:54 (1mo ago)
Slugwoo-alipay
Patterndirect_mysqli_connect
Kindbuiltin
Version1.1.3
Hit count1
First hit
File
lib/alipay/lotusphp_runtime/DB/Adapter/ConnectionAdapter/DbConnectionAdapterMysqli.php
Line
6
Snippet
return new mysqli($connConf["host"], $connConf["username"], $connConf["password"], $connConf["dbname"], $connConf["port"]);
Explanationplugin instantiates `new mysqli($var['host'], ...)` — a direct MySQL connection bypassing `$wpdb`. Legitimate WordPress plugins always go through `$wpdb` (which already has the connection); a raw `mysqli` connect using parsed wp-config credentials is the credential-harvesting backdoor shape.
View raw JSON
{
    "slug": "woo-alipay",
    "pattern": "direct_mysqli_connect",
    "kind": "builtin",
    "version": "1.1.3",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/alipay/lotusphp_runtime/DB/Adapter/ConnectionAdapter/DbConnectionAdapterMysqli.php",
        "line": 6,
        "snippet": "return new mysqli($connConf[\"host\"], $connConf[\"username\"], $connConf[\"password\"], $connConf[\"dbname\"], $connConf[\"port\"]);"
    },
    "explanation": "plugin instantiates `new mysqli($var['host'], ...)` \u2014 a direct MySQL connection bypassing `$wpdb`. Legitimate WordPress plugins always go through `$wpdb` (which already has the connection); a raw `mysqli` connect using parsed wp-config credentials is the credential-harvesting backdoor shape."
}

SVN committers (2)

Accounts with actual commit access to woo-alipay on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
Alexandre Froger 2018-04-21 5 2020-01-29 · r2234953 2020-04-12 · r2281927
plugin-master 2007-03-09 1 2020-01-28 · r2234818 2020-01-28 · r2234818

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
Alexandre Froger 2018-04-21 5 commits Active