WP Logo Showcase Responsive Slider and Carousel

wp-logo-showcase-responsive-slider-slider · by essentialplugin · wordpress.org ↗ · SVN ↗

Acquired by EssentialPlugin (malicious campaign) on 2025-05-12. New committers from that team's naming convention are expected and will not fire takeover events. source ↗

This plugin is closed on wordpress.org. Closed 2026-04-07.

Active installs: 30k+
Current version: 3.8.7.1
Added: —
Last updated: —
First seen by beacon: 10d ago
Total downloads: —

Alerts (0)

No open alerts.

Show 12 resolved alerts

Medium author_younger_than_plugin Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Author slug	essentialplugin
Author display name	`essentialplugin`
Author employer	`Essential Plugin`
Author member since	2025-05-12
Earliest plugin commit	2015-11-04 09:07:17
Plugin age at author join	3,476
Author age now days	350
Prior committers	`plugin-master` `anoopranawat` `wponlinesupport` `frantorres`
Active installs	30,000

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "author_slug": "essentialplugin",
    "author_display_name": "essentialplugin",
    "author_employer": "Essential Plugin",
    "author_member_since": "2025-05-12",
    "earliest_plugin_commit": "2015-11-04 09:07:17",
    "plugin_age_at_author_join": 3476,
    "author_age_now_days": 350,
    "prior_committers": [
        "plugin-master",
        "anoopranawat",
        "wponlinesupport",
        "frantorres"
    ],
    "active_installs": 30000
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	`analytics.essentialplugin.com`
Kind	`ioc:domain`
Version	`3.8.7.1`
Hit count	6
First hit	File `logo-showcase.php` Line 35 Snippet <p><?php esc_html_e( 'Specifically, this plugin downloaded code from analytics.essentialplugin.com and installed it in your site, while the specific case can differ, we know that they were installin
Explanation	—

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "analytics.essentialplugin.com",
    "kind": "ioc:domain",
    "version": "3.8.7.1",
    "hit_count": 6,
    "first_hit": {
        "file": "logo-showcase.php",
        "line": 35,
        "snippet": "<p><?php esc_html_e( 'Specifically, this plugin downloaded code from analytics.essentialplugin.com and installed it in your site, while the specific case can differ, we know that they were installin"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	`Plugin Wpos Analytics Data Starts`
Kind	`ioc:code_pattern`
Version	`3.8.7.1`
Hit count	1
First hit	File `logo-showcase.php` Line 309 Snippet `/* Plugin Wpos Analytics Data Starts */`
Explanation	—

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "Plugin Wpos Analytics Data Starts",
    "kind": "ioc:code_pattern",
    "version": "3.8.7.1",
    "hit_count": 1,
    "first_hit": {
        "file": "logo-showcase.php",
        "line": 309,
        "snippet": "/* Plugin Wpos Analytics Data Starts */"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`3.8.7.1`
Hit count	1
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 696 Snippet L690: $data = @file_get_contents($url); → L696: $info = @unserialize($data);
Explanation	a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "3.8.7.1",
    "hit_count": 1,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 696,
        "snippet": "L690: $data = @file_get_contents($url);  \u2192  L696: $info = @unserialize($data);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	`Wpos_Anylc_Admin`
Kind	`ioc:code_pattern`
Version	`3.8.7.1`
Hit count	6
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 15 Snippet `class Wpos_Anylc_Admin {`
Explanation	—

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "Wpos_Anylc_Admin",
    "kind": "ioc:code_pattern",
    "version": "3.8.7.1",
    "hit_count": 6,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 15,
        "snippet": "class Wpos_Anylc_Admin {"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	`wpos_rest_api_init`
Kind	`ioc:code_pattern`
Version	`3.8.7.1`
Hit count	2
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 72 Snippet `add_action( 'rest_api_init', array($this, 'wpos_rest_api_init') );`
Explanation	—

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "wpos_rest_api_init",
    "kind": "ioc:code_pattern",
    "version": "3.8.7.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 72,
        "snippet": "add_action( 'rest_api_init', array($this, 'wpos_rest_api_init') );"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	`wpos_handle_analytics_request`
Kind	`ioc:code_pattern`
Version	`3.8.7.1`
Hit count	2
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 593 Snippet 'callback' => array( $this, 'wpos_handle_analytics_request' ),
Explanation	—

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "wpos_handle_analytics_request",
    "kind": "ioc:code_pattern",
    "version": "3.8.7.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 593,
        "snippet": "'callback'            => array( $this, 'wpos_handle_analytics_request' ),"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	`wpos_get_plugin_version_by_file`
Kind	`ioc:code_pattern`
Version	`3.8.7.1`
Hit count	2
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 657 Snippet `$version = $this->wpos_get_plugin_version_by_file($matching_product['file']);`
Explanation	—

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "wpos_get_plugin_version_by_file",
    "kind": "ioc:code_pattern",
    "version": "3.8.7.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 657,
        "snippet": "$version = $this->wpos_get_plugin_version_by_file($matching_product['file']);"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	`wpos_process_monthly_data`
Kind	`ioc:code_pattern`
Version	`3.8.7.1`
Hit count	3
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 545 Snippet `$this->wpos_process_monthly_data( $this->analytics_slugs );`
Explanation	—

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "wpos_process_monthly_data",
    "kind": "ioc:code_pattern",
    "version": "3.8.7.1",
    "hit_count": 3,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 545,
        "snippet": "$this->wpos_process_monthly_data( $this->analytics_slugs );"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	https://analytics.essentialplugin.com
Kind	`ioc:url`
Version	`3.8.7.1`
Hit count	5
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 17 Snippet `public $analytics_endpoint = 'https://analytics.essentialplugin.com';`
Explanation	—

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "https://analytics.essentialplugin.com",
    "kind": "ioc:url",
    "version": "3.8.7.1",
    "hit_count": 5,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 17,
        "snippet": "public $analytics_endpoint\t= 'https://analytics.essentialplugin.com';"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	`$analytics_endpoint`
Kind	`ioc:code_pattern`
Version	`3.8.7.1`
Hit count	1
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 17 Snippet `public $analytics_endpoint = 'https://analytics.essentialplugin.com';`
Explanation	—

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "$analytics_endpoint",
    "kind": "ioc:code_pattern",
    "version": "3.8.7.1",
    "hit_count": 1,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 17,
        "snippet": "public $analytics_endpoint\t= 'https://analytics.essentialplugin.com';"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-logo-showcase-responsive-slider-slider
Pattern	`wpos_monthly_cron_hook`
Kind	`ioc:code_pattern`
Version	`3.8.7.1`
Hit count	4
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 69 Snippet add_action( 'wpos_monthly_cron_hook', array($this, 'wpos_monthly_cron_hook_fn') );
Explanation	—

View raw JSON

{
    "slug": "wp-logo-showcase-responsive-slider-slider",
    "pattern": "wpos_monthly_cron_hook",
    "kind": "ioc:code_pattern",
    "version": "3.8.7.1",
    "hit_count": 4,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 69,
        "snippet": "add_action( 'wpos_monthly_cron_hook', array($this, 'wpos_monthly_cron_hook_fn') );"
    },
    "explanation": null
}

SVN committers (5)

Accounts with actual commit access to wp-logo-showcase-responsive-slider-slider on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
anoopranawat	2013-06-24	113	2015-11-04 · r1279325	2022-02-02 · r2671318
wponlinesupport	2015-09-02	100	2018-11-01 · r1967092	2025-05-15 · r3294231
essentialplugin	2025-05-12	6	2025-09-07 · r3357439	2026-02-20 · r3466051
Francisco Torres	2012-02-08	1	2026-04-07 · r3501116	2026-04-07 · r3501116
plugin-master	2007-03-09	1	2015-11-04 · r1279286	2015-11-04 · r1279286

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
essentialplugin	2025-05-12	6 commits	Active

Versions (20 most recent)

Version	Released	Download
3.8.7.1	2026-04-07 · 24d ago	—
3.8.7	2026-02-20 · 2mo ago	—
3.8.6	2025-11-13 · 5mo ago	—
3.8.5	2025-09-07 · 7mo ago	—
3.8.4	2025-05-15 · 11mo ago	—
3.8.3	2025-01-16 · 1y ago	—
3.8.2	2024-11-20 · 1y ago	—
3.8.1	2024-07-26 · 1y ago	—
3.8	2024-07-15 · 1y ago	—
3.2.2	2023-02-27 · 3y ago	—
3.1.4	2022-09-23 · 3y ago	—
2.9.2	2021-08-17 · 4y ago	—
2.8.1	2021-05-14 · 4y ago	—
2.6	2020-10-21 · 5y ago	—
2.5.6	2020-08-14 · 5y ago	—
2.4.1	2020-04-07 · 6y ago	—
2.4	2019-12-26 · 6y ago	—
2.3.2	2019-11-12 · 6y ago	—
1.3.3	2018-01-17 · 8y ago	—
1.2.8	2017-09-14 · 8y ago	—