Plugin: wp-trending-post-slider-and-widget

Alerts (0)

No open alerts.

Show 10 resolved alerts

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-trending-post-slider-and-widget
Pattern	`analytics.essentialplugin.com`
Kind	`ioc:domain`
Version	`1.8.6.1`
Hit count	6
First hit	File `wp-trending-post-slider-widget.php` Line 37 Snippet <p><?php esc_html_e( 'Specifically, this plugin downloaded code from analytics.essentialplugin.com and installed it in your site, while the specific case can differ, we know that they were installin
Explanation	—

View raw JSON

{
    "slug": "wp-trending-post-slider-and-widget",
    "pattern": "analytics.essentialplugin.com",
    "kind": "ioc:domain",
    "version": "1.8.6.1",
    "hit_count": 6,
    "first_hit": {
        "file": "wp-trending-post-slider-widget.php",
        "line": 37,
        "snippet": "<p><?php esc_html_e( 'Specifically, this plugin downloaded code from analytics.essentialplugin.com and installed it in your site, while the specific case can differ, we know that they were installin"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-trending-post-slider-and-widget
Pattern	`unserialize_after_remote_call`
Kind	`builtin`
Version	`1.8.6.1`
Hit count	1
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 696 Snippet L690: $data = @file_get_contents($url); → L696: $info = @unserialize($data);
Explanation	a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file — classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised.

View raw JSON

{
    "slug": "wp-trending-post-slider-and-widget",
    "pattern": "unserialize_after_remote_call",
    "kind": "builtin",
    "version": "1.8.6.1",
    "hit_count": 1,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 696,
        "snippet": "L690: $data = @file_get_contents($url);  \u2192  L696: $info = @unserialize($data);"
    },
    "explanation": "a remote HTTP fetch (`wp_remote_*` / `curl_exec`) is followed by `@unserialize` within the same file \u2014 classic PHP Object Injection C2 gadget. The error-suppressed form is the tell: legit code wants to know when deserialize fails; attackers suppress so malformed gadgets do not leak. A real finding regardless of author intent: any plugin that deserializes remote responses without validation is a latent RCE chain if the remote endpoint is ever compromised."
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-trending-post-slider-and-widget
Pattern	`Wpos_Anylc_Admin`
Kind	`ioc:code_pattern`
Version	`1.8.6.1`
Hit count	6
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 15 Snippet `class Wpos_Anylc_Admin {`
Explanation	—

View raw JSON

{
    "slug": "wp-trending-post-slider-and-widget",
    "pattern": "Wpos_Anylc_Admin",
    "kind": "ioc:code_pattern",
    "version": "1.8.6.1",
    "hit_count": 6,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 15,
        "snippet": "class Wpos_Anylc_Admin {"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-trending-post-slider-and-widget
Pattern	`wpos_rest_api_init`
Kind	`ioc:code_pattern`
Version	`1.8.6.1`
Hit count	2
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 72 Snippet `add_action( 'rest_api_init', array($this, 'wpos_rest_api_init') );`
Explanation	—

View raw JSON

{
    "slug": "wp-trending-post-slider-and-widget",
    "pattern": "wpos_rest_api_init",
    "kind": "ioc:code_pattern",
    "version": "1.8.6.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 72,
        "snippet": "add_action( 'rest_api_init', array($this, 'wpos_rest_api_init') );"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-trending-post-slider-and-widget
Pattern	`wpos_handle_analytics_request`
Kind	`ioc:code_pattern`
Version	`1.8.6.1`
Hit count	2
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 593 Snippet 'callback' => array( $this, 'wpos_handle_analytics_request' ),
Explanation	—

View raw JSON

{
    "slug": "wp-trending-post-slider-and-widget",
    "pattern": "wpos_handle_analytics_request",
    "kind": "ioc:code_pattern",
    "version": "1.8.6.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 593,
        "snippet": "'callback'            => array( $this, 'wpos_handle_analytics_request' ),"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-trending-post-slider-and-widget
Pattern	`wpos_get_plugin_version_by_file`
Kind	`ioc:code_pattern`
Version	`1.8.6.1`
Hit count	2
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 657 Snippet `$version = $this->wpos_get_plugin_version_by_file($matching_product['file']);`
Explanation	—

View raw JSON

{
    "slug": "wp-trending-post-slider-and-widget",
    "pattern": "wpos_get_plugin_version_by_file",
    "kind": "ioc:code_pattern",
    "version": "1.8.6.1",
    "hit_count": 2,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 657,
        "snippet": "$version = $this->wpos_get_plugin_version_by_file($matching_product['file']);"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-trending-post-slider-and-widget
Pattern	`wpos_process_monthly_data`
Kind	`ioc:code_pattern`
Version	`1.8.6.1`
Hit count	3
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 545 Snippet `$this->wpos_process_monthly_data( $this->analytics_slugs );`
Explanation	—

View raw JSON

{
    "slug": "wp-trending-post-slider-and-widget",
    "pattern": "wpos_process_monthly_data",
    "kind": "ioc:code_pattern",
    "version": "1.8.6.1",
    "hit_count": 3,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 545,
        "snippet": "$this->wpos_process_monthly_data( $this->analytics_slugs );"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-trending-post-slider-and-widget
Pattern	https://analytics.essentialplugin.com
Kind	`ioc:url`
Version	`1.8.6.1`
Hit count	5
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 17 Snippet `public $analytics_endpoint = 'https://analytics.essentialplugin.com';`
Explanation	—

View raw JSON

{
    "slug": "wp-trending-post-slider-and-widget",
    "pattern": "https://analytics.essentialplugin.com",
    "kind": "ioc:url",
    "version": "1.8.6.1",
    "hit_count": 5,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 17,
        "snippet": "public $analytics_endpoint\t= 'https://analytics.essentialplugin.com';"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-trending-post-slider-and-widget
Pattern	`$analytics_endpoint`
Kind	`ioc:code_pattern`
Version	`1.8.6.1`
Hit count	1
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 17 Snippet `public $analytics_endpoint = 'https://analytics.essentialplugin.com';`
Explanation	—

View raw JSON

{
    "slug": "wp-trending-post-slider-and-widget",
    "pattern": "$analytics_endpoint",
    "kind": "ioc:code_pattern",
    "version": "1.8.6.1",
    "hit_count": 1,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 17,
        "snippet": "public $analytics_endpoint\t= 'https://analytics.essentialplugin.com';"
    },
    "explanation": null
}

Critical code_pattern Resolved · audit:malicious 2026-04-27 11:03:30 (5d ago)

Slug	wp-trending-post-slider-and-widget
Pattern	`wpos_monthly_cron_hook`
Kind	`ioc:code_pattern`
Version	`1.8.6.1`
Hit count	4
First hit	File `wpos-analytics/includes/class-anylc-admin.php` Line 69 Snippet add_action( 'wpos_monthly_cron_hook', array($this, 'wpos_monthly_cron_hook_fn') );
Explanation	—

View raw JSON

{
    "slug": "wp-trending-post-slider-and-widget",
    "pattern": "wpos_monthly_cron_hook",
    "kind": "ioc:code_pattern",
    "version": "1.8.6.1",
    "hit_count": 4,
    "first_hit": {
        "file": "wpos-analytics/includes/class-anylc-admin.php",
        "line": 69,
        "snippet": "add_action( 'wpos_monthly_cron_hook', array($this, 'wpos_monthly_cron_hook_fn') );"
    },
    "explanation": null
}

SVN committers (5)

Accounts with actual commit access to wp-trending-post-slider-and-widget on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
anoopranawat	2013-06-24	40	2016-02-26 · r1358591	2022-01-12 · r2656327
wponlinesupport	2015-09-02	37	2018-12-06 · r1986734	2025-05-16 · r3294578
essentialplugin	2025-05-12	3	2025-11-12 · r3394385	2026-02-20 · r3466059
David Perez	2015-09-17	2	2026-04-07 · r3501156	2026-04-07 · r3501157
plugin-master	2007-03-09	1	2016-02-26 · r1358482	2016-02-26 · r1358482

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
essentialplugin	2025-05-12	3 commits	Active

Versions (11 most recent)

Version	Released	Download
1.8.6.1	2026-04-07 · 24d ago	—
1.8.6	2026-02-20 · 2mo ago	—
1.8.5	2025-11-12 · 5mo ago	—
1.8.4	2025-05-16 · 11mo ago	—
1.8.3	2025-01-21 · 1y ago	—
1.8.2	2024-11-07 · 1y ago	—
1.8.1	2024-08-21 · 1y ago	—
1.3.5	2020-11-04 · 5y ago	—
1.3.2	2020-01-01 · 6y ago	—
1.2.2	2018-07-24 · 7y ago	—
1.1	2016-10-21 · 9y ago	—

Trending/Popular Post Slider and Widget

Alerts (0)

SVN committers (5)

Readme contributors (1)

Versions (11 most recent)