WP Beacon

Stonehenge Creations

@duisterdenhaag · wordpress.org profile ↗
Member since
2014-07-05
Location
The Hague, The Netherlands
Employer
Stonehenge Creations
Job title
Owner and only employee
Authored
10 (1 closed)
SVN commit access
7 (1 closed)
Readme contributor
0
Combined install base
1k+ across 10 plugins

Alerts (0)

No open alerts.

Show 3 resolved alerts
Medium code_pattern Events Manager – Events / Locations Slider Resolved · vendor_self_update_stonehengelabs_license_gated_fp 1mo ago
Slugstonehenge-em-slider
Patternpuc_update_hijack
Kindbuiltin
Version1.8.7
Hit count1
First hit
File
stonehenge/class-updater.php
Line
49
Snippet
$UpdateChecker = Puc_v4_Factory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapeunparseable
Url
Url host
Slug arg
View raw JSON
{
    "slug": "stonehenge-em-slider",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.8.7",
    "hit_count": 1,
    "first_hit": {
        "file": "stonehenge/class-updater.php",
        "line": 49,
        "snippet": "$UpdateChecker = Puc_v4_Factory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "unparseable",
    "url": null,
    "url_host": null,
    "slug_arg": null
}
Medium code_pattern Events Manager – Email Users Resolved · vendor_self_update_stonehengelabs_license_gated_fp 1mo ago
Slugevents-manager-email-users
Patternpuc_update_hijack
Kindbuiltin
Version4.8.2
Hit count1
First hit
File
stonehenge/class-updater.php
Line
49
Snippet
$UpdateChecker = Puc_v4_Factory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapeunparseable
Url
Url host
Slug arg
View raw JSON
{
    "slug": "events-manager-email-users",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "4.8.2",
    "hit_count": 1,
    "first_hit": {
        "file": "stonehenge/class-updater.php",
        "line": 49,
        "snippet": "$UpdateChecker = Puc_v4_Factory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "unparseable",
    "url": null,
    "url_host": null,
    "slug_arg": null
}
Medium code_pattern Events Manager – OpenStreetMaps Resolved · vendor_self_update_license_gated_fp 1mo ago
Slugstonehenge-em-osm
Patternpuc_update_hijack
Kindbuiltin
Version4.2.1
Hit count3
First hit
File
stonehenge/class-updater.php
Line
49
Snippet
$UpdateChecker = Puc_v4_Factory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapeunparseable
Url
Url host
Slug arg
View raw JSON
{
    "slug": "stonehenge-em-osm",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "4.2.1",
    "hit_count": 3,
    "first_hit": {
        "file": "stonehenge/class-updater.php",
        "line": 49,
        "snippet": "$UpdateChecker = Puc_v4_Factory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "unparseable",
    "url": null,
    "url_host": null,
    "slug_arg": null
}

Plugins authored (10)

Plugin Version Installs Last updated Status
Events Manager – OpenStreetMaps ·stonehenge-em-osm 4.2.1 700 4y ago Active
Events Manager – Email Users ·events-manager-email-users 4.8.2 100 4y ago Active
Events Manager – Events / Locations Slider ·stonehenge-em-slider 1.8.7 90 4y ago Active
Events Manager Pro – Mollie Payments ·stonehenge-em-mollie 2.4.4 70 5y ago Active
Events Manager – Move Bookings ·stonehenge-em-move-bookings 2.0.2 60 4y ago Active
Events Manager – Event Cancellation ·stonehenge-em-cancellation 2.0.2 50 4y ago Active
Events Manager Pro – Payment Gateway Selector ·stonehenge-em-gateway-selector 2.0.4 20 4y ago Active
Events Manager – Ongoing Events ·stonehenge-em-ongoing-events 1.6.2 10 4y ago Active
Events Manager – Google Maps Styling ·stonehenge-em-maps-styling 2.1 Closed
Events Manager – MultiSite Email ·events-manager-add-on-multisite-mail-settings 4.1 7y ago Active

SVN commit access (7)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Events Manager – OpenStreetMaps duisterdenhaag 700 143 7y ago 4y ago Active
Events Manager Pro – Mollie Payments duisterdenhaag 70 98 7y ago 5y ago Active
Events Manager – Email Users duisterdenhaag 100 94 7y ago 4y ago Active
Events Manager – Events / Locations Slider duisterdenhaag 90 50 7y ago 4y ago Active
Events Manager – Google Maps Styling duisterdenhaag 44 8y ago 7y ago Closed
Events Manager – Event Cancellation duisterdenhaag 50 20 7y ago 4y ago Active
Events Manager – Move Bookings duisterdenhaag 60 15 7y ago 4y ago Active