WP Beacon

iTRON

@hokku · wordpress.org profile ↗
Member since
2011-11-03
Location
Georgia
Employer
Job title
Authored
11
SVN commit access
3
Readme contributor
0
Combined install base
11k+ across 11 plugins

Alerts (0)

No open alerts.

Show 4 resolved alerts
Critical code_scan_match Message Bridge for Contact Form 7 and Telegram Resolved · code_scan_fp_class_vendor_self_hosted_pro_updater 17d ago
Slugcf7-telegram
Finding count1
Findings
PatternKindFileLineSnippetConfidenceDetails
puc_update_hijackbuiltinlib/Settings.php170$updateChecker = PucFactory::buildUpdateChecker(high
Url
https://github.com/hokoo/cf7-telegram
Url host
github.com
Slug arg
cf7-telegram
Resolved sha587e7fbd79c478465f2d9a978a9b3ef1b2080c38
View raw JSON
{
    "slug": "cf7-telegram",
    "finding_count": 1,
    "findings": [
        {
            "pattern": "puc_update_hijack",
            "kind": "builtin",
            "file": "lib/Settings.php",
            "line": 170,
            "snippet": "$updateChecker = PucFactory::buildUpdateChecker(",
            "confidence": "high",
            "details": {
                "url": "https://github.com/hokoo/cf7-telegram",
                "url_host": "github.com",
                "slug_arg": "cf7-telegram"
            }
        }
    ],
    "resolved_sha": "587e7fbd79c478465f2d9a978a9b3ef1b2080c38"
}
Medium code_pattern Message Bridge for Contact Form 7 and Telegram Resolved · redetect_dupe_of_closed 27d ago
Slugcf7-telegram
Patternpuc_update_hijack
Kindbuiltin
Version1.0.8
Hit count1
First hit
File
lib/Settings.php
Line
170
Snippet
$updateChecker = PucFactory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapegithub_self_distro
Urlhttps://github.com/hokoo/cf7-telegram
Url hostgithub.com
Slug argcf7-telegram
View raw JSON
{
    "slug": "cf7-telegram",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.0.8",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/Settings.php",
        "line": 170,
        "snippet": "$updateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "github_self_distro",
    "url": "https://github.com/hokoo/cf7-telegram",
    "url_host": "github.com",
    "slug_arg": "cf7-telegram"
}
Medium code_pattern Message Bridge for Contact Form 7 and Telegram Resolved · false_positive_gated_self_update 27d ago
Slugcf7-telegram
Patternpuc_update_hijack
Kindbuiltin
Version1.0.8
Hit count1
First hit
File
lib/Settings.php
Line
170
Snippet
$updateChecker = PucFactory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapegithub_self_distro
Urlhttps://github.com/hokoo/cf7-telegram
Url hostgithub.com
Slug argcf7-telegram
View raw JSON
{
    "slug": "cf7-telegram",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.0.8",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/Settings.php",
        "line": 170,
        "snippet": "$updateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "github_self_distro",
    "url": "https://github.com/hokoo/cf7-telegram",
    "url_host": "github.com",
    "slug_arg": "cf7-telegram"
}
Medium code_pattern Message Bridge for Contact Form 7 and Telegram Resolved · false_positive_gated_self_update 28d ago
Slugcf7-telegram
Patternpuc_update_hijack
Kindbuiltin
Version1.0.8
Hit count1
First hit
File
lib/Settings.php
Line
170
Snippet
$updateChecker = PucFactory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapegithub_self_distro
Urlhttps://github.com/hokoo/cf7-telegram
Url hostgithub.com
Slug argcf7-telegram
View raw JSON
{
    "slug": "cf7-telegram",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.0.8",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/Settings.php",
        "line": 170,
        "snippet": "$updateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "github_self_distro",
    "url": "https://github.com/hokoo/cf7-telegram",
    "url_host": "github.com",
    "slug_arg": "cf7-telegram"
}

Plugins authored (11)

Plugin Version Installs Last updated Status
Message Bridge for Contact Form 7 and Telegram ·cf7-telegram 1.0.8 10k+ 1mo ago Active
Placeholder Image for WooCommerce ·default-product-image-for-woocommerce 1.1 500 6y ago Active
WP Logger ·wp-data-logger 2.4 300 5mo ago Active
WP Site Options ·wp-site-options 1.2.1 20 1y ago Active
Attributes Class ID Rel Title for WP-links ·class-id-for-wp-links 1.2.1 20 9y ago Active
WP Link Scroller ·wp-link-scroller 1.3.2 10 7y ago Active
WP Rouble Rate ·wp-rouble-rate 1.0 10 9y ago Active
Gone Control ·gone-control 0.5 1mo ago Active
Message Bridge for Contact Form 7 and VK ·message-bridge-for-contact-form-7-and-vk 0.1.4 23d ago Active
Safety Passwords ·safety-passwords 1.4.2 1y ago Active
WP Spammer ·wp-spammer 1.0.11 1y ago Active

SVN commit access (3)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Message Bridge for Contact Form 7 and Telegram hokku 10k+ 90 7y ago 1mo ago Active
Placeholder Image for WooCommerce hokku 500 26 9y ago 6y ago Active
WP Logger hokku 300 23 7y ago 5mo ago Active