Author: hokku – WP Beacon

Alerts (0)

No open alerts.

Show 3 resolved alerts

Medium code_pattern Message Bridge for Contact Form 7 and Telegram Resolved · redetect_dupe_of_closed 7d ago

Slug	cf7-telegram
Pattern	`puc_update_hijack`
Kind	`builtin`
Version	`1.0.8`
Hit count	1
First hit	File `lib/Settings.php` Line 170 Snippet `$updateChecker = PucFactory::buildUpdateChecker(`
Explanation	plugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shape	`github_self_distro`
Url	https://github.com/hokoo/cf7-telegram
Url host	`github.com`
Slug arg	`cf7-telegram`

View raw JSON

{
    "slug": "cf7-telegram",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.0.8",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/Settings.php",
        "line": 170,
        "snippet": "$updateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "github_self_distro",
    "url": "https://github.com/hokoo/cf7-telegram",
    "url_host": "github.com",
    "slug_arg": "cf7-telegram"
}

Medium code_pattern Message Bridge for Contact Form 7 and Telegram Resolved · false_positive_gated_self_update 7d ago

Slug	cf7-telegram
Pattern	`puc_update_hijack`
Kind	`builtin`
Version	`1.0.8`
Hit count	1
First hit	File `lib/Settings.php` Line 170 Snippet `$updateChecker = PucFactory::buildUpdateChecker(`
Explanation	plugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shape	`github_self_distro`
Url	https://github.com/hokoo/cf7-telegram
Url host	`github.com`
Slug arg	`cf7-telegram`

View raw JSON

{
    "slug": "cf7-telegram",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.0.8",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/Settings.php",
        "line": 170,
        "snippet": "$updateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "github_self_distro",
    "url": "https://github.com/hokoo/cf7-telegram",
    "url_host": "github.com",
    "slug_arg": "cf7-telegram"
}

Medium code_pattern Message Bridge for Contact Form 7 and Telegram Resolved · false_positive_gated_self_update 7d ago

Slug	cf7-telegram
Pattern	`puc_update_hijack`
Kind	`builtin`
Version	`1.0.8`
Hit count	1
First hit	File `lib/Settings.php` Line 170 Snippet `$updateChecker = PucFactory::buildUpdateChecker(`
Explanation	plugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shape	`github_self_distro`
Url	https://github.com/hokoo/cf7-telegram
Url host	`github.com`
Slug arg	`cf7-telegram`

View raw JSON

{
    "slug": "cf7-telegram",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.0.8",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/Settings.php",
        "line": 170,
        "snippet": "$updateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "github_self_distro",
    "url": "https://github.com/hokoo/cf7-telegram",
    "url_host": "github.com",
    "slug_arg": "cf7-telegram"
}

Plugins authored (11)

Plugin	Version	Installs	Last updated	Status
Message Bridge for Contact Form 7 and Telegram ·`cf7-telegram`	1.0.8	10k+	29d ago	Active
Placeholder Image for WooCommerce ·`default-product-image-for-woocommerce`	1.1	500	6y ago	Active
WP Logger ·`wp-data-logger`	2.4	300	5mo ago	Active
WP Site Options ·`wp-site-options`	1.2.1	20	1y ago	Active
Attributes Class ID Rel Title for WP-links ·`class-id-for-wp-links`	1.2.1	20	9y ago	Active
WP Link Scroller ·`wp-link-scroller`	1.3.2	10	7y ago	Active
WP Rouble Rate ·`wp-rouble-rate`	1.0	10	9y ago	Active
Gone Control ·`gone-control`	0.5	—	29d ago	Active
Message Bridge for Contact Form 7 and VK ·`message-bridge-for-contact-form-7-and-vk`	0.1.4	—	3d ago	Active
Safety Passwords ·`safety-passwords`	1.4.2	—	1y ago	Active
WP Spammer ·`wp-spammer`	1.0.11	—	1y ago	Active

SVN commit access (2)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
Message Bridge for Contact Form 7 and Telegram	hokku	10k+	90	7y ago	29d ago	Active
Placeholder Image for WooCommerce	hokku	500	26	9y ago	6y ago	Active

iTRON

Alerts (0)

Plugins authored (11)

SVN commit access (2)