Author: hokku – WP Beacon

Alerts (0)

No open alerts.

Show 4 resolved alerts

Critical code_scan_match Message Bridge for Contact Form 7 and Telegram Resolved · code_scan_fp_class_vendor_self_hosted_pro_updater 1mo ago

Slug cf7-telegram

Finding count 1

Findings

Pattern	Kind	File	Line	Snippet	Confidence	Details
`puc_update_hijack`	`builtin`	`lib/Settings.php`	170	`$updateChecker = PucFactory::buildUpdateChecker(`	`high`	Url https://github.com/hokoo/cf7-telegram Url host `github.com` Slug arg `cf7-telegram`

Resolved sha 587e7fbd79c478465f2d9a978a9b3ef1b2080c38

View raw JSON

{
    "slug": "cf7-telegram",
    "finding_count": 1,
    "findings": [
        {
            "pattern": "puc_update_hijack",
            "kind": "builtin",
            "file": "lib/Settings.php",
            "line": 170,
            "snippet": "$updateChecker = PucFactory::buildUpdateChecker(",
            "confidence": "high",
            "details": {
                "url": "https://github.com/hokoo/cf7-telegram",
                "url_host": "github.com",
                "slug_arg": "cf7-telegram"
            }
        }
    ],
    "resolved_sha": "587e7fbd79c478465f2d9a978a9b3ef1b2080c38"
}

Medium code_pattern Message Bridge for Contact Form 7 and Telegram Resolved · redetect_dupe_of_closed 1mo ago

Slug	cf7-telegram
Pattern	`puc_update_hijack`
Kind	`builtin`
Version	`1.0.8`
Hit count	1
First hit	File `lib/Settings.php` Line 170 Snippet `$updateChecker = PucFactory::buildUpdateChecker(`
Explanation	plugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shape	`github_self_distro`
Url	https://github.com/hokoo/cf7-telegram
Url host	`github.com`
Slug arg	`cf7-telegram`

View raw JSON

{
    "slug": "cf7-telegram",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.0.8",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/Settings.php",
        "line": 170,
        "snippet": "$updateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "github_self_distro",
    "url": "https://github.com/hokoo/cf7-telegram",
    "url_host": "github.com",
    "slug_arg": "cf7-telegram"
}

Medium code_pattern Message Bridge for Contact Form 7 and Telegram Resolved · false_positive_gated_self_update 1mo ago

Slug	cf7-telegram
Pattern	`puc_update_hijack`
Kind	`builtin`
Version	`1.0.8`
Hit count	1
First hit	File `lib/Settings.php` Line 170 Snippet `$updateChecker = PucFactory::buildUpdateChecker(`
Explanation	plugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shape	`github_self_distro`
Url	https://github.com/hokoo/cf7-telegram
Url host	`github.com`
Slug arg	`cf7-telegram`

View raw JSON

{
    "slug": "cf7-telegram",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.0.8",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/Settings.php",
        "line": 170,
        "snippet": "$updateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "github_self_distro",
    "url": "https://github.com/hokoo/cf7-telegram",
    "url_host": "github.com",
    "slug_arg": "cf7-telegram"
}

Medium code_pattern Message Bridge for Contact Form 7 and Telegram Resolved · false_positive_gated_self_update 1mo ago

Slug	cf7-telegram
Pattern	`puc_update_hijack`
Kind	`builtin`
Version	`1.0.8`
Hit count	1
First hit	File `lib/Settings.php` Line 170 Snippet `$updateChecker = PucFactory::buildUpdateChecker(`
Explanation	plugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shape	`github_self_distro`
Url	https://github.com/hokoo/cf7-telegram
Url host	`github.com`
Slug arg	`cf7-telegram`

View raw JSON

{
    "slug": "cf7-telegram",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.0.8",
    "hit_count": 1,
    "first_hit": {
        "file": "lib/Settings.php",
        "line": 170,
        "snippet": "$updateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "github_self_distro",
    "url": "https://github.com/hokoo/cf7-telegram",
    "url_host": "github.com",
    "slug_arg": "cf7-telegram"
}

Plugins authored (11)

Plugin	Version	Installs	Last updated	Status
Message Bridge for Contact Form 7 and Telegram ·`cf7-telegram`	1.0.9	10k+	16d ago	Active
Placeholder Image for WooCommerce ·`default-product-image-for-woocommerce`	1.1	400	6y ago	Active
WP Logger ·`wp-data-logger`	2.4	300	6mo ago	Active
WP Site Options ·`wp-site-options`	1.2.1	20	1y ago	Active
Attributes Class ID Rel Title for WP-links ·`class-id-for-wp-links`	1.2.1	20	9y ago	Active
WP Link Scroller ·`wp-link-scroller`	1.3.2	10	7y ago	Active
WP Rouble Rate ·`wp-rouble-rate`	1.0	10	9y ago	Active
Gone Control ·`gone-control`	0.5	—	2mo ago	Active
Message Bridge for Contact Form 7 and VK ·`message-bridge-for-contact-form-7-and-vk`	0.1.4	—	1mo ago	Active
Safety Passwords ·`safety-passwords`	1.4.2	—	1y ago	Active
WP Spammer ·`wp-spammer`	1.0.11	—	1y ago	Active

SVN commit access (3)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
Placeholder Image for WooCommerce	hokku	400	26	9y ago	6y ago	Active
WP Logger	hokku	300	23	7y ago	6mo ago	Active
Message Bridge for Contact Form 7 and Telegram	hokku	10k+	1	7y ago	16d ago	Active

iTRON

Alerts (0)

Plugins authored (11)

SVN commit access (3)