WP Beacon

If-So Dynamic Content

@ifso · wordpress.org profile ↗
Member since
2017-03-23
Location
London
Employer
IfSo Dynamic Content
Job title
CEO
Authored
3
SVN commit access
3
Readme contributor
0
Combined install base
10k+ across 3 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert
Medium code_pattern If-So Dynamic Content Personalization Resolved · fp:vendor_premium_update_channel 1d ago
Slugif-so
Patternpuc_update_hijack
Kindbuiltin
Version1.9.8
Hit count1
First hit
File
extensions/extension-base/extension-initializer-base.class.php
Line
16
Snippet
$myUpdateChecker = PucFactory::buildUpdateChecker( //Check for updates
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapeunparseable
Url
Url host
Slug arg
View raw JSON
{
    "slug": "if-so",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.9.8",
    "hit_count": 1,
    "first_hit": {
        "file": "extensions/extension-base/extension-initializer-base.class.php",
        "line": 16,
        "snippet": "$myUpdateChecker = PucFactory::buildUpdateChecker(      //Check for updates"
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "unparseable",
    "url": null,
    "url_host": null,
    "slug_arg": null
}

Plugins authored (3)

Plugin Version Installs Last updated Status
If-So Dynamic Content Personalization ·if-so 1.9.8 8k+ 6d ago Active
If-So Geolocation ·if-so-geolocation 1.5 1k+ 4mo ago Active
If-So Conditional Content for Elementor ·if-so-conditional-elementor-elements 1.4 1k+ 4mo ago Active

SVN commit access (3)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
If-So Geolocation ifso 1k+ 50 3y ago 4mo ago Active
If-So Conditional Content for Elementor ifso 1k+ 10 1y ago 4mo ago Active
If-So Dynamic Content Personalization ifso 8k+ 3 9y ago 6d ago Active