WP Beacon

Northern Beaches Websites

@northernbeacheswebsites · wordpress.org profile ↗
Member since
2015-06-25
Location
Sydney, Australia
Employer
Northern Beaches Websites
Job title
Authored
7 (1 closed)
SVN commit access
5
Readme contributor
0
Combined install base
50k+ across 7 plugins

Alerts (0)

No open alerts.

Show 4 resolved alerts
Critical code_pattern IdeaPush Resolved · vendor_self_update_northern_beaches_websites 1mo ago
Slugideapush
Patternpuc_update_hijack
Kindbuiltin
Version8.77
Hit count1
First hit
File
ideapush.php
Line
1,220
Snippet
$plugin_update_checker_ideapush = Puc_v4_Factory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapehijack
Urlhttps://northernbeacheswebsites.com.au/?update_action=get_metadata&update_slug=ideapush
Url hostnorthernbeacheswebsites.com.au
Slug argideapush
View raw JSON
{
    "slug": "ideapush",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "8.77",
    "hit_count": 1,
    "first_hit": {
        "file": "ideapush.php",
        "line": 1220,
        "snippet": "$plugin_update_checker_ideapush = Puc_v4_Factory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "hijack",
    "url": "https://northernbeacheswebsites.com.au/?update_action=get_metadata&update_slug=ideapush",
    "url_host": "northernbeacheswebsites.com.au",
    "slug_arg": "ideapush"
}
Medium code_scan_match WP Custom Admin Interface Resolved · code_scan_fp_class_genre_encoding 1mo ago
Slugwp-custom-admin-interface
Finding count5
Findings
PatternKindFileLineSnippetConfidence
eval_callbuiltinwp-custom-admin-interface.php1,080@eval($stripPhpTags);medium
base64_decodebuiltinwp-custom-admin-interface.php787$extractedSettings = unserialize(base64_decode($settings), array('allowed_classes' => false));medium
base64_decodebuiltinwp-custom-admin-interface.php1,558$topLevelMenuDecoded = json_decode(base64_decode($topLevelMenu),true);medium
base64_decodebuiltinwp-custom-admin-interface.php1,564$subLevelMenuDecoded = json_decode(base64_decode($subLevelMenu),true);medium
base64_decodebuiltinwp-custom-admin-interface.php2,041$toolbarMenuDecoded = json_decode(base64_decode($toolbarMenu));medium
Resolved shaa02bf0a77834ba6b4cd7eb3c22ddbab046783fb9
View raw JSON
{
    "slug": "wp-custom-admin-interface",
    "finding_count": 5,
    "findings": [
        {
            "pattern": "eval_call",
            "kind": "builtin",
            "file": "wp-custom-admin-interface.php",
            "line": 1080,
            "snippet": "@eval($stripPhpTags);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wp-custom-admin-interface.php",
            "line": 787,
            "snippet": "$extractedSettings = unserialize(base64_decode($settings), array('allowed_classes' => false));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wp-custom-admin-interface.php",
            "line": 1558,
            "snippet": "$topLevelMenuDecoded = json_decode(base64_decode($topLevelMenu),true);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wp-custom-admin-interface.php",
            "line": 1564,
            "snippet": "$subLevelMenuDecoded = json_decode(base64_decode($subLevelMenu),true);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "wp-custom-admin-interface.php",
            "line": 2041,
            "snippet": "$toolbarMenuDecoded = json_decode(base64_decode($toolbarMenu));",
            "confidence": "medium"
        }
    ],
    "resolved_sha": "a02bf0a77834ba6b4cd7eb3c22ddbab046783fb9"
}
Low code_pattern IdeaPush Resolved · vendor_updater_low_informational_rule_fix_validate 1mo ago
Slugideapush
Patternpuc_update_hijack
Kindbuiltin
Version8.77
Hit count1
First hit
File
ideapush.php
Line
1,220
Snippet
$plugin_update_checker_ideapush = Puc_v4_Factory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapevendor_updater
Urlhttps://northernbeacheswebsites.com.au/?update_action=get_metadata&update_slug=ideapush
Url hostnorthernbeacheswebsites.com.au
Slug argideapush
View raw JSON
{
    "slug": "ideapush",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "8.77",
    "hit_count": 1,
    "first_hit": {
        "file": "ideapush.php",
        "line": 1220,
        "snippet": "$plugin_update_checker_ideapush = Puc_v4_Factory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "vendor_updater",
    "url": "https://northernbeacheswebsites.com.au/?update_action=get_metadata&update_slug=ideapush",
    "url_host": "northernbeacheswebsites.com.au",
    "slug_arg": "ideapush"
}
Low code_pattern WP GoToWebinar Resolved · vendor_self_update_license_gated_fp 1mo ago
Slugwp-gotowebinar
Patternpuc_update_hijack
Kindbuiltin
Version15.11
Hit count1
First hit
File
wp-gotowebinar.php
Line
1,179
Snippet
$plugin_update_checker_wp_gotowebinar = Puc_v4_Factory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapevendor_updater
Urlhttps://northernbeacheswebsites.com.au/?update_action=get_metadata&update_slug=wp-gotowebinar
Url hostnorthernbeacheswebsites.com.au
Slug argwp-gotowebinar
View raw JSON
{
    "slug": "wp-gotowebinar",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "15.11",
    "hit_count": 1,
    "first_hit": {
        "file": "wp-gotowebinar.php",
        "line": 1179,
        "snippet": "$plugin_update_checker_wp_gotowebinar = Puc_v4_Factory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "vendor_updater",
    "url": "https://northernbeacheswebsites.com.au/?update_action=get_metadata&update_slug=wp-gotowebinar",
    "url_host": "northernbeacheswebsites.com.au",
    "slug_arg": "wp-gotowebinar"
}

Plugins authored (7)

Plugin Version Installs Last updated Status
WP Custom Admin Interface ·wp-custom-admin-interface 7.43 30k+ 4mo ago Active
Auto Publish for Google My Business ·wp-google-my-business-auto-publish 3.13 10k+ 1y ago Active
WP LinkedIn Auto Publish ·wp-linkedin-auto-publish 8.26 8k+ 24d ago Active
IdeaPush ·ideapush 8.77 800 1mo ago Active
WP GoToWebinar ·wp-gotowebinar 15.11 700 1y ago Active
WP Roster ·wp-roster 2.30 10 3y ago Active
WP Facebook Live Video ·wp-facebook-live-video 5.2 Closed

SVN commit access (5)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
WP GoToWebinar northernbeacheswebsites 700 264 10y ago 1y ago Active
WP Custom Admin Interface northernbeacheswebsites 30k+ 195 9y ago 4mo ago Active
Auto Publish for Google My Business northernbeacheswebsites 10k+ 125 8y ago 1y ago Active
WP LinkedIn Auto Publish northernbeacheswebsites 8k+ 6 9y ago 24d ago Active
IdeaPush northernbeacheswebsites 800 2 8y ago 1mo ago Active