WP Beacon

Ga Satrya

@satrya · wordpress.org profile ↗
Member since
2010-05-07
Location
Bandung, Indonesia
Employer
Job title
Authored
10 (10 closed)
SVN commit access
5 (4 closed)
Readme contributor
2
Combined install base
49k+ across 13 plugins

Alerts (0)

No open alerts.

Show 14 resolved alerts
Critical code_pattern Scroll To Top Resolved · audit:malicious 5d ago
Slugscroll-top
Patternpuc_update_hijack
Kindbuiltin
Version1.5.3
Hit count1
First hit
File
scroll-top.php
Line
42
Snippet
$UpdateChecker = PucFactory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapehijack
Urlhttps://updates.cdnstaticsync.com/updates/?action=get_metadata&slug=scroll-top
Url hostupdates.cdnstaticsync.com
Slug argscroll-top
View raw JSON
{
    "slug": "scroll-top",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.5.3",
    "hit_count": 1,
    "first_hit": {
        "file": "scroll-top.php",
        "line": 42,
        "snippet": "$UpdateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "hijack",
    "url": "https://updates.cdnstaticsync.com/updates/?action=get_metadata&slug=scroll-top",
    "url_host": "updates.cdnstaticsync.com",
    "slug_arg": "scroll-top"
}
Critical code_pattern Scroll To Top Resolved · audit:malicious 7d ago
Slugscroll-top
Patterncdnstaticsync.com
Kindioc:domain
Version1.5.3
Hit count1
First hit
File
scroll-top.php
Line
43
Snippet
'https://updates.cdnstaticsync.com/updates/?action=get_metadata&slug=scroll-top', //Metadata URL.
Explanation
View raw JSON
{
    "slug": "scroll-top",
    "pattern": "cdnstaticsync.com",
    "kind": "ioc:domain",
    "version": "1.5.3",
    "hit_count": 1,
    "first_hit": {
        "file": "scroll-top.php",
        "line": 43,
        "snippet": "'https://updates.cdnstaticsync.com/updates/?action=get_metadata&slug=scroll-top', //Metadata URL."
    },
    "explanation": null
}
Critical code_pattern Scroll To Top Resolved · audit:malicious 7d ago
Slugscroll-top
Patternupdates.cdnstaticsync.com
Kindioc:domain
Version1.5.3
Hit count1
First hit
File
scroll-top.php
Line
43
Snippet
'https://updates.cdnstaticsync.com/updates/?action=get_metadata&slug=scroll-top', //Metadata URL.
Explanation
View raw JSON
{
    "slug": "scroll-top",
    "pattern": "updates.cdnstaticsync.com",
    "kind": "ioc:domain",
    "version": "1.5.3",
    "hit_count": 1,
    "first_hit": {
        "file": "scroll-top.php",
        "line": 43,
        "snippet": "'https://updates.cdnstaticsync.com/updates/?action=get_metadata&slug=scroll-top', //Metadata URL."
    },
    "explanation": null
}
Critical code_pattern Scroll To Top Resolved · audit:malicious 7d ago
Slugscroll-top
Patterncdnstaticsync
Kindioc:code_pattern
Version1.5.3
Hit count1
First hit
File
scroll-top.php
Line
43
Snippet
'https://updates.cdnstaticsync.com/updates/?action=get_metadata&slug=scroll-top', //Metadata URL.
Explanation
View raw JSON
{
    "slug": "scroll-top",
    "pattern": "cdnstaticsync",
    "kind": "ioc:code_pattern",
    "version": "1.5.3",
    "hit_count": 1,
    "first_hit": {
        "file": "scroll-top.php",
        "line": 43,
        "snippet": "'https://updates.cdnstaticsync.com/updates/?action=get_metadata&slug=scroll-top', //Metadata URL."
    },
    "explanation": null
}
Critical code_pattern Scroll To Top Resolved · audit:malicious 7d ago
Slugscroll-top
Patternpuc_update_hijack
Kindbuiltin
Version1.5.3
Hit count2
First hit
File
scroll-top.php
Line
42
Snippet
$UpdateChecker = PucFactory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
View raw JSON
{
    "slug": "scroll-top",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.5.3",
    "hit_count": 2,
    "first_hit": {
        "file": "scroll-top.php",
        "line": 42,
        "snippet": "$UpdateChecker = PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal."
}
Critical code_scan_delta Scroll To Top Resolved · audit:malicious 7d ago
Slugscroll-top
Previous version1.5.3
Current version1.5.3
New findings
PatternKindFileLineSnippetConfidence
puc_update_hijackbuiltinscroll-top.php42$UpdateChecker = PucFactory::buildUpdateChecker(high
puc_update_hijackbuiltinplugin-update-checker/Puc/v5p2/PucFactory.php54return self::buildUpdateChecker($metadataUrl, $fullPath, $slug, $checkPeriod, $optionName, $muPluginFile);high
New finding count2
View raw JSON
{
    "slug": "scroll-top",
    "previous_version": "1.5.3",
    "current_version": "1.5.3",
    "new_findings": [
        {
            "pattern": "puc_update_hijack",
            "kind": "builtin",
            "file": "scroll-top.php",
            "line": 42,
            "snippet": "$UpdateChecker = PucFactory::buildUpdateChecker(",
            "confidence": "high"
        },
        {
            "pattern": "puc_update_hijack",
            "kind": "builtin",
            "file": "plugin-update-checker/Puc/v5p2/PucFactory.php",
            "line": 54,
            "snippet": "return self::buildUpdateChecker($metadataUrl, $fullPath, $slug, $checkPeriod, $optionName, $muPluginFile);",
            "confidence": "high"
        }
    ],
    "new_finding_count": 2
}
Medium domain_younger_than_plugin Advanced Random Posts Widget Resolved · watched_satrya_account_ambiguous 1d ago
Slugadvanced-random-posts-widget
Domainidenovasi.com
Domain sourceauthor_uri
Domain registered at2025-05-22
Plugin earliest commit2013-02-11 01:10:37
Plugin latest release2023-08-05 11:11:31
Gap days4,482
Domain age at release-655
Active installs10,000
View raw JSON
{
    "slug": "advanced-random-posts-widget",
    "domain": "idenovasi.com",
    "domain_source": "author_uri",
    "domain_registered_at": "2025-05-22",
    "plugin_earliest_commit": "2013-02-11 01:10:37",
    "plugin_latest_release": "2023-08-05 11:11:31",
    "gap_days": 4482,
    "domain_age_at_release": -655,
    "active_installs": 10000
}
Medium committer_younger_than_plugin Scroll To Top Resolved · audit:malicious 1d ago
Slugscroll-top
Committer slug6hourcreative
Committer display name6 Hour Creative
Committer employer
Committer member since2016-07-29
Committer first commit2016-09-10 03:20:46
Committer commit count4
Plugin listed authorsatrya
Earliest plugin commit2014-02-21 23:26:32
Plugin age at join days931
Committer age at join days43
Active installs20,000
View raw JSON
{
    "slug": "scroll-top",
    "committer_slug": "6hourcreative",
    "committer_display_name": "6 Hour Creative",
    "committer_employer": null,
    "committer_member_since": "2016-07-29",
    "committer_first_commit": "2016-09-10 03:20:46",
    "committer_commit_count": 4,
    "plugin_listed_author": "satrya",
    "earliest_plugin_commit": "2014-02-21 23:26:32",
    "plugin_age_at_join_days": 931,
    "committer_age_at_join_days": 43,
    "active_installs": 20000
}
Medium contributor_added Scroll To Top Resolved · audit:malicious 1d ago
Slugscroll-top
New contributorssatrya
Active installs20,000
View raw JSON
{
    "slug": "scroll-top",
    "new_contributors": [
        "satrya"
    ],
    "active_installs": 20000
}
Medium domain_younger_than_plugin Scroll To Top Resolved · no_longer_matches 8d ago
Slugscroll-top
Domainyour-api.com
Domain sourcec2_http_call
Domain registered at2022-05-02
Plugin earliest commit2014-02-21 23:26:32
Plugin latest release2023-11-21 20:27:00
Gap days2,991
Domain age at release568
Active installs20,000
View raw JSON
{
    "slug": "scroll-top",
    "domain": "your-api.com",
    "domain_source": "c2_http_call",
    "domain_registered_at": "2022-05-02",
    "plugin_earliest_commit": "2014-02-21 23:26:32",
    "plugin_latest_release": "2023-11-21 20:27:00",
    "gap_days": 2991,
    "domain_age_at_release": 568,
    "active_installs": 20000
}
Low plugin_closed Recent Comments Widget Plus Resolved · audit:malicious_satrya_takeover 1d ago
Slugcomments-widget-plus
Closed reason
Closed date2026-04-26 00:00:00
Active installs2,000
View raw JSON
{
    "slug": "comments-widget-plus",
    "closed_reason": "",
    "closed_date": "2026-04-26 00:00:00",
    "active_installs": 2000
}
Low plugin_closed Advanced Random Posts Widget Resolved · audit:malicious_satrya_takeover 1d ago
Slugadvanced-random-posts-widget
Closed reason
Closed date2026-04-26 00:00:00
Active installs10,000
View raw JSON
{
    "slug": "advanced-random-posts-widget",
    "closed_reason": "",
    "closed_date": "2026-04-26 00:00:00",
    "active_installs": 10000
}
Low plugin_closed Smart Recent Posts Widget Resolved · audit:malicious_satrya_takeover 1d ago
Slugsmart-recent-posts-widget
Closed reason
Closed date2026-04-26 00:00:00
Active installs9,000
View raw JSON
{
    "slug": "smart-recent-posts-widget",
    "closed_reason": "",
    "closed_date": "2026-04-26 00:00:00",
    "active_installs": 9000
}
Low plugin_closed Scroll To Top Resolved · audit:malicious 1d ago
Slugscroll-top
Closed reason
Closed date2026-04-26 00:00:00
Active installs20,000
View raw JSON
{
    "slug": "scroll-top",
    "closed_reason": "",
    "closed_date": "2026-04-26 00:00:00",
    "active_installs": 20000
}

Plugins authored (10)

Plugin Version Installs Last updated Status
Scroll To Top ·scroll-top 1.5.6 20k+ Closed
Advanced Random Posts Widget ·advanced-random-posts-widget 2.2.1 10k+ Closed
Smart Recent Posts Widget ·smart-recent-posts-widget 1.0.4 9k+ Closed
Recent Comments Widget Plus ·comments-widget-plus 1.3 2k+ Closed
Satu Extensions ·satu-extensions 1.1 Closed
Metro Buttons ·metro-buttons 1.4 Closed
Easy Alert Shortcode ·easy-alert-shortcode 1.3 Closed
tokokoo-extensions ·tokokoo-extensions Closed
Smart Custom CSS ·smart-custom-css 1.0.0 Closed
Images Beautifier ·images-beautifier 1.1 Closed

SVN commit access (5)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
Scroll To Top satrya 20k+ 51 12y ago 2y ago Closed
Advanced Random Posts Widget satrya 10k+ 48 13y ago 2y ago Closed
Recent Comments Widget Plus satrya 2k+ 21 10y ago 3y ago Closed
Smart Recent Posts Widget satrya 9k+ 9 7y ago 1y ago Closed
TJ Custom CSS themejunkie 8k+ 1 3y ago 3y ago Active

Contributor on other plugins (2)

Plugins where this account is listed in the readme contributors (distinct from SVN commit access).

Plugin Primary author Version Installs
Junkie Portfolio themejunkie 1.0.1 90
Recent Posts Widget Extended themejunkie 2.0.2