Tussendoor B.V.

@tussendoor · wordpress.org profile ↗

Member since: 2011-01-31
Location: Netherlands, Friesland, Leeuwarden
Employer: —
Job title: —
Authored: 12 (8 closed)
SVN commit access: 8 (5 closed)
Readme contributor: 1
Combined install base: 1k+ across 13 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert

Medium code_pattern Tussendoor – Open RDW Resolved · vendor_self_update_license_gated_fp 1mo ago

Slug	open-rdw-kenteken-voertuiginformatie
Pattern	`puc_update_hijack`
Kind	`builtin`
Version	`5.3.0`
Hit count	2
First hit	File `app/Updater.php` Line 60 Snippet self::$updater = Factory::buildUpdateChecker($metadataUrl, $fullPath, $slug);
Explanation	plugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shape	`unparseable`
Url	—
Url host	—
Slug arg	—

View raw JSON

{
    "slug": "open-rdw-kenteken-voertuiginformatie",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "5.3.0",
    "hit_count": 2,
    "first_hit": {
        "file": "app/Updater.php",
        "line": 60,
        "snippet": "self::$updater      = Factory::buildUpdateChecker($metadataUrl, $fullPath, $slug);"
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "unparseable",
    "url": null,
    "url_host": null,
    "slug_arg": null
}

Plugins authored (12)

Plugin	Version	Installs	Last updated	Status
Tussendoor – Open RDW ·`open-rdw-kenteken-voertuiginformatie`	5.3.0	600	1y ago	Active
Contact Form 7 minlength extension ·`minimum-length-for-contact-form-7`	1.4.1	300	8y ago	Active
Billink – Legacy ·`woocommerce-billink`	2.5.2	90	1y ago	Active
Woning Website Uitbreiding ·`woning-website-uitbreiding`	1.1.3	10	3y ago	Active
XML Reader voor Talantee vacatures ·`xml-reader-voor-talentee`	1.0.3	—	—	Closed
WordPress Call me Now ·`call-me-now`	1.0.5	—	—	Closed
Tussendoor – Google My Business API Reviews ·`tussendoor-google-my-business-api-reviews`	1.1.2	—	—	Closed
Tussendoor Shopp 1.2.* NL / Dutch plugin ·`tussendoor-shopp-12-nl`	1.3	—	—	Closed
ManageWP Security plugin by Tussendoor ·`managewp-security-by-tussendoor`	1.0.0	—	—	Closed
WP User Security plugin by Tussendoor ·`wp-user-security`	1.0.3	—	—	Closed
WordPress WeFact plugin ·`wordpress-wefact-plugin`	2.4.3	—	—	Closed
Couverts ·`reserveren-via-couverts`	1.0.5	—	—	Closed

SVN commit access (8)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin	Primary author	Installs	Commits	First	Latest	Status
Billink – Legacy	tussendoor	90	137	11y ago	1y ago	Active
Tussendoor – Open RDW	tussendoor	600	108	12y ago	1y ago	Active
Contact Form 7 minlength extension	tussendoor	300	31	14y ago	4y ago	Active
Tussendoor Shopp 1.2.* NL / Dutch plugin	tussendoor	—	19	14y ago	11y ago	Closed
WordPress Call me Now	tussendoor	—	18	12y ago	4y ago	Closed
Tussendoor – Google My Business API Reviews	tussendoor	—	16	4y ago	2y ago	Closed
WP User Security plugin by Tussendoor	tussendoor	—	5	11y ago	8y ago	Closed
XML Reader voor Talantee vacatures	tussendoor	—	4	9y ago	8y ago	Closed

Contributor on other plugins (1)

Plugins where this account is listed in the readme contributors (distinct from SVN commit access).

Plugin	Primary author	Version	Installs
Billink – Achteraf Betalen	billinknl	3.4.0	10