WP Beacon

Vektor,Inc.

@vektor-inc · wordpress.org profile ↗
Member since
2015-01-07
Location
Employer
Job title
Authored
8
SVN commit access
6
Readme contributor
3
Combined install base
344k+ across 11 plugins

Alerts (0)

No open alerts.

Show 1 resolved alert
Low code_pattern VK Blocks Resolved · benign_same_author_domain 5d ago
Slugvk-blocks
Patternpuc_update_hijack
Kindbuiltin
Version1.118.2
Hit count1
First hit
File
vk-blocks.php
Line
202
Snippet
$vk_blocks_update_checker = YahnisElsts\PluginUpdateChecker\v5\PucFactory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapepremium_sibling
Urlhttps://license.vektor-inc.co.jp/check/?action=get_metadata&slug=vk-blocks-pro
Url hostlicense.vektor-inc.co.jp
Slug argvk-blocks-pro
View raw JSON
{
    "slug": "vk-blocks",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.118.2",
    "hit_count": 1,
    "first_hit": {
        "file": "vk-blocks.php",
        "line": 202,
        "snippet": "$vk_blocks_update_checker = YahnisElsts\\PluginUpdateChecker\\v5\\PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "premium_sibling",
    "url": "https://license.vektor-inc.co.jp/check/?action=get_metadata&slug=vk-blocks-pro",
    "url_host": "license.vektor-inc.co.jp",
    "slug_arg": "vk-blocks-pro"
}

Plugins authored (8)

Plugin Version Installs Last updated Status
VK Block Patterns ·vk-block-patterns 1.35.2 100k+ 1mo ago Active
VK Blocks ·vk-blocks 1.118.5 100k+ 5d ago Active
VK Link Target Controller ·vk-link-target-controller 1.10.1 30k+ 9d ago Active
VK Filter Search ·vk-filter-search 2.20.2 6k+ 1mo ago Active
VK Dynamic If Block ·vk-dynamic-if-block 1.6.0 3k+ 1mo ago Active
VK Google Job Posting Manager ·vk-google-job-posting-manager 1.3.1 2k+ 4d ago Active
VK Simple Copy Block ·vk-simple-copy-block 0.1.7 300 1mo ago Active
VK Plugin Beta Tester ·vk-plugin-beta-tester 0.2.9 10 4y ago Active

SVN commit access (6)

Plugins this account has pushed commits to, reconstructed from plugins.svn.wordpress.org. A new name showing up here on an established plugin is the strongest ownership-transfer signal.

Plugin Primary author Installs Commits First Latest Status
VK Filter Search vektor-inc 6k+ 153 5y ago 1mo ago Active
VK Block Patterns vektor-inc 100k+ 150 5y ago 1mo ago Active
VK Link Target Controller vektor-inc 30k+ 56 11y ago 9d ago Active
VK Dynamic If Block vektor-inc 3k+ 50 3y ago 1mo ago Active
VK Blocks vektor-inc 100k+ 1 7y ago 5d ago Active
VK Google Job Posting Manager vektor-inc 2k+ 1 7y ago 4d ago Active

Contributor on other plugins (3)

Plugins where this account is listed in the readme contributors (distinct from SVN commit access).

Plugin Primary author Version Installs
VK All in One Expansion Unit kurudrive 9.114.0 100k+
Lightning Advanced Unit kurudrive 3.4.1 3k+
VK Front-end Grid Editor kurudrive 1.0.9