WP Beacon

IdeaPush

ideapush · by northernbeacheswebsites · wordpress.org ↗ · SVN ↗
Active installs
800
Current version
8.77
Added
2018-02-27
Last updated
2026-05-05 (1mo ago)
First seen by beacon
1mo ago
Total downloads
38,931

Alerts (0)

No open alerts.

Show 2 resolved alerts
Low code_pattern Resolved · vendor_updater_low_informational_rule_fix_validate 2026-05-08 11:25:08 (1mo ago)
Slugideapush
Patternpuc_update_hijack
Kindbuiltin
Version8.77
Hit count1
First hit
File
ideapush.php
Line
1,220
Snippet
$plugin_update_checker_ideapush = Puc_v4_Factory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapevendor_updater
Urlhttps://northernbeacheswebsites.com.au/?update_action=get_metadata&update_slug=ideapush
Url hostnorthernbeacheswebsites.com.au
Slug argideapush
View raw JSON
{
    "slug": "ideapush",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "8.77",
    "hit_count": 1,
    "first_hit": {
        "file": "ideapush.php",
        "line": 1220,
        "snippet": "$plugin_update_checker_ideapush = Puc_v4_Factory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "vendor_updater",
    "url": "https://northernbeacheswebsites.com.au/?update_action=get_metadata&update_slug=ideapush",
    "url_host": "northernbeacheswebsites.com.au",
    "slug_arg": "ideapush"
}
Critical code_pattern Resolved · vendor_self_update_northern_beaches_websites 2026-05-08 09:56:53 (1mo ago)
Slugideapush
Patternpuc_update_hijack
Kindbuiltin
Version8.77
Hit count1
First hit
File
ideapush.php
Line
1,220
Snippet
$plugin_update_checker_ideapush = Puc_v4_Factory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapehijack
Urlhttps://northernbeacheswebsites.com.au/?update_action=get_metadata&update_slug=ideapush
Url hostnorthernbeacheswebsites.com.au
Slug argideapush
View raw JSON
{
    "slug": "ideapush",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "8.77",
    "hit_count": 1,
    "first_hit": {
        "file": "ideapush.php",
        "line": 1220,
        "snippet": "$plugin_update_checker_ideapush = Puc_v4_Factory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "hijack",
    "url": "https://northernbeacheswebsites.com.au/?update_action=get_metadata&update_slug=ideapush",
    "url_host": "northernbeacheswebsites.com.au",
    "slug_arg": "ideapush"
}

SVN committers (2)

Accounts with actual commit access to ideapush on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
Northern Beaches Websites 2015-06-25 2 2018-02-27 · r1829700 2026-05-05 · r3522892
plugin-master 2007-03-09 1 2018-02-27 · r1829696 2018-02-27 · r1829696

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
Northern Beaches Websites 2015-06-25 2 commits Active

Versions (77 most recent)

Version Released Download
8.77 2026-05-05 · 1mo ago zip
8.73 2024-12-01 · 1y ago zip
8.72 2024-11-27 · 1y ago zip
8.71 2024-09-23 · 1y ago zip
8.69 2024-08-22 · 1y ago zip
8.66 2024-06-18 · 1y ago zip
8.62 2024-05-27 · 2y ago zip
8.58 2023-12-05 · 2y ago zip
8.53 2023-11-02 · 2y ago zip
8.46 2023-06-15 · 2y ago zip
8.44 2023-05-01 · 3y ago zip
8.38 2022-09-29 · 3y ago zip
8.18 2021-11-15 · 4y ago zip
8.7 2021-05-18 · 5y ago zip
8.6 2021-05-04 · 5y ago zip
8.1 2020-11-09 · 5y ago zip
7.7 2020-01-02 · 6y ago zip
7.6 2019-12-22 · 6y ago zip
7.3 2019-11-12 · 6y ago zip
7.1 2019-11-04 · 6y ago zip
5.8 2019-06-18 · 6y ago zip
5.6 2019-05-14 · 7y ago zip
5.5 2019-05-10 · 7y ago zip
5.4 2019-04-24 · 7y ago zip
5.0 2019-04-11 · 7y ago zip
4.42 2019-03-11 · 7y ago zip
4.37 2019-02-15 · 7y ago zip
4.36 2019-02-04 · 7y ago zip
4.34 2019-01-06 · 7y ago zip
4.29 2018-12-10 · 7y ago zip
4.28 2018-12-06 · 7y ago zip
4.27 2018-12-03 · 7y ago zip
4.26 2018-10-22 · 7y ago zip
4.25 2018-10-14 · 7y ago zip
4.23 2018-10-11 · 7y ago zip
4.22 2018-10-07 · 7y ago zip
4.19 2018-09-28 · 7y ago zip
4.17 2018-09-24 · 7y ago zip
4.13 2018-09-18 · 7y ago zip
4.12 2018-09-17 · 7y ago zip
4.11 2018-09-16 · 7y ago zip
4.10 2018-09-14 · 7y ago zip
4.9 2018-09-13 · 7y ago zip
4.4 2018-09-03 · 7y ago zip
4.3 2018-08-30 · 7y ago zip
4.0 2018-08-20 · 7y ago zip
3.17 2018-08-10 · 7y ago zip
3.15 2018-08-05 · 7y ago zip
3.11 2018-07-31 · 7y ago zip
3.10 2018-07-26 · 7y ago zip
3.9 2018-07-24 · 7y ago zip
3.8 2018-07-19 · 7y ago zip
3.7 2018-07-16 · 7y ago zip
3.6 2018-07-16 · 7y ago zip
3.5 2018-06-30 · 7y ago zip
3.0 2018-06-17 · 7y ago zip
2.4 2018-06-14 · 7y ago zip
2.2 2018-06-01 · 8y ago zip
2.0 2018-05-08 · 8y ago zip
1.27 2018-05-03 · 8y ago zip
1.26 2018-05-03 · 8y ago zip
1.25 2018-05-02 · 8y ago zip
1.24 2018-04-27 · 8y ago zip
1.23 2018-04-14 · 8y ago zip
1.22 2018-04-12 · 8y ago zip
1.21 2018-04-12 · 8y ago zip
1.16 2018-03-16 · 8y ago zip
1.15 2018-03-11 · 8y ago zip
1.14 2018-03-10 · 8y ago zip
1.13 2018-03-09 · 8y ago zip
1.11 2018-03-07 · 8y ago zip
1.7 2018-03-05 · 8y ago zip
1.6 2018-03-05 · 8y ago zip
1.5 2018-03-04 · 8y ago zip
1.4 2018-03-02 · 8y ago zip
1.3 2018-03-02 · 8y ago zip
1.2 2018-02-27 · 8y ago zip