WP Beacon

Is there a problem

is-there-a-problem · by martindev92 · wordpress.org ↗ · SVN ↗
Active installs
70
Current version
1.1.6
Added
2022-09-05
Last updated
2022-09-05 (3y ago)
First seen by beacon
1mo ago
Total downloads

Alerts (0)

No open alerts.

Show 1 resolved alert
Medium code_pattern Resolved · github_self_distro_pucshape_correctly_classified 2026-05-08 16:16:53 (1mo ago)
Slugis-there-a-problem
Patternpuc_update_hijack
Kindbuiltin
Version1.1.6
Hit count1
First hit
File
is-there-a-problem.php
Line
413
Snippet
$myUpdateChecker = Puc_v4_Factory::buildUpdateChecker(
Explanationplugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shapegithub_self_distro
Urlhttps://github.com/martinfeuillet/Is-there-a-problem
Url hostgithub.com
Slug argis_there_a_problem
View raw JSON
{
    "slug": "is-there-a-problem",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.1.6",
    "hit_count": 1,
    "first_hit": {
        "file": "is-there-a-problem.php",
        "line": 413,
        "snippet": "$myUpdateChecker = Puc_v4_Factory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "github_self_distro",
    "url": "https://github.com/martinfeuillet/Is-there-a-problem",
    "url_host": "github.com",
    "slug_arg": "is_there_a_problem"
}

SVN committers (2)

Accounts with actual commit access to is-there-a-problem on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer Member since Commits First commit Latest commit
martindev92 Young account 2022-08-25 1 2022-09-05 · r2780013 2022-09-05 · r2780013
plugin-master 2007-03-09 1 2022-08-29 · r2777381 2022-08-29 · r2777381

Readme contributors (2)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor Member since SVN access Status
martindev92 2022-08-25 1 commits Active
ganonbraker 2021-12-13 Active