VK Blocks

vk-blocks · by vektor-inc · wordpress.org ↗ · SVN ↗

Acquired by Vektor,Inc.. New committers from that team's naming convention are expected and will not fire takeover events. source ↗

Active installs: 100k+
Current version: 1.118.5
Added: 2018-11-26
Last updated: 2026-04-27 (5d ago)
First seen by beacon: 10d ago
Total downloads: 4,682,995

Alerts (0)

No open alerts.

Show 1 resolved alert

Low code_pattern Resolved · benign_same_author_domain 2026-04-27 02:37:29 (5d ago)

Slug	vk-blocks
Pattern	`puc_update_hijack`
Kind	`builtin`
Version	`1.118.2`
Hit count	1
First hit	File `vk-blocks.php` Line 202 Snippet $vk_blocks_update_checker = YahnisElsts\PluginUpdateChecker\v5\PucFactory::buildUpdateChecker(
Explanation	plugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shape	`premium_sibling`
Url	https://license.vektor-inc.co.jp/check/?action=get_metadata&slug=vk-blocks-pro
Url host	`license.vektor-inc.co.jp`
Slug arg	`vk-blocks-pro`

View raw JSON

{
    "slug": "vk-blocks",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "1.118.2",
    "hit_count": 1,
    "first_hit": {
        "file": "vk-blocks.php",
        "line": 202,
        "snippet": "$vk_blocks_update_checker = YahnisElsts\\PluginUpdateChecker\\v5\\PucFactory::buildUpdateChecker("
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "premium_sibling",
    "url": "https://license.vektor-inc.co.jp/check/?action=get_metadata&slug=vk-blocks-pro",
    "url_host": "license.vektor-inc.co.jp",
    "slug_arg": "vk-blocks-pro"
}

SVN committers (1)

Accounts with actual commit access to vk-blocks on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
Vektor,Inc.	2015-01-07	1	2019-02-07 · r2026433	2026-04-27 · r3516231

Readme contributors (14)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
Vektor,Inc.	2015-01-07	1 commits	Active
chiakikouno	2018-01-23	—	Active
Daiki Oshima	2022-08-17	—	Active
DRILL LANCER	2018-10-07	—	Active
Hidekazu Ishikawa	2011-02-28	—	Active
kaorock72	2019-04-19	—	Active
mimi	2017-01-16	—	Active
mt	2017-12-25	—	Active
mthaichi	2015-05-07	—	Active
Naoki Ohashi	2017-06-23	—	Active
nc30	2014-06-24	—	Active
sysbird	2010-07-16	—	Active
Tomoki Shimomura	2020-02-16	—	Active
una	2013-03-22	—	Active

Versions (100 most recent)

Version	Released	Download
1.118.5	2026-04-27 · 5d ago	zip
1.118.2	2026-03-30 · 1mo ago	zip
1.117.1.0	2026-03-19 · 1mo ago	zip
1.117.0.1	2026-03-16 · 1mo ago	zip
1.117.0.0	2026-03-16 · 1mo ago	zip
1.116.2.0	2026-02-16 · 2mo ago	zip
1.116.1.1	2026-02-13 · 2mo ago	zip
1.116.1.0	2026-02-13 · 2mo ago	zip
1.116.0.1	2026-02-03 · 2mo ago	zip
1.116.0.0	2026-02-03 · 2mo ago	zip
1.115.2.1	2025-12-25 · 4mo ago	zip
1.115.2.0	2025-12-25 · 4mo ago	zip
1.115.1.1	2025-12-18 · 4mo ago	zip
1.115.1.0	2025-12-18 · 4mo ago	zip
1.115.0.1	2025-11-26 · 5mo ago	zip
1.115.0.0	2025-11-26 · 5mo ago	zip
1.114.2.1	2025-11-10 · 5mo ago	zip
1.114.2.0	2025-11-10 · 5mo ago	zip
1.114.0.1	2025-10-29 · 6mo ago	zip
1.114.0.0	2025-10-29 · 6mo ago	zip
1.113.0.1	2025-10-14 · 6mo ago	zip
1.113.0.0	2025-10-14 · 6mo ago	zip
1.112.0.1	2025-09-26 · 7mo ago	zip
1.112.0.0	2025-09-26 · 7mo ago	zip
1.111.0.2	2025-09-18 · 7mo ago	zip
1.111.0.1	2025-09-18 · 7mo ago	zip
1.111.0.0	2025-09-18 · 7mo ago	zip
1.110.0.1	2025-09-11 · 7mo ago	zip
1.110.0.0	2025-09-11 · 7mo ago	zip
1.109.0.1	2025-08-26 · 8mo ago	zip
1.109.0.0	2025-08-26 · 8mo ago	zip
1.108.0.1	2025-07-22 · 9mo ago	zip
1.108.0.0	2025-07-22 · 9mo ago	zip
1.107.0.2	2025-07-15 · 9mo ago	zip
1.107.0.1	2025-07-15 · 9mo ago	zip
1.107.0.0	2025-07-15 · 9mo ago	zip
1.106.0.1	2025-07-02 · 10mo ago	zip
1.106.0.0	2025-07-02 · 10mo ago	zip
1.105.1.1	2025-06-23 · 10mo ago	zip
1.105.1.0	2025-06-23 · 10mo ago	zip
1.104.0.1	2025-05-24 · 11mo ago	zip
1.104.0.0	2025-05-24 · 11mo ago	zip
1.103.0.0	2025-05-02 · 1y ago	zip
1.102.0.1	2025-04-22 · 1y ago	zip
1.102.0.0	2025-04-21 · 1y ago	zip
1.100.0.1	2025-04-08 · 1y ago	zip
1.100.0.0	2025-04-08 · 1y ago	zip
1.99.0.1	2025-04-01 · 1y ago	zip
1.99.0.0	2025-04-01 · 1y ago	zip
1.97.0.2	2025-03-16 · 1y ago	zip
1.97.0.1	2025-03-16 · 1y ago	zip
1.96.2.1	2025-02-25 · 1y ago	zip
1.96.2.0	2025-02-25 · 1y ago	zip
1.95.0.4	2025-02-02 · 1y ago	zip
1.95.0.3	2025-02-02 · 1y ago	zip
1.94.2.2	2025-01-23 · 1y ago	zip
1.94.2.1	2025-01-23 · 1y ago	zip
1.94.1.0	2025-01-21 · 1y ago	zip
1.94.0.1	2025-01-17 · 1y ago	zip
1.94.0.0	2025-01-17 · 1y ago	zip
1.93.1.1	2024-12-23 · 1y ago	zip
1.93.1.0	2024-12-23 · 1y ago	zip
1.93.0.1	2024-12-18 · 1y ago	zip
1.93.0.0	2024-12-18 · 1y ago	zip
1.92.1.1	2024-12-02 · 1y ago	zip
1.92.1.0	2024-12-02 · 1y ago	zip
1.92.0.1	2024-11-27 · 1y ago	zip
1.92.0.0	2024-11-27 · 1y ago	zip
1.91.1.1	2024-11-15 · 1y ago	zip
1.91.0.0	2024-11-13 · 1y ago	zip
1.90.1.1	2024-11-11 · 1y ago	zip
1.90.0.1	2024-11-08 · 1y ago	zip
1.90.0.0	2024-11-08 · 1y ago	zip
1.89.0.0	2024-10-24 · 1y ago	zip
1.88.0.2	2024-10-21 · 1y ago	zip
1.88.0.1	2024-10-21 · 1y ago	zip
1.87.0.1	2024-10-08 · 1y ago	zip
1.87.0.0	2024-10-08 · 1y ago	zip
1.86.1.0	2024-10-04 · 1y ago	zip
1.86.0.1	2024-10-04 · 1y ago	zip
1.86.0.0	2024-10-04 · 1y ago	zip
1.85.1.1	2024-09-25 · 1y ago	zip
1.85.1.0	2024-09-25 · 1y ago	zip
1.85.0.3	2024-09-25 · 1y ago	zip
1.85.0.2	2024-09-25 · 1y ago	zip
1.84.0.1	2024-09-12 · 1y ago	zip
1.84.0.0	2024-09-12 · 1y ago	zip
1.83.0.1	2024-08-27 · 1y ago	zip
1.83.0.0	2024-08-27 · 1y ago	zip
1.82.0.1	2024-08-20 · 1y ago	zip
1.82.0.0	2024-08-20 · 1y ago	zip
1.81.0.2	2024-08-09 · 1y ago	zip
1.81.0.1	2024-08-09 · 1y ago	zip
1.80.1.2	2024-07-23 · 1y ago	zip
1.80.1.1	2024-07-23 · 1y ago	zip
1.80.1.0	2024-07-19 · 1y ago	zip
1.79.1.1	2024-07-17 · 1y ago	zip
1.79.1.0	2024-07-17 · 1y ago	zip
1.79.0.3	2024-07-17 · 1y ago	zip
1.79.0.2	2024-07-16 · 1y ago	zip