EU VAT Assistant for WooCommerce

woocommerce-eu-vat-assistant · by daigo75 · wordpress.org ↗ · SVN ↗

Active installs: 5k+
Current version: 2.1.30.260413
Added: 2014-12-27
Last updated: 2026-04-29 (3d ago)
First seen by beacon: 11d ago
Total downloads: 316,375

Alerts (0)

No open alerts.

Show 1 resolved alert

Medium code_pattern Resolved · fp:vendor_premium_update_channel 2026-04-30 20:41:12 (1d ago)

Slug	woocommerce-eu-vat-assistant
Pattern	`puc_update_hijack`
Kind	`builtin`
Version	`2.1.30.260413`
Hit count	1
First hit	File src/embedded-framework/wc-aelia-foundation-classes-embedded/src/lib/classes/base/plugin/aelia-plugin.php Line 142 Snippet $update_checker = \YahnisElsts\PluginUpdateChecker\v5\PucFactory::buildUpdateChecker( // NOSONAR
Explanation	plugin calls `::buildUpdateChecker()` — the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.
Shape	`unparseable`
Url	—
Url host	—
Slug arg	—

View raw JSON

{
    "slug": "woocommerce-eu-vat-assistant",
    "pattern": "puc_update_hijack",
    "kind": "builtin",
    "version": "2.1.30.260413",
    "hit_count": 1,
    "first_hit": {
        "file": "src/embedded-framework/wc-aelia-foundation-classes-embedded/src/lib/classes/base/plugin/aelia-plugin.php",
        "line": 142,
        "snippet": "$update_checker = \\YahnisElsts\\PluginUpdateChecker\\v5\\PucFactory::buildUpdateChecker( // NOSONAR"
    },
    "explanation": "plugin calls `::buildUpdateChecker()` \u2014 the factory entry point of the Yahnis Elsts Plugin Update Checker library. A plugin distributed through wordpress.org that registers its own update source is bypassing the Plugin Review Team: every install polls the non-wp.org URL on cron and installs whatever JSON + zip it returns, with full plugin-author permissions. This is the mechanism behind the `anadnet`/quick-pagepost-redirect-plugin compromise (2021) where the author seeded 70,000+ installs through tagged releases and then removed the library from trunk to hide the persistence. Any URL argument pointing away from `downloads.wordpress.org`/`api.wordpress.org` is the hijack signal.",
    "shape": "unparseable",
    "url": null,
    "url_host": null,
    "slug_arg": null
}

SVN committers (2)

Accounts with actual commit access to woocommerce-eu-vat-assistant on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
Diego	2011-01-01	2	2014-12-27 · r1054790	2026-04-29 · r3518723
plugin-master	2007-03-09	1	2014-12-17 · r1047150	2014-12-17 · r1047150

Readme contributors (1)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
Diego	2011-01-01	2 commits	Active

Versions (100 most recent)

Version	Released	Download
2.1.30.260413	2026-04-29 · 3d ago	—
2.1.26.251024	2025-12-04 · 4mo ago	zip
2.1.24.250806	2025-08-28 · 8mo ago	zip
2.1.23.250714	2025-07-24 · 9mo ago	zip
2.1.17.241007	2024-10-07 · 1y ago	zip
2.1.8.240109	2024-01-25 · 2y ago	zip
2.1.4.230905	2023-09-13 · 2y ago	zip
2.1.2.230718	2023-07-21 · 2y ago	zip
2.4.6.230518	2023-05-18 · 2y ago	zip
2.0.42.230503	2023-05-18 · 2y ago	zip
2.0.37.221203	2022-12-13 · 3y ago	zip
2.0.36.221110	2022-11-16 · 3y ago	zip
2.0.35.221012	2022-10-18 · 3y ago	zip
2.0.34.220830	2022-09-12 · 3y ago	zip
2.0.33.220804	2022-08-15 · 3y ago	zip
2.0.32.220704	2022-07-07 · 3y ago	zip
2.0.31.220607	2022-06-09 · 3y ago	zip
2.0.30.220502	2022-05-18 · 3y ago	zip
2.0.29.220330	2022-04-07 · 4y ago	zip
2.0.28.220224	2022-03-07 · 4y ago	zip
2.0.27.220124	2022-02-14 · 4y ago	zip
2.0.26.220104	2022-01-11 · 4y ago	zip
2.0.24.210211	2021-11-03 · 4y ago	zip
2.0.23.211019	2021-10-19 · 4y ago	zip
2.0.21.210910	2021-09-21 · 4y ago	zip
2.0.20.210817	2021-09-09 · 4y ago	zip
2.0.19.210629	2021-06-29 · 4y ago	zip
2.0.17.210504	2021-05-04 · 4y ago	zip
2.0.14.210317	2021-03-17 · 5y ago	zip
2.0.13.210316	2021-03-16 · 5y ago	zip
2.0.12.210301	2021-03-08 · 5y ago	zip
2.0.11.210128	2021-02-09 · 5y ago	zip
2.0.8.210112	2021-01-18 · 5y ago	zip
2.0.6.210108	2021-01-08 · 5y ago	zip
2.0.5.210102	2021-01-07 · 5y ago	zip
1.14.13.201103	2020-11-03 · 5y ago	zip
1.14.11.200904	2020-11-03 · 5y ago	zip
1.14.9.201005	2020-10-14 · 5y ago	zip
1.14.7.200904	2020-09-09 · 5y ago	zip
1.14.6.200813	2020-08-13 · 5y ago	zip
1.14.6.200717	2020-07-17 · 5y ago	zip
1.14.5.200709	2020-07-16 · 5y ago	zip
1.14.3.200630	2020-06-30 · 5y ago	zip
1.14.2.200629	2020-06-29 · 5y ago	zip
1.14.1.200626	2020-06-29 · 5y ago	zip
1.13.9.200603	2020-06-04 · 5y ago	zip
1.13.8.200512	2020-05-12 · 5y ago	zip
1.13.7.200428	2020-05-04 · 5y ago	zip
1.13.6.200415	2020-04-17 · 6y ago	zip
1.13.5.200406	2020-04-07 · 6y ago	zip
1.13.4.200401	2020-04-02 · 6y ago	zip
1.13.3.200325	2020-03-25 · 6y ago	zip
1.13.2.200319	2020-03-19 · 6y ago	zip
1.13.1.200319	2020-03-19 · 6y ago	zip
1.13.0.200317	2020-03-18 · 6y ago	zip
1.12.6.200212	2020-02-12 · 6y ago	zip
1.12.5.200211	2020-02-11 · 6y ago	zip
1.12.3.200101	2020-01-01 · 6y ago	zip
1.12.2.191231	2019-12-31 · 6y ago	zip
1.12.1.191217	2019-12-17 · 6y ago	zip
1.12.0.191127	2019-11-27 · 6y ago	zip
1.11.0.191108	2019-11-19 · 6y ago	zip
1.10.0.191023	2019-11-05 · 6y ago	zip
1.9.16.191004	2019-10-07 · 6y ago	zip
1.9.15.190819	2019-09-17 · 6y ago	zip
1.9.14.190618	2019-06-19 · 6y ago	zip
1.9.13.190520	2019-05-21 · 6y ago	zip
1.9.12.190516	2019-05-18 · 6y ago	zip
1.9.10.190508	2019-05-09 · 6y ago	zip
1.9.8.190327	2019-03-27 · 7y ago	zip
1.9.7.190221	2019-03-01 · 7y ago	zip
1.9.6.190208	2019-02-11 · 7y ago	zip
1.9.4.190109	2019-01-09 · 7y ago	zip
1.8.4.181009	2018-10-16 · 7y ago	zip
1.8.1.180802	2018-08-02 · 7y ago	zip
1.8.0.180604	2018-06-04 · 7y ago	zip
1.7.19.180531	2018-05-31 · 7y ago	zip
1.7.18.180114	2018-02-07 · 8y ago	zip
1.7.15.171106	2017-11-07 · 8y ago	zip
1.7.12.171019	2017-10-19 · 8y ago	zip
1.7.10.170711	2017-07-11 · 8y ago	zip
1.7.9.170710	2017-07-10 · 8y ago	zip
1.7.8.170421	2017-05-05 · 8y ago	zip
1.7.7.170415	2017-04-15 · 9y ago	zip
1.7.6.170415	2017-04-15 · 9y ago	zip
1.7.3.170324	2017-03-24 · 9y ago	zip
1.7.2.170306	2017-03-06 · 9y ago	zip
1.7.1.170214	2017-03-06 · 9y ago	zip
1.6.11.161207	2016-12-07 · 9y ago	zip
1.6.10.161104	2016-11-04 · 9y ago	zip
1.6.8.160727	2016-09-26 · 9y ago	zip
1.6.8.160610	2016-07-27 · 9y ago	zip
1.6.7.160525	2016-05-27 · 9y ago	zip
1.4.1.160413	2016-04-27 · 10y ago	zip
1.6.5.160408	2016-04-08 · 10y ago	zip
1.6.4.160322	2016-03-22 · 10y ago	zip
1.6.3.160322	2016-03-22 · 10y ago	zip
1.6.2.160315	2016-03-21 · 10y ago	zip
1.6.1.160208	2016-02-08 · 10y ago	zip
1.6.0.160118	2016-02-04 · 10y ago	zip