Title: BASE64-encoded injection (wrong)
Last modified: July 11, 2019

---

# BASE64-encoded injection (wrong)

 *  Resolved [dimal](https://wordpress.org/support/users/dimalifragis/)
 * (@dimalifragis)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/base64-encoded-injection-wrong/)
 * Hello.
 * I have see some page not working on my WP site. F12 shows “POST ….. wp-admin/
   admin-ajax.php 403” at “jquery.js?ver=1.12.4:4” and a log:
 * 11/Jul/19 16:51:17 #7602151 CRITICAL – MY IP – POST /wp-admin/admin-ajax.php –
   BASE64-encoded injection – [POST:data = W2Vjcy1saXN0LWV2ZW50cyBjb250ZW50b3JkZXI9J3RpdGxlLCB0aHVtYm5haWwsIGV4Y2VycHQsIGRhdGUsIHZlbnVlJyBrZXk9J3N0YXJ0IGRhdGUnXTxicj48YSBocmVmPSJodHRwczovL3d3dy5kaXNjb3ZlcnZlbmljZS5ldS9ldmVudHMvIj48…]–
   mywebsite.here
 * This can’t be correct and also i check my Ninja FW settings and i see all “ajax”
   opeions and below UNSELECTED (8 options incl REST API).
 * So i’m not sure what it means and why i have that.
 * Any ideas ?
 * Thanks

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/base64-encoded-injection-wrong/#post-11723177)
 * It is a base64-encoded payload containing some code and, because you have the“
   Firewall Policies > Intermediate Policies > Decode Base64-encoded POST variable”
   policy enabled, it was blocked. It is not related to the “admin-ajax.php” policy
   which blocks bots, not payloads.
    -  This reply was modified 6 years, 11 months ago by [nintechnet](https://wordpress.org/support/users/nintechnet/).
 *  Thread Starter [dimal](https://wordpress.org/support/users/dimalifragis/)
 * (@dimalifragis)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/base64-encoded-injection-wrong/#post-11723254)
 * Turning that to off, seems to solve the problem.
 * In the meantime, i have found the problem, it is a plugin ajaxized widget.
 * [https://wordpress.org/plugins/no-cache-ajax-widgets/](https://wordpress.org/plugins/no-cache-ajax-widgets/)
 * And it is related to admin-ajax somehow, since disabling what you mention for
   base64, solves also the 403 admin-ajax error.
 * Thanks

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘BASE64-encoded injection (wrong)’ is closed to new replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [dimal](https://wordpress.org/support/users/dimalifragis/)
 * Last activity: [6 years, 11 months ago](https://wordpress.org/support/topic/base64-encoded-injection-wrong/#post-11723254)
 * Status: resolved