Title: [Plugin: Custom Contact Forms] Exploit Scanner Results Last modified: August 19, 2016 --- # [Plugin: Custom Contact Forms] Exploit Scanner Results * [Tom Belknap](https://wordpress.org/support/users/dragonflyeye/) * (@dragonflyeye) * [15 years, 1 month ago](https://wordpress.org/support/topic/plugin-custom-contact-forms-exploit-scanner-results/) * I’ve recently installed Donncha’s Exploit Scanner plugin and a number of files in this plugin come up as suspect. Granted, I realize they’re not being used for nefarious purposes. But the authors of this plugin might want to consider reworking it to avoid these problems, since even if its not malicious, they’re generally discounted practices: * wp-content/plugins/facebook-tab-manager/fbtab.php:325 Used by malicious scripts to decode previously obscured data/programs $sig = base64_decode(strtr($encoded_sig,‘-_’,‘ +/� * wp-content/plugins/facebook-tab-manager/fbtab.php:326 Used by malicious scripts to decode previously obscured data/programs $data = json_decode(base64_decode( strtr($payload, ‘-_’, ‘+/’) * wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:25 Often used to execute malicious code * When considering jsLint, we need to allow eval() as it it is used for reading cookies and * wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:4301 Often used to execute malicious code This is used for environments which do not allow eval() for code execuation such as AIR * wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:4360 Often used to execute malicious code eval( sDynamicSort ); * wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:4368 Often used to execute malicious code * Non-eval() sorting (AIR and other environments which doesn’t allow code in eval() * wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:5902 Often used to execute malicious code sData.replace(/’/g, ‘”‘) ) : eval( ‘(‘+sData+’)’ ); * wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:5998 Often used to execute malicious code $.parseJSON( sValue ) : eval( ‘(‘+sValue+’)’ ); * wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:6024 Often used to execute malicious code try { oData = eval( ‘(‘+decodeURIComponent(aSplitCookie[ * wp-content/plugins/custom-contact-forms/js/jquery.tools.min.js:36 Often used to execute malicious code async:false,dataType:”script”}):c.globalEval(b.text ||b.textContent||b.innerHTML||”” * wp-content/plugins/custom-contact-forms/js/jquery.tools.min.js:152 Often used to execute malicious code p;f.indexOf(“javascript”)>=0)c.globalEval(a);return a},param:function(a,b){function d(i,o * [http://wordpress.org/extend/plugins/custom-contact-forms/](http://wordpress.org/extend/plugins/custom-contact-forms/) The topic ‘[Plugin: Custom Contact Forms] Exploit Scanner Results’ is closed to new replies. * ![](https://ps.w.org/custom-contact-forms/assets/icon-256x256.png?rev=1067156) * [Custom Contact Forms](https://wordpress.org/plugins/custom-contact-forms/) * [Frequently Asked Questions](https://wordpress.org/plugins/custom-contact-forms/#faq) * [Support Threads](https://wordpress.org/support/plugin/custom-contact-forms/) * [Active Topics](https://wordpress.org/support/plugin/custom-contact-forms/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/custom-contact-forms/unresolved/) * [Reviews](https://wordpress.org/support/plugin/custom-contact-forms/reviews/) * 0 replies * 1 participant * Last reply from: [Tom Belknap](https://wordpress.org/support/users/dragonflyeye/) * Last activity: [15 years, 1 month ago](https://wordpress.org/support/topic/plugin-custom-contact-forms-exploit-scanner-results/) * Status: not resolved