Title: [plugin: exploit scanner] base64_decode issue
Last modified: August 20, 2016

---

# [plugin: exploit scanner] base64_decode issue

 *  [remocompany](https://wordpress.org/support/users/remocompany/)
 * (@remocompany)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-exploit-scanner-base64_decode-issue/)
 * Hi all,
 * Exploit scanner had detected a few suspicious (?) files in one of my plugins:
 *     ```
       wp-content/plugins/bpbplugin/lib/xorcrypt/xorcrypt.php:36
       Used by malicious scripts to decode previously obscured data/programs	$enc_text = base64_decode($enc_text);
       wp-content/plugins/bpbplugin/importbuddy.php:736
       Used by malicious scripts to decode previously obscured data/programs	$this->_backupdata = unserialize( base64_decode( $backupdata ) );
       wp-content/plugins/bpbplugin/importbuddy.php:1308
       Often used to execute malicious code	.src,async:false,dataType:"script"})}else{o.globalEval(F.text||F.textContent||F.innerHTML||"")}if(F.pa
       wp-content/plugins/bpbplugin/importbuddy.php:1310
       Often used to execute malicious code	)}if(typeof I==="string"){if(H=="script"){o.globalEval(I)}if(H=="json"){I=l["eval"]("("+I+")")}}return
       wp-content/plugins/bpbplugin/importbuddy.php:1873
       Used by malicious scripts to decode previously obscured data/programs	echo gzuncompress(base64_decode(str_replace(' ', '', $image['code'])));
       wp-content/plugins/bpbplugin/importbuddy.php:4653
       Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_ADD].'(
       wp-content/plugins/bpbplugin/importbuddy.php:4807
       Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_POST_ADD].'
       wp-content/plugins/bpbplugin/importbuddy.php:5730
       Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT
       wp-content/plugins/bpbplugin/importbuddy.php:5977
       Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRAC
       wp-content/plugins/bpbplugin/importbuddy.php:6098
       Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT
       wp-content/plugins/bpbplugin/importbuddy.php:6166
       Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRAC
       wp-content/plugins/bpbplugin/importbuddy.php:6213
       Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT
       wp-content/plugins/bpbplugin/importbuddy.php:6284
       Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRAC
       wp-content/plugins/bpbplugin/importbuddy.php:7806
       Used by malicious scripts to decode previously obscured data/programs	$enc_text = base64_decode($enc_text);
       ```
   
 * Does it look like hackers code, or it should be safe?
    I’ve taken pretty much
   every security measure possible, but I get freaked out by the base64_decode line,
   and I’m not that technical to understand if it’s safe or not.
 * Thanks for your help!

The topic ‘[plugin: exploit scanner] base64_decode issue’ is closed to new replies.

 * 0 replies
 * 1 participant
 * Last reply from: [remocompany](https://wordpress.org/support/users/remocompany/)
 * Last activity: [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-exploit-scanner-base64_decode-issue/)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics