Title: Suspicious code reported by malware scanner Last modified: June 15, 2021 --- # Suspicious code reported by malware scanner * Resolved [boardboss](https://wordpress.org/support/users/boardboss/) * (@boardboss) * [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/) * Hi – A recent malware scan by a security plugin resulted in a report of a suspicious function in the file bootstrap.php. The line of code flagged is: extract($_POST); * I briefly researched this function and it appears that it is generally considered unsafe to use it with regards to unknown data. Since your implementation of this function might not fall into this category I wanted to inquire about why it was used, and more importantly, is it safe in its current implementation? Viewing 9 replies - 1 through 9 (of 9 total) * Anonymous User 17160716 * (@anonymized-17160716) * [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/#post-14557986) * **boardboss**, hi there. * Probably your website was hacked, cause there is no “bootstrap.php” file in the plugin directory / archive. * Thread Starter [boardboss](https://wordpress.org/support/users/boardboss/) * (@boardboss) * [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/#post-14558436) * My sincere apologies. I apparently missed actually copying the file location when I pasted it into the ticket. The file in question is /wp-content/plugins/ webtoffee-gdpr-cookie-consent/admin/modules/cli-themes/cli-themes.php and not bootstrap.php. That file was from a different plugin that I also reported for a different reason. * Anonymous User 17160716 * (@anonymized-17160716) * [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/#post-14558453) * **boardboss**, same thing, there is no directory cli-themes/ and file cli-themes. php in the original archive, you can check it [here](https://plugins.trac.wordpress.org/browser/cookie-law-info/#trunk/admin/modules). * Thread Starter [boardboss](https://wordpress.org/support/users/boardboss/) * (@boardboss) * [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/#post-14558484) * Hi again – I opened the file webtoffee-gdpr-cookie-consent.zip, which was downloaded from [https://www.webtoffee.com/my-account/my-api-downloads/](https://www.webtoffee.com/my-account/my-api-downloads/). That file clearly has a folder named cli-themes and a file named cli-themes.php as can be seen here: [https://prnt.sc/15i0qj2](https://prnt.sc/15i0qj2) * Thread Starter [boardboss](https://wordpress.org/support/users/boardboss/) * (@boardboss) * [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/#post-14558500) * I have already raised a ticket with WebToffee, since this appears to be an issue in the commercial and not the free version. * Anonymous User 17160716 * (@anonymized-17160716) * [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/#post-14558507) * **boardboss**, I guess you’re talking about some kind of PRO version of the plugin, not the free one from here: [https://downloads.wordpress.org/plugin/cookie-law-info.2.0.3.zip](https://downloads.wordpress.org/plugin/cookie-law-info.2.0.3.zip). Am I right? * Plugin Author [WebToffee](https://wordpress.org/support/users/webtoffee/) * (@webtoffee) * [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/#post-14561726) * Hi [@boardboss](https://wordpress.org/support/users/boardboss/), @m0ze, * Thanks for notifying us of the concerns. * The issue reported by [@boardboss](https://wordpress.org/support/users/boardboss/) is in the premium version of the plugin and we are taking a look at it. * @m0ze, We appreciate sharing further information via support ticket directly. * We will do the needful for both cases and update ASAP. * Anonymous User 17160716 * (@anonymized-17160716) * [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/#post-14561751) * **webtoffee**, awesome, thanks <3 * Plugin Author [WebToffee](https://wordpress.org/support/users/webtoffee/) * (@webtoffee) * [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/#post-14586605) * Hi [@boardboss](https://wordpress.org/support/users/boardboss/). * As per the communications we had via the ticket submit at the site, the reported concerns have been addressed in the premium version of the plugin. If you have any more concerns, feel free to reach out via the support ticket itself. Viewing 9 replies - 1 through 9 (of 9 total) The topic ‘Suspicious code reported by malware scanner’ is closed to new replies. * ![](https://ps.w.org/cookie-law-info/assets/icon.svg?rev=3007243) * [CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)](https://wordpress.org/plugins/cookie-law-info/) * [Frequently Asked Questions](https://wordpress.org/plugins/cookie-law-info/#faq) * [Support Threads](https://wordpress.org/support/plugin/cookie-law-info/) * [Active Topics](https://wordpress.org/support/plugin/cookie-law-info/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/cookie-law-info/unresolved/) * [Reviews](https://wordpress.org/support/plugin/cookie-law-info/reviews/) * 9 replies * 3 participants * Last reply from: [WebToffee](https://wordpress.org/support/users/webtoffee/) * Last activity: [4 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-reported-by-malware-scanner/#post-14586605) * Status: resolved