Are WordPress Programmers providing base64_decode functions that could allow a hacker to execute malicious code processed from within an unmonitored Blog comment?
My WordPress site was hacked last December and I cleaned it up yesterday.
Google Provided me with a nem.php script that scans my host directories looking for:
base64_decode, edoced_64esab, and nemonn
I found several obviously malicious scripts and removed or refreshed them from a new install.
However, I was surprised to discover base64_decode in the freshly installed update.
The functions appear capable of performing the wretched base64_decode masking of coder intentions.
Will it be OK if we DELETED these scripts?
/wordpress/wp-includes/SimplePie/Sanitize.php /base64_decode/ 244 (Line#)
./wordpress/wp-includes/class-feed.php /base64_decode/ 117
./wordpress/wp-includes/class-IXR.php /base64_decode/ 303
./wordpress/wp-content/plugins/jetpack/jetpack.php /base64_decode/ 3191
Let me know If you'd like to see the nem.php discovery script.