controller-admin.php has base 64 encrypted text

  • Resolved wv0l

    (@wv0l)


    5 days, 11 hours ago

    After a hack Namechesp ran a full scan to find issues. Tablepress was flagged with having a Universal decode regex match = [universal decoder] (base 64 encrypted text) in the file wp-content/plugins/tablepress/controllers/controller-admin.php. In the public function add_admin_menu_entry(): void { About 15 lines in, is the line in question.

    $icon_url = ‘data:image/svg+xml;base64, ……

    Valid? Why the encryption? If not valid how do I correct?

    Current Version 3.3.1 

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Tobias Bäthge

    (@tobiasbg)

    5 days, 11 hours ago

    Hi @wv0l!

    Thanks for your post and sorry for the trouble!

    I’ll be happy to explain 🙂 Your Namecheap scanner ran into a “false positive” here, I’m afraid, apparently by simply searching for the string “base64”. Base64 is nothing bad, and it’s not “encryption”! It’s simply a different “encoding” of data, see https://en.wikipedia.org/wiki/Base64

    In the line the scanner found it, it’s simply used to encode an SVG image file as text, so that the image can be used as a so-called “Data URI: https://en.wikipedia.org/wiki/Data_URI_scheme

    So, I can assure you that this is all totally correct and has no security implications whatsoever, and it is not in any way related to a “hack” or other security problem!

    Best wishes,
    Tobias

    Thread Starter wv0l

    (@wv0l)

    5 days, 10 hours ago

    Thanks for the fast response. Glad it is nothing to worry about!!

    Plugin Author Tobias Bäthge

    (@tobiasbg)

    5 days, 10 hours ago

    Hi @wv0l,

    no problem, you are very welcome! 🙂 Good to hear that this helped!

    Best wishes,
    Tobias

    P.S.: In case you haven’t, please rate TablePress in the plugin directory. Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.