Shortcodes Ultimate
malware in your code???? (6 posts)

  1. estulin
    Posted 3 years ago #

    I found this in your plug in


    Is this malware in your code????

  2. gecko_guy
    Posted 2 years ago #

    What alerted you to that? Do you know that it is suspicious and have experience with these things, or did you just get a warning from some security software you use?

    My understanding is that only when one finds an eval() function and base64() decoding function on the same line is it potentially dangerous...

    Would love to know the reason behind your suspicions?

    Would be even better if the developer responded...

  3. jedounet
    Posted 2 years ago #

    i agree with this suspicions, i don't know it the autor knows about this but my site just got hacked and it tells me now that the website is hosting suspicious software,

    what a funny coincidence, a plugin name shortcodes ultimate had the same problem in the past:


  4. Vladimir Anokhin
    Plugin Author

    Posted 2 years ago #

    This is just an base64-encoded image in timthumb.php library.

    You can try it yourself:

  5. esmi
    Forum Moderator
    Posted 2 years ago #

    @jedounet: Your site being hacked does not, of itself, implicate this plugin. The topic you refer to is over a year old and probably refers to an issue that affected all timthumb scripts. Please do not make accusations - inferred or otherwise - without concrete evidence.

  6. gecko_guy
    Posted 2 years ago #

    I must agree.

    WordPress sites all over the world are subject to constant attacks, and ultimately it is the responsibility of the user to ensure they follow best practice to harden their sites against mischief, and keep their plugins up to date.

    I've never yet had a problem with a hacked site which is related to a plugin where it is certified to work with the most recent version of WordPress.

    You can learn more how to protect yourself by doing some research.

    This is a good place to start:


    One of the most common methods a site is hacked is through brute force attacks that use the "admin" username for their administrator account, especially when combined with a weak password.

    Anyway, thanks for confirming what the base 64 string relates to, @gn. I had been hesitating to try the plugin until the question was answered.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Shortcodes Ultimate
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.