Title: Possible hack with 'eval' found with [PLUGIN Exploit Scanner] Last modified: August 19, 2016 --- # Possible hack with 'eval' found with [PLUGIN Exploit Scanner] * [jbquality](https://wordpress.org/support/users/jbquality/) * (@jbquality) * [15 years, 4 months ago](https://wordpress.org/support/topic/possible-hack-with-eval-found-with-plugin-exploit-scanner/) * I know there have been hacks with ‘eval’ and ‘eval(base64_decode(‘ but are there still active hacks with just ‘eval’ in PHP code? For example, I used PLUGIN Exploit Scanner and found the following results… * **wp-content/plugins/contact-form-7/scripts.js:49** $.each(data.onSentOk, function( i, n) { eval(n) }); * **wp-content/plugins/contact-form-7/scripts.js:55** $.each(data.onSubmit, function( i, n) { eval(n) }); * **wp-content/plugins/events-calendar/js/jquery.clockpick.min.js:27** ;h2′}function divprev(a){if(a.prev().size()){eval(divtype+’div_out($obj)’);eval(divtype+’div_over( $obj.prev(), e)’)}else{return false}}function divnext(a){if(a.next().size()){ eval(divtype+’div_out($obj)’);eval(divtype+’div_over($obj.next(), e)’)}else{return false}}function hourtohour(a){var b=h>=12?’#hourcol1′:’#hourcol2′;$newobj=jQuery(“. CP_hour[@id$=_”+hi+”]”,b);if($newobj.size()){hourdiv_out(a);hourdiv_over($newobj, e)}else{return false}}function hourtominute(a){hourdiv_out(a);minutediv_over( $(“.CP_minute:first”))}function minutetohour(a){minutediv_out(a);var b=h>=12?’# hourcol2′:’#hourcol1′;var c=jQuery(“.CP_hour[@id^=hr_”+h+”]”,b);hourdiv_over( c,e)}switch(e.keyCode){case 37:if(v){switch(f){case’m1′:return false;break;case’m2′: minutetohour(d);break;case’h1′:hourtominute(d);break;case’h2′:hourtohour(d);break}} else{divprev(d)}break;case 38:if(v){divprev(d)}else{switch(f){case’m1′:return false;break;case’m2′:minutetohour(d);break;case’h1′:hourtominute(d);break;case’h2′: hourtohour(d);break}}break;case 39:if(v){switch(f){case’m1′:minutetohour(d);break; case’m2′:return false;break;case’h1′:hourtohour(d);break;case’h2′:hourtominute( d);break}}else{divnext(d)}break;case 40:if(v){divnext(d)}else{switch(f){case’m1′: minutetohour(d);break;case’m2′:return false;break;case’h1′:hourtohour(d);break; case’h2′:hourtominute(d);break}}break;case 13:eval(divtype+’div_click($obj)’); break}retu * **wp-content/plugins/events-calendar/js/ui.datepicker.js:163** inlineSettings[ attrName] = eval(attrValue); * **wp-content/plugins/nextgen-gallery/admin/js/jquery.MultiFile.pack.js:11** eval(function(p,a,c,k,e,r){e=function(c){return(c< * **wp-content/plugins/nextgen-gallery/admin/js/jquery.ui.tabs.pack.js:10** eval( function(p,a,c,k,e,r){e=function(c){return(c< * **wp-content/plugins/nextgen-gallery/admin/js/swfupload.js:450** returnValue = eval(returnString); * **wp-content/plugins/thank-me-later/tml_includes/mail_send.php:109** $ret = [@eval](https://wordpress.org/support/users/eval/)($php); * Should I be worried about any of these? Is eval in ANY PHP a threat? Contact Form 7 is a popular plugin but I found eval in PHP code above even from the unpacked zip file BEFORE installing on WP. * Thanks in advance. Viewing 1 replies (of 1 total) * Thread Starter [jbquality](https://wordpress.org/support/users/jbquality/) * (@jbquality) * [15 years, 2 months ago](https://wordpress.org/support/topic/possible-hack-with-eval-found-with-plugin-exploit-scanner/#post-1814403) * Any luck on this? Viewing 1 replies (of 1 total) The topic ‘Possible hack with 'eval' found with [PLUGIN Exploit Scanner]’ is closed to new replies. ## Tags * [attack](https://wordpress.org/support/topic-tag/attack/) * [base64_decode](https://wordpress.org/support/topic-tag/base64_decode/) * [code](https://wordpress.org/support/topic-tag/code/) * [eval](https://wordpress.org/support/topic-tag/eval/) * [exploit](https://wordpress.org/support/topic-tag/exploit/) * [php](https://wordpress.org/support/topic-tag/php/) * [scanner](https://wordpress.org/support/topic-tag/scanner/) * [threat](https://wordpress.org/support/topic-tag/threat/) * 1 reply * 1 participant * Last reply from: [jbquality](https://wordpress.org/support/users/jbquality/) * Last activity: [15 years, 2 months ago](https://wordpress.org/support/topic/possible-hack-with-eval-found-with-plugin-exploit-scanner/#post-1814403) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics