HEX
Server: LiteSpeed
System: Linux business177.web-hosting.com 4.18.0-553.80.1.lve.el8.x86_64 #1 SMP Wed Oct 22 19:29:36 UTC 2025 x86_64
User: ignijdop (1302)
PHP: 8.2.30
Disabled: NONE
$ pwd: /home/ignijdop/mail/new/
Upload Files
File: /home/ignijdop/mail/new/1772791231.M773294P652714.business177.web-hosting.com,S=26856,W=27102
Return-Path: <>
Delivered-To: ignijdop@business177.web-hosting.com
Received: from business177.web-hosting.com
	by business177.web-hosting.com with LMTP
	id CAe0Lb+lqmmq9QkANwMEkA
	(envelope-from <>)
	for <ignijdop@business177.web-hosting.com>; Fri, 06 Mar 2026 05:00:31 -0500
Return-path: <>
Envelope-to: ignijdop@business177.web-hosting.com
Delivery-date: Fri, 06 Mar 2026 05:00:31 -0500
Received: from mailnull by business177.web-hosting.com with local (Exim 4.99.1)
	id 1vyRyx-00000002tQo-354a
	for ignijdop@business177.web-hosting.com;
	Fri, 06 Mar 2026 05:00:31 -0500
X-Failed-Recipients: corn@ignitemv.com
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@business177.web-hosting.com>
To: ignijdop@business177.web-hosting.com
References: <E1vyRyx-00000002tQQ-0oVk@business177.web-hosting.com>
Content-Type: multipart/report; report-type=delivery-status; boundary=1772791231-eximdsn-492285118
MIME-Version: 1.0
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1vyRyx-00000002tQo-354a@business177.web-hosting.com>
Date: Fri, 06 Mar 2026 05:00:31 -0500

--1772791231-eximdsn-492285118
Content-type: text/plain; charset=us-ascii

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  corn@ignitemv.com
    Message discarded as high-probability spam

--1772791231-eximdsn-492285118
Content-type: message/delivery-status

Reporting-MTA: dns; business177.web-hosting.com

Action: failed
Final-Recipient: rfc822;corn@ignitemv.com
Status: 5.0.0

--1772791231-eximdsn-492285118
Content-type: message/rfc822

Return-path: <ignijdop@business177.web-hosting.com>
Received: from ignijdop by business177.web-hosting.com with local (Exim 4.99.1)
	(envelope-from <ignijdop@business177.web-hosting.com>)
	id 1vyRyx-00000002tQQ-0oVk
	for corn@ignitemv.com;
	Fri, 06 Mar 2026 05:00:31 -0500
To: corn@ignitemv.com
Subject: WP Security Cleanup Report - LIVE
Message-Id: <E1vyRyx-00000002tQQ-0oVk@business177.web-hosting.com>
From: ignijdop@business177.web-hosting.com
Date: Fri, 06 Mar 2026 05:00:31 -0500

WP Security Cleanup Report

Mode: LIVE RUN

WordPress Version: Unknown

Root Deleted Files (0):

Suspicious Root PHP Files (23):
 - wp-admin/includes/file.php
 - wp-admin/includes/class-pclzip.php
 - wp-includes/class-wp-simplepie-sanitize-kses.php
 - wp-includes/Requests/src/Requests.php
 - wp-includes/Requests/src/Transport/Fsockopen.php
 - wp-includes/SimplePie/src/File.php
 - wp-includes/SimplePie/src/Sanitize.php
 - wp-includes/SimplePie/src/Gzdecode.php
 - wp-includes/class-wp-customize-widgets.php
 - wp-includes/PHPMailer/PHPMailer.php
 - wp-includes/PHPMailer/SMTP.php
 - wp-includes/class-wp-http-encoding.php
 - wp-includes/ID3/module.audio.ogg.php
 - wp-includes/ID3/getid3.lib.php
 - wp-includes/ID3/getid3.php
 - wp-includes/class-wp-recovery-mode-cookie-service.php
 - wp-includes/blocks/legacy-widget.php
 - wp-includes/rest-api/endpoints/class-wp-rest-widget-types-controller.php
 - wp-includes/rest-api/endpoints/class-wp-rest-widgets-controller.php
 - wp-includes/class-json.php
 - wp-includes/Text/Diff/Engine/shell.php
 - wp-includes/load.php
 - wp-includes/IXR/class-IXR-message.php

PLUGIN SUSPICIOUS DETAILS:

Plugin: all-in-one-wp-migration-unlimited-extension
 - wp-content/plugins/all-in-one-wp-migration-unlimited-extension/lib/vendor/servmask/pro/model/schedule/class-ai1wmve-schedule-event.php [Line 136]: return base64_decode( $this->password );

Plugin: easy-wp-smtp
 - wp-content/plugins/easy-wp-smtp/inc/deprecated/class-easywpsmtp-admin.php [Line 359]: <input id="swpsmtp_allowed_domains" type="text" name="swpsmtp_allowed_domains" value="<?php echo esc_attr( EasyWPSMTP_Utils::base64_decode_maybe( $swpsmtp_options['allowed_domains'] ) ); ?>" <?php echo ( isset( $swpsmtp_options['enable_domain_check'] ) && ( $swpsmtp_options['enable_domain_check'] ) ) ? '' : ' disabled'; ?> />
 - wp-content/plugins/easy-wp-smtp/inc/deprecated/class-easywpsmtp-utils.php [Line 27]: public static function base64_decode_maybe( $str ) {
 - wp-content/plugins/easy-wp-smtp/inc/deprecated/class-easywpsmtp-utils.php [Line 29]: return base64_decode( $str ); //phpcs:ignore
 - wp-content/plugins/easy-wp-smtp/inc/deprecated/class-easywpsmtp-utils.php [Line 31]: if ( mb_detect_encoding( $str ) === mb_detect_encoding( base64_decode( base64_encode( base64_decode( $str ) ) ) ) ) { //phpcs:ignore
 - wp-content/plugins/easy-wp-smtp/inc/deprecated/class-easywpsmtp-utils.php [Line 32]: $str = base64_decode( $str ); //phpcs:ignore
 - wp-content/plugins/easy-wp-smtp/inc/deprecated/Cryptor.php [Line 120]: $raw = base64_decode( $in );
 - wp-content/plugins/easy-wp-smtp/inc/deprecated/class-easywpsmtp.php [Line 351]: fpassthru( $logfile );
 - wp-content/plugins/easy-wp-smtp/inc/deprecated/class-easywpsmtp.php [Line 520]: if ( EasyWPSMTP_Utils::base64_decode_maybe( $this->opts['allowed_domains'] ) === $this->opts['allowed_domains'] ) {
 - wp-content/plugins/easy-wp-smtp/src/Tasks/Meta.php [Line 522]: // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/easy-wp-smtp/src/Tasks/Meta.php [Line 523]: $decoded = base64_decode( $meta->data );
 - wp-content/plugins/easy-wp-smtp/src/Helpers/Crypto.php [Line 33]: return base64_decode( $secret_key ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/easy-wp-smtp/src/Helpers/Crypto.php [Line 116]: $decoded = base64_decode( $encrypted ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/easy-wp-smtp/src/Migrations/DeprecatedOptionsConverter.php [Line 99]: $converted['general']['domain_check_allowed_domains'] = EasyWPSMTP_Utils::base64_decode_maybe( $old_options['allowed_domains'] );
 - wp-content/plugins/easy-wp-smtp/src/Migrations/DeprecatedOptionsConverter.php [Line 150]: // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/easy-wp-smtp/src/Migrations/DeprecatedOptionsConverter.php [Line 151]: $decoded_pass = base64_decode( $temp_password );
 - wp-content/plugins/easy-wp-smtp/src/Migrations/DeprecatedOptionsConverter.php [Line 158]: // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/easy-wp-smtp/src/Migrations/DeprecatedOptionsConverter.php [Line 164]: // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/easy-wp-smtp/src/Migrations/DeprecatedOptionsConverter.php [Line 165]: $password = base64_decode( $temp_password );
 - wp-content/plugins/easy-wp-smtp/vendor_prefixed/symfony/polyfill-mbstring/Mbstring.php [Line 95]: $s = \base64_decode($s);

Plugin: pro-elements
 - wp-content/plugins/pro-elements/modules/payments/widgets/paypal-button.php [Line 61]: $num = doubleval( $this->get_settings_for_display( $key ) );
 - wp-content/plugins/pro-elements/modules/screenshots/screenshot.php [Line 92]: base64_decode( $file_content )

Plugin: elementor
 - wp-content/plugins/elementor/includes/utils.php [Line 966]: return base64_decode( $encoded_string, true ) ?? $fallback;
 - wp-content/plugins/elementor/includes/template-library/manager.php [Line 840]: $raw_binary = base64_decode( substr( $data['screenshot'], strlen( 'data:image/png;base64,' ) ) );
 - wp-content/plugins/elementor/core/files/uploads-manager.php [Line 534]: $file_content = base64_decode( $file['fileData'] ); // phpcs:ignore
 - wp-content/plugins/elementor/core/dynamic-tags/manager.php [Line 467]: $tag_name = base64_decode( $tag_key_parts[0] );
 - wp-content/plugins/elementor/core/dynamic-tags/manager.php [Line 469]: $tag_settings = json_decode( urldecode( base64_decode( $tag_key_parts[1] ) ), true );
 - wp-content/plugins/elementor/core/common/modules/connect/apps/library.php [Line 119]: $payload_json = base64_decode( strtr( $payload_encoded, '-_', '+/' ), true );
 - wp-content/plugins/elementor/vendor/elementor/wp-one-package/src/Connect/Classes/Utils.php [Line 181]: $payload = base64_decode( strtr( $parts[1], '-_', '+/' ) );
 - wp-content/plugins/elementor/vendor/elementor/wp-one-package/src/Connect/Classes/Data.php [Line 219]: $is_base64 = base64_encode( base64_decode( $raw, true ) ) === $raw;
 - wp-content/plugins/elementor/vendor/elementor/wp-one-package/src/Connect/Classes/Data.php [Line 220]: return $is_base64 ? base64_decode( $raw ) : $raw;
 - wp-content/plugins/elementor/vendor/elementor/wp-one-package/src/Admin/Helpers/Utils.php [Line 174]: $payload = base64_decode( strtr( $parts[1], '-_', '+/' ) );
 - wp-content/plugins/elementor/modules/cloud-kit-library/module.php [Line 80]: $raw_screen_shot = base64_decode( substr( $settings['screenShotBlob'], strlen( 'data:image/png;base64,' ) ) );
 - wp-content/plugins/elementor/modules/ai/connect/ai.php [Line 622]: $img_content = base64_decode( $img_content );
 - wp-content/plugins/elementor/modules/element-cache/module.php [Line 60]: $widget_data = json_decode( base64_decode( $atts['data'] ), true );
 - wp-content/plugins/elementor/vendor_prefixed/twig/twig/twig/src/Environment.php [Line 350]: eval('?>' . $content);
 - wp-content/plugins/elementor/vendor_prefixed/twig/twig/twig/src/Test/IntegrationTestCase.php [Line 133]: eval('$ret = ' . $condition . ';');
 - wp-content/plugins/elementor/vendor_prefixed/twig/twig/twig/src/Test/IntegrationTestCase.php [Line 140]: $config = \array_merge(['cache' => \false, 'strict_variables' => \true], $match[2] ? eval($match[2] . ';') : []);
 - wp-content/plugins/elementor/vendor_prefixed/twig/twig/twig/src/Test/IntegrationTestCase.php [Line 182]: $output = \trim($template->render(eval($match[1] . ';')), "\n ");
 - wp-content/plugins/elementor/vendor_prefixed/twig/symfony/polyfill-mbstring/Mbstring.php [Line 95]: $s = \base64_decode($s);

Plugin: the-plus-addons-for-elementor-page-builder
 - wp-content/plugins/the-plus-addons-for-elementor-page-builder/includes/plus_addon.php [Line 181]: $decoded = base64_decode( $string, true );

Plugin: litespeed-cache
 - wp-content/plugins/litespeed-cache/src/cloud-auth-callback.trait.php [Line 33]: $sk = base64_decode( $this->_summary['sk_b64'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/litespeed-cache/src/cloud-auth-callback.trait.php [Line 69]: $cloud_pk = base64_decode( $pk ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/litespeed-cache/src/cloud-auth-callback.trait.php [Line 75]: $sk = base64_decode( $this->_summary['sk_b64'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/litespeed-cache/src/cloud-auth-callback.trait.php [Line 141]: $signature = base64_decode( $signature_b64 ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/litespeed-cache/src/import.preset.cls.php [Line 215]: $parsed = \json_decode(base64_decode($contents), true);
 - wp-content/plugins/litespeed-cache/src/import.cls.php [Line 115]: $ori_data = \json_decode(base64_decode($data), true);
 - wp-content/plugins/litespeed-cache/src/localization.cls.php [Line 40]: $url = base64_decode( $uri ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 - wp-content/plugins/litespeed-cache/src/esi.cls.php [Line 597]: $unencrypted = base64_decode($req_params);

Plugin: all-in-one-wp-migration
 - wp-content/plugins/all-in-one-wp-migration/functions.php [Line 2375]: $encrypted_signature = base64_decode( $encrypted_signature );
 - wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database-utility.php [Line 396]: public static function base64_decode( $data ) {
 - wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database-utility.php [Line 397]: return base64_decode( $data );
 - wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database-utility.php [Line 407]: return base64_encode( base64_decode( $data ) ) === $data;
 - wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php [Line 1662]: $matches[1] = Ai1wm_Database_Utility::base64_decode( $matches[1] );
 - wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php [Line 1687]: $matches[2] = Ai1wm_Database_Utility::base64_decode( $matches[2] );
 - wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php [Line 1712]: $matches[1] = Ai1wm_Database_Utility::base64_decode( $matches[1] );

Plugin: google-site-kit
 - wp-content/plugins/google-site-kit/includes/Core/Storage/Data_Encryption.php [Line 90]: $decoded_value = base64_decode( $raw_value, true );
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Common/Functions/Strings.php [Line 277]: $str .= \pack(\PHP_INT_SIZE == 4 ? 'N' : 'J', $xor ^ eval('return 0b' . $part . ';'));
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Common/Functions/Strings.php [Line 398]: public static function base64_decode($data)
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Common/Functions/Strings.php [Line 410]: // return self::base64_decode(str_replace(['-', '_'], ['+', '/'], $data));
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/XML.php [Line 63]: $value = new \Google\Site_Kit_Dependencies\phpseclib3\Math\BigInteger(\Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode($temp->item(0)->nodeValue), 256);
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php [Line 33]: * _encryptBlock() calls are highly optimized through the use of eval(). Among other things,
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php [Line 38]: * assuming 16 rounds (which is what OpenSSH's bcrypt defaults to). The eval()-optimized
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php [Line 42]: * 514.12, which is ~4KB of data. Creating an eval()-optimized _encryptBlock() has an upfront
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php [Line 44]: * data. Conseqeuently, bcrypt does not benefit from the eval()-optimized _encryptBlock().
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php [Line 67]: $key = \Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode($key);
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php [Line 113]: $key = \base64_decode($parts[0]);
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php [Line 118]: $key = \base64_decode($parts[1]);
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PuTTY.php [Line 180]: $public = \Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode(\implode('', \array_map('trim', \array_slice($key, 4, $publicLength))));
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PuTTY.php [Line 224]: $private = \Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode(\implode('', \array_map('trim', \array_slice($key, $offset, $privateLength))));
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Common/SymmetricKey.php [Line 139]: * Base value for the eval() implementation $engine switch
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Common/SymmetricKey.php [Line 2925]: eval('$func = function ($_action, $_text) { ' . $init_crypt . 'if ($_action == "encrypt") { ' . $encrypt . ' } else { ' . $decrypt . ' }};');
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/Common/SymmetricKey.php [Line 2947]: * eval()'able string for in-line float to int
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php [Line 76]: $key = \Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode($key);
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/XML.php [Line 66]: $value = new \Google\Site_Kit_Dependencies\phpseclib3\Math\BigInteger(\Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode($temp->item(0)->nodeValue), 256);
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PuTTY.php [Line 85]: $public = \Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode($public[1]);
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/PuTTY.php [Line 110]: $public = \Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode($public[1]);
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/XML.php [Line 145]: return \Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode(\str_replace(["\r", "\n", ' ', "\t"], '', $value));
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/Engine.php [Line 1050]: return eval('return function(' . static::class . ' $x) use ($func, $class) {
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/Engine.php [Line 1057]: return eval('return function(' . static::class . ' $x) use ($n, $fqengine, $class) {
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php [Line 57]: eval('$func = function ($n) { ' . $code . '};');
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php [Line 92]: eval('$func = function ($n) { ' . $code . '};');
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/EvalBarrett.php [Line 65]: eval('$func = function ($x) { ' . $code . '};');
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/EvalBarrett.php [Line 131]: eval('$func = function ($n) { ' . $code . '};');
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/File/X509.php [Line 468]: $cert['tbsCertificate']['subjectPublicKeyInfo'] = new \Google\Site_Kit_Dependencies\phpseclib3\File\ASN1\Element(\base64_decode(\preg_replace('#-.+-|[\\r\\n]#', '', $cert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey'])));
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/File/X509.php [Line 2026]: $csr['certificationRequestInfo']['subjectPKInfo'] = new \Google\Site_Kit_Dependencies\phpseclib3\File\ASN1\Element(\base64_decode(\preg_replace('#-.+-|[\\r\\n]#', '', $csr['certificationRequestInfo']['subjectPKInfo']['subjectPublicKey'])));
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/File/X509.php [Line 2064]: $temp = \preg_match('#^[a-zA-Z\\d/+]*={0,2}$#', $temp) ? \Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode($temp) : \false;
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/File/X509.php [Line 2111]: $spkac['publicKeyAndChallenge']['spki'] = new \Google\Site_Kit_Dependencies\phpseclib3\File\ASN1\Element(\base64_decode(\preg_replace('#-.+-|[\\r\\n]#', '', $spkac['publicKeyAndChallenge']['spki']['subjectPublicKey'])));
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/File/X509.php [Line 3243]: $publicKey = \base64_decode(\preg_replace('#-.+-|[\\r\\n]#', '', $this->publicKey->toString($format)));
 - wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/File/ASN1.php [Line 1356]: $temp = \preg_match('#^[a-zA-Z\\d/+]*={0,2}$#', $temp) ? \Google\Site_Kit_Dependencies\phpseclib3\Common\Functions\Strings::base64_decode($temp) : \false;
 - wp-content/plugins/google-site-kit/third-party/firebase/php-jwt/src/JWT.php [Line 233]: $key = \base64_decode((string) \end($lines));
 - wp-content/plugins/google-site-kit/third-party/firebase/php-jwt/src/JWT.php [Line 285]: $key = \base64_decode((string) \end($lines));
 - wp-content/plugins/google-site-kit/third-party/firebase/php-jwt/src/JWT.php [Line 362]: return \base64_decode(self::convertBase64UrlToBase64($input));
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/FingersCrossedHandler.php [Line 27]: * You can then have a passthruLevel as well which means that at the end of the request,
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/FingersCrossedHandler.php [Line 62]: protected $passthruLevel;
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/FingersCrossedHandler.php [Line 73]: * @param int|string                             $passthruLevel      Minimum level to always flush to handler on close, even if strategy not triggered
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/FingersCrossedHandler.php [Line 75]: * @phpstan-param Level|LevelName|LogLevel::* $passthruLevel
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/FingersCrossedHandler.php [Line 78]: public function __construct($handler, $activationStrategy = null, int $bufferSize = 0, bool $bubble = \true, bool $stopBuffering = \true, $passthruLevel = null)
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/FingersCrossedHandler.php [Line 92]: if ($passthruLevel !== null) {
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/FingersCrossedHandler.php [Line 93]: $this->passthruLevel = \Google\Site_Kit_Dependencies\Monolog\Logger::toMonologLevel($passthruLevel);
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/FingersCrossedHandler.php [Line 170]: if (null !== $this->passthruLevel) {
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/FingersCrossedHandler.php [Line 171]: $level = $this->passthruLevel;
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/DeduplicationHandler.php [Line 79]: $passthru = null;
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/DeduplicationHandler.php [Line 82]: $passthru = $passthru || !$this->isDuplicate($record);
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/DeduplicationHandler.php [Line 83]: if ($passthru) {
 - wp-content/plugins/google-site-kit/third-party/monolog/monolog/src/Monolog/Handler/DeduplicationHandler.php [Line 89]: if ($passthru === \true || $passthru === null) {
 - wp-content/plugins/google-site-kit/third-party/google/apiclient/src/Client.php [Line 479]: $payload = \json_decode(\base64_decode($parts[1]), \true);

Plugin: advanced-custom-fields
 - wp-content/plugins/advanced-custom-fields/includes/api/api-helpers.php [Line 3772]: return base64_decode( $data );
 - wp-content/plugins/advanced-custom-fields/includes/api/api-helpers.php [Line 3779]: list($encrypted_data, $iv) = explode( '::', base64_decode( $data ), 2 );

Plugin: unlimited-elements-for-elementor
 - wp-content/plugins/unlimited-elements-for-elementor/inc_php/framework/image_proccess.class.php [Line 545]: $strPng = base64_decode($strPngData);
 - wp-content/plugins/unlimited-elements-for-elementor/inc_php/framework/image_proccess.class.php [Line 557]: $strJpg = base64_decode($strJpgData);
 - wp-content/plugins/unlimited-elements-for-elementor/inc_php/framework/zip.class.php [Line 519]: return gzinflate(substr($this->_data, $this->_metadata[$key]['_dataStart'], $this->_metadata[$key]['csize']));
 - wp-content/plugins/unlimited-elements-for-elementor/inc_php/framework/functions.class.php [Line 1431]: $decoded = @base64_decode($content, true);
 - wp-content/plugins/unlimited-elements-for-elementor/inc_php/framework/functions.class.php [Line 2062]: $content = rawurldecode(base64_decode($content));
 - wp-content/plugins/unlimited-elements-for-elementor/inc_php/framework/functions.class.php [Line 2092]: $content = rawurldecode(base64_decode($content));
 - wp-content/plugins/unlimited-elements-for-elementor/inc_php/framework/functions.class.php [Line 2780]: '/eval\s*\(/i',      // eval() calls
 - wp-content/plugins/unlimited-elements-for-elementor/inc_php/unitecreator_template_engine.class.php [Line 59]: $forbiddenFunctions = array("exec", "eval", "system", "shell_exec", "show_source", "passthru", "pcntl_exec", "proc_open");
 - wp-content/plugins/unlimited-elements-for-elementor/inc_php/unitecreator_template_engine.class.php [Line 59]: $forbiddenFunctions = array("exec", "eval", "system", "shell_exec", "show_source", "passthru", "pcntl_exec", "proc_open");
 - wp-content/plugins/unlimited-elements-for-elementor/vendor/twig/twig/src/Environment.php [Line 391]: eval('?>'.$content);
 - wp-content/plugins/unlimited-elements-for-elementor/vendor/twig/twig/src/Test/IntegrationTestCase.php [Line 153]: eval('$ret = '.$condition.';');
 - wp-content/plugins/unlimited-elements-for-elementor/vendor/twig/twig/src/Test/IntegrationTestCase.php [Line 165]: ], $match[2] ? eval($match[2].';') : []);
 - wp-content/plugins/unlimited-elements-for-elementor/vendor/twig/twig/src/Test/IntegrationTestCase.php [Line 219]: $output = trim($template->render(eval($match[1].';')), "\n ");
 - wp-content/plugins/unlimited-elements-for-elementor/vendor/symfony/polyfill-mbstring/Mbstring.php [Line 106]: $s = base64_decode($s);
 - wp-content/plugins/unlimited-elements-for-elementor/provider/core/unlimited_elements/elementor/elementor_integrate.class.php [Line 243]: eval($code);
 - wp-content/plugins/unlimited-elements-for-elementor/provider/core/unlimited_elements/elementor/elementor_integrate.class.php [Line 277]: eval($code);
 - wp-content/plugins/unlimited-elements-for-elementor/provider/core/unlimited_elements/helper_provider_core.class.php [Line 198]: eval($code);
 - wp-content/plugins/unlimited-elements-for-elementor/provider/wpml_integrate.class.php [Line 300]: eval($code);

WP-CONFIG.PHP SUSPICIOUS LINES:


--1772791231-eximdsn-492285118--
@ Telegram