obfuscated_code_detected
Obfuscated code detected
The plugin contains code that appears intentionally hard to read or review.
Why It Shows Up
Plugin Check detected patterns commonly associated with obfuscation, such as encoded code, dynamic evaluation, or unreadable transformations.
Why It Matters
Obfuscation makes security review difficult and can hide unwanted behavior from site owners and reviewers.
How to Fix
- Replace obfuscated PHP or JavaScript with readable source.
- Avoid runtime decoding and dynamic execution for normal plugin logic.
- If minified assets are needed, include readable source or a clear build process.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1 | BulletProof Security | 0 | 5,048 | 4,949 | 20k+ | Output is not escaped | ||
| #2 | Intercom | 0 | 60 | 71 | 6k+ | Non-prefixed function | ||
| #3 | Plugin Check (PCP) | 0 | 128 | 132 | 10k+ | Exception output is not escaped | ||
| #4 | Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more | 15 | 32 | 163 | 500k+ | Direct Query |
