Can wordpress plugins contain malicious code?

Is it possible that plugins contain malicious code?

Anything can contain malicious code. Fortunately, the plugins hosted here at www.ads-software.com are carefully inspected for malicious code.

what would be the worst that could happen?

It’s best to not think about that. Suffice to say, it could be very bad.

Is there a way how you can check a plugin for malicious php script? Or is there a plugin that does this for you? (just like TAC) Thanks.

This plugin will scan every file (core, media, plugin, and theme) in your blog:

https://www.ads-software.com/extend/plugins/exploit-scanner/