Reply To: file-uploader hack


Ernest Marcinko


It's definitely a false positive detection. It's not possible to send any files or malicious information via that code. It's a simple statement for renaming the search instances.

It's passed to a verification handler, which is preceeded by a $wpdb->prepare statement, as well as the handler file only works for a logged in user on the back-end.

Ernest Marcinko

If you like my products, don't forget to rate them on codecanyon :)