Reply To: file-uploader hack

#10771

Ernest Marcinko
Keymaster

Hi,

It's definitely a false positive detection. It's not possible to send any files or malicious information via that code. It's a simple statement for renaming the search instances.

It's passed to a verification handler, which is preceeded by a $wpdb->prepare statement, as well as the handler file only works for a logged in user on the back-end.

Best,
Ernest Marcinko

If you like my products, don't forget to rate them on codecanyon :)