Title: Huge Security Risks!
Last modified: July 5, 2021

---

# Huge Security Risks!

 *  [Brianne](https://wordpress.org/support/users/briannehinchliffe/)
 * (@briannehinchliffe)
 * [4 years, 11 months ago](https://wordpress.org/support/topic/huge-security-risks/)
 * This previously super simple plugin caused our images to become distorted and
   exposed a security flaw that we identified via Pantheon status checks. We deleted
   2 WordPress users that got added to the system, both were added only as subscribers
   but it was obvious they were hack attempts. We found several php files in the
   media library that were uploaded last night. They existed only in our production
   environment. We deactivated “Profile Press” and added a new plugin that is a 
   branch of the old simple version called “One User Avatar”. Enabling this plugin
   first, then disabling the “Profile Press” plugin maintains the existing settings.

The topic ‘Huge Security Risks!’ is closed to new replies.

 * ![](https://ps.w.org/wp-user-avatar/assets/icon-256x256.png?rev=2532486)
 * [Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress](https://wordpress.org/plugins/wp-user-avatar/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-user-avatar/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-user-avatar/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-user-avatar/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-user-avatar/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-user-avatar/reviews/)

 * 0 replies
 * 2 participants
 * Last reply from: [Brianne](https://wordpress.org/support/users/briannehinchliffe/)
 * Last activity: [4 years, 11 months ago](https://wordpress.org/support/topic/huge-security-risks/)