Title: [Plugin: WP CleanFix] Remote Code Execution Warning Last modified: August 20, 2016 --- # [Plugin: WP CleanFix] Remote Code Execution Warning * [Enigma Ideas](https://wordpress.org/support/users/enigma-ideas/) * (@enigma-ideas) * [13 years, 11 months ago](https://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning/) * Love the plugin however when I conducted a scan with the 6scan plugin I received this warning: Malicious user could execute arbitrary code. The file in question being wpCleanFixAjax.php with the following guidelines: * 1)Find the line that begins with ‘$command = strip_tags( $_POST[‘command’] );’ 2)Append the next lines with the following: * if (!is_admin()) return; * Supposedly this only protects against anonymous execution, but non admins could still do this. I was wondering if this is an accurate warning. * [http://wordpress.org/extend/plugins/wp-cleanfix/](http://wordpress.org/extend/plugins/wp-cleanfix/) Viewing 1 replies (of 1 total) * [henrisalo](https://wordpress.org/support/users/henrisalo/) * (@henrisalo) * [12 years, 12 months ago](https://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning/#post-2806646) * This issue is resolved. Please see: [https://github.com/wpscanteam/wpscan/issues/186](https://github.com/wpscanteam/wpscan/issues/186) Viewing 1 replies (of 1 total) The topic ‘[Plugin: WP CleanFix] Remote Code Execution Warning’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wp-cleanfix_4e7c6a.svg) * [WP CleanFix](https://wordpress.org/plugins/wp-cleanfix/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-cleanfix/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-cleanfix/) * [Active Topics](https://wordpress.org/support/plugin/wp-cleanfix/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-cleanfix/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-cleanfix/reviews/) * 1 reply * 2 participants * Last reply from: [henrisalo](https://wordpress.org/support/users/henrisalo/) * Last activity: [12 years, 12 months ago](https://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning/#post-2806646) * Status: not resolved