Title: Security vulnerability
Last modified: April 11, 2024

---

# Security vulnerability

 *  Resolved [billyqureshi](https://wordpress.org/support/users/billyqureshi/)
 * (@billyqureshi)
 * [2 years, 2 months ago](https://wordpress.org/support/topic/security-vulnerability-129/)
 * I have used the newest version of this plugin with the newest version of the 
   unlimited upload addon on several new installs and each time there is a malware
   injection. 
   is something fundamentally wrong with this plugin?
 *     ```wp-block-code
       Malware has been detected on your cPanel hosting account with the primary domain HIDDEN and the username HIDDEN.
       The following malware files were found:
   
       /home/nusgraor/adamcritchley/wp-content/plugins/all-in-one-wp-migration/lib/view/common/about.php
       /home/nusgraor/adamcritchley/wp-content/plugins/all-in-one-wp-migration/lib/view/common/about.php7
       /home/nusgraor/adamcritchley/wp-content/plugins/all-in-one-wp-migration/lib/view/common/wp-login.php
       /home/nusgraor/adamcritchley/wp-content/plugins/all-in-one-wp-migration/lib/view/common/alfa-rex.php7
       /home/nusgraor/adamcritchley/wp-content/plugins/all-in-one-wp-migration/lib/view/common/alfa-rex.php56
       /home/nusgraor/adamcritchley/wp-content/plugins/all-in-one-wp-migration/lib/view/common/alfa-rex.php8
       /home/nusgraor/adamcritchley/wp-content/plugins/all-in-one-wp-migration/lib/view/common/alfa-rex.php
       /home/nusgraor/adamcritchley/wp-content/plugins/all-in-one-wp-migration/lib/view/common/.htaccess
       /home/nusgraor/adamcritchley/wp-content/plugins/wp-file-manager/lib/themes/light/about.php
       /home/nusgraor/adamcritchley/wp-content/plugins/wp-file-manager/lib/themes/light/about.php7
       /home/nusgraor/adamcritchley/wp-content/plugins/wp-file-manager/lib/themes/light/wp-login.php
       /home/nusgraor/adamcritchley/wp-content/plugins/wp-file-manager/lib/themes/light/alfa-rex.php7
       /home/nusgraor/adamcritchley/wp-content/plugins/wp-file-manager/lib/themes/light/alfa-rex.php56
       /home/nusgraor/adamcritchley/wp-content/plugins/wp-file-manager/lib/themes/light/alfa-rex.php8
       /home/nusgraor/adamcritchley/wp-content/plugins/wp-file-manager/lib/themes/light/alfa-rex.php
       /home/nusgraor/adamcritchley/wp-content/plugins/wp-file-manager/lib/themes/light/.htaccess
       /home/nusgraor/adamcritchley/wp-content/plugins/elementor-pro/assets/js/packages/editor-notes/about.php
       /home/nusgraor/adamcritchley/wp-content/plugins/elementor-pro/assets/js/packages/editor-notes/about.php7
       /home/nusgraor/adamcritchley/wp-content/plugins/elementor-pro/assets/js/packages/editor-notes/wp-login.php
       /home/nusgraor/adamcritchley/wp-content/plugins/elementor-pro/assets/js/packages/editor-notes/alfa-rex.php7
   
       Please note that the above is just an excerpt, and in total 27 malware files were detected by the malware scanner.
       ```
   

Viewing 1 replies (of 1 total)

 *  Plugin Author [Yani](https://wordpress.org/support/users/yaniiliev/)
 * (@yaniiliev)
 * [2 years, 1 month ago](https://wordpress.org/support/topic/security-vulnerability-129/#post-17701106)
 * The files listed as malware do not originate from the All-in-One WP Migration
   plugin. It appears that your website may have been compromised. I recommend following
   the comprehensive steps outlined in the WordPress official guide for dealing 
   with hacked sites, which you can find here: [https://wordpress.org/support/article/faq-my-site-was-hacked/](https://wordpress.org/support/article/faq-my-site-was-hacked/)
 * This guide provides detailed instructions on how to clean your site and secure
   it against future attacks. It’s also a good idea to contact your hosting provider
   for additional support and possibly engage a professional security service to
   thoroughly investigate and resolve the issue.

Viewing 1 replies (of 1 total)

The topic ‘Security vulnerability’ is closed to new replies.

 * ![](https://ps.w.org/all-in-one-wp-migration/assets/icon-256x256.png?rev=2458334)
 * [All-in-One WP Migration and Backup](https://wordpress.org/plugins/all-in-one-wp-migration/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-migration/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-migration/)
 * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-migration/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-migration/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-migration/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Yani](https://wordpress.org/support/users/yaniiliev/)
 * Last activity: [2 years, 1 month ago](https://wordpress.org/support/topic/security-vulnerability-129/#post-17701106)
 * Status: resolved