My site at http://bridgewaterva.com was hacked via the timthumb.php exploit. I cleaned it up, changed passwords, reinstalled, changed passwords again, etc. My fresh new installation is running under the Weaver theme.
Here's my worry: With this fresh new site, the Antivirus for WordPress plugin's scan shows multiple vulnerabilities of this sort:
(Big red border, followed by this text:)
There is no virus View line 1061 require_once('wvr-includes/wvr-wphead.php');
and the emailed results of regular virus scans say the site is vulnerable. Is vulnerability inherent to the Weaver theme, or is it just a false alarm, or what? (Is there anything about Weaver that makes it especially "hackable"? Can infections be spread through its .wvr settings file -- unlikely as that seems, since it's just a bunch of text settings?)