Hi,
thanks for your message!
There are 2 possible reasons for this message:
1) a false positive alert by Sucuri
2) your server was compromised and some scripts are injecting malicious code in your WP plugins, including ShortPixel’s files.
We tend to believe that 1) is the reason but if you want we could look into this further and make sure that our plugin’s code looks good.
Feel free to contact us here if you wish.
Thanks,
Alex
Thanks. I will ask Sucuri to double check and let you know.
For those interested, we eventually received this reply from Sucuri:
I’ve downloaded this file https://downloads.wordpress.org/plugin/shortpixel-image-optimiser.zip and scanned the plugin – no warnings. It looks like you’ve already fixed the issue caused by the name of on POST parameter, which together with several other signals triggered the php.backdoor.generic.045.05 warning.
