I am having a problem with a security scan from Security Metrics that is saying the is_admin() function in wp_includes/query.php does not properly check for administrative credentials and will allow specific attacks to view all posts marked "future", "draft", "pending".
However, I am having multiple problems. The first of which is when I look in query.php I can't find the is_admin() function defined anywhere in the file. Is this function defined somewhere else now?
The second is any documentation I find on this issue is from like 2 years ago? Does anyone know what exactly the deal is. All I got from the tech support over there is I should delete the query.php file which clearly will not work.
Any help I can get would be great.