Title: security issue
Last modified: August 24, 2016

---

# security issue

 *  [challet](https://wordpress.org/support/users/challet/)
 * (@challet)
 * [11 years ago](https://wordpress.org/support/topic/security-issue-52/)
 * A few weeks ago we had stange files in the upload folder. They’re was unexpected
   php script files sending emails to whatever recipient received as a parameter.
   No need to go into details, we sanitized everything (well 2 years without an 
   update, shame on us).
    Clean install, periodic core and plugins update, unexpected
   php scripts come back here and there. I noticed that this plugin didn’t have 
   any update in the process (well that’s written as an alert on the plugin homepage).
   So, I’m thinking maybe that’s the one used as a script injecting vector, without
   having a clear proof of that. Though, It hink it might be good to warn someone
   in order to : do a security cheking, level up the alert level etc. I’d be glad
   to provide more information in the limits of my skills. Cheers.
 * [https://wordpress.org/plugins/zdmultilang/](https://wordpress.org/plugins/zdmultilang/)

The topic ‘security issue’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/zdmultilang.svg)
 * [ZdMultiLang](https://wordpress.org/plugins/zdmultilang/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/zdmultilang/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/zdmultilang/)
 * [Active Topics](https://wordpress.org/support/plugin/zdmultilang/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/zdmultilang/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/zdmultilang/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [challet](https://wordpress.org/support/users/challet/)
 * Last activity: [11 years ago](https://wordpress.org/support/topic/security-issue-52/)
 * Status: not resolved