2 Comments


  1. Props on them for alerting people.

    What catches my attention is they said the file did not get deleted on upgrade. That’s not normal for WP (which deletes the theme or plugin folder entirely and replaces it on upgrade). I wonder why this is not happening for that theme.

    Reply

  2. I’m guessing they must have bypassed the built in WordPress update mechanism for that to occur. The WordPress update system obliterates everything in the folder during the upgrade as a (sensible) security measure to stop stuff like this from happening.

    Props for going public with it though. I see far too many people either trying to cover stuff like this up, or even worse, just ignoring it and declaring it’s not their problem :/

    Reply

Leave a Reply