Huge Security Risks!

This previously super simple plugin caused our images to become distorted and exposed a security flaw that we identified via Pantheon status checks. We deleted 2 WordPress users that got added to the system, both were added only as subscribers but it was obvious they were hack attempts. We found several php files in the media library that were uploaded last night. They existed only in our production environment. We deactivated “Profile Press” and added a new plugin that is a branch of the old simple version called “One User Avatar”. Enabling this plugin first, then disabling the “Profile Press” plugin maintains the existing settings.