Hi,
SUCURI is warning me about a backdoor in this file:
wp-content/plugins/woorewards/include/pointsflow/action.php
Definition: php.backdoor.file_get_contents.005
Looking at the file there is a line which says:
$json = @json_decode(@file_get_contents($_FILES[$key][‘tmp_name’]), true);
Not sure if this is the culprit. Can I place the whole file code in here so you can see if the file is correct?