I got now 2 websites with PHP malware,
plugins that are on both are: Ultimate member, ACF, WPML and WP Migrate DB,
however the latter 3 are on other sites that work fine.
Also same behaviour is that
/wp-content/uploads/ultimatemember/temp
this folder contains suspicious folders and PHP files in them, attacks are often more site-spread, so only suspect remains this plugin.
Can you please look into this issue?
Doesn’t your file upload have a security hole somewhere?
//USING LATEST ULTIMATE MEMBER, LATEST WP//
Also your check_file_upload() method checks extension, not a real file type! Which is an issue itself…