According to several reports from the web specializing in computer security Sucuri , Uploadify , a script that allows unregistered users without credentials in WordPress, upload files to the server, is a potential security threat, it can be used to open backdoors, inserting Trojans or whatever.
It is true that it is very useful and easy actions like anonymous users to participate in a community created for WordPress by uploading pictures or the like, but this same facility is its danger .
Popular subjects such as WooThemes , or used as plugins so Uploader , WP Symposium or 1 Flash Gallery , use this script for this task, so it would likely open doors to unwanted code injections .
Find out if your subject or a WordPress plugin uses this script searches the entire directory " / wp-content / "folder and any subdirectories named" Uploadify "or file" uploadify.php "and if you're not sure use or you can dispense with it, turn it off immediately , and seek another solution for your visitors.
You can also do a check using a script that created Sucuri. Download this file (sucuri_wp_check.txt), rename it by changing the extension txt to php and upload it to the root directory of your WordPress install and run it like this:
The script tells you aware of potential vulnerabilities as Uploadify Timthumb.