@alexanderandrews1989 thanks for the heads up but it wouldn’t have been this plugin that was injected but rather a plugin with the same name. Is there any chance you could email me at [email protected] and send me a copy of the plugin that was injected so I can take a look?
https://wpscan.com/plugin/protect-uploads shows no vulnerabilities and I’ve looked over the code but I’ve found nothing that could be a hack that starts with this plugin
I’m sorry you are experiencing an issue. It looks like the “malware” being installed on your WordPress website is not related to this plugin. The WordPress Plugin Review Team is carefully reviewing all plugins and this plugin is not at risk for WordPress users. I invite you to read more about it on the support forum and hopefully, you’ll find a solution.