bingobobby

@gourl
You know that
if (is_admin() && is_user_logged_in() && current_user_can(‘administrator’))
becomes valid if
!current_user_can(‘administrator’) ?

Meaning the whole thing returns true if the user can “not” administrator?

Changing it to only if (is_admin() && is_user_logged_in()) seems more secure.

Same happened here. Can you check your /wp-content/upload/gourl/images folder for a php file, or an image with php contents.

Also which version are you using.
Have you ever used version 1.4.14, or prior?