[markdaps]

Hi,

A malware server scan has reported an exploit for 'php.isset.post.post.fopen.post' in file 'admin_ajax.php' located in /cp folder.

[administrator]

Don't worry about that without login nobody can access the ajax there are session guards over there CSRF token protection so security is not issue on that if you want to if you know the ajax work you also know isset and POST and GET fopen close are on backend on every PHP application

[markdaps]

Ok, thanks.

[markdaps]

An update about this.

The malware scanner on the server was reporting a false positive.

A tech guy looked over the file and after confirming this to be safe, whitelisted the file.

You may have to do the same for your hosting company.