I have checked original wordpress and this file isn’t there but this file comes back every time I deleted it. Do you think it’s a malicious script?
Path: /wp-admin/uploader/pclzip.lib.php
Code: http://www.phpconcept.net/pclzip/pclzip-downloads
3 Answers
It isn’t normal for extra files/folders to appear in WP core folder. The only location that is considered writable is under wp-content and easily writable is uploads, or whatever they are customized to.
If it appears malicious, behaves malicious, and security tool thinks its malicious — it’s a safe guess that it is. It also might not be malicious itself, but used as part of malicious payload for utility purposes (open source! :).