I have many sites with the following issue. Any sites using hummingbird are creating .js files on the server in content/uploads/images/2017/3 . These accounts are on different servers and different themes. This never happened before. The gentleman that watches my sites for security asked me to reach out to you. (I've posted in another part of the site, but I think that's for users and I am assuming this is for the support team at wpmu. If it's not please forgive the duplicate posts.)
He sent me the following:
But these files just started appearing and I don't see why a professional
plugin would be putting .js files in the uploads directory in this way.
It's very non-standard.
While I agree the .js files don't appear to be malicious. They are blowing up my scanner every time it's run. I have not seen this with any other
site I'm managing "which is running WP Hummingbird."
Can you assist me in asking the authors of the plugin whether this is
normal behavior, saving .js files in the uploads directory?
If I can send anything else to help figure this out please let me know.