Please make sure to update to WPML 4.3.6 and check our list of Known Issues before reporting

This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

This topic contains 3 replies, has 2 voices.

Last updated by francoisB 5 years, 11 months ago.

Assigned support staff: Andreas Neuber.

Author Posts
February 5, 2014 at 2:30 am #333473

francoisB

Using wordfence, I found that I have apparently 3 files that have malicious code in them:

These were not there/ found in previous scans

1- Filename: wp-content/plugins/sitepress-multilingual-cms/lib/Snoopy.class.php
File type: Not a core, theme or plugin file.
Issue first detected: 14 hours 10 mins ago.
Severity: Critical

---This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'urldecode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code.

2- Filename: wp-content/plugins/sitepress-multilingual-cms/ajax.php
File type: Not a core, theme or plugin file.
Issue first detected: 14 hours 10 mins ago.
Severity: Critical

---This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'urldecode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code.

3- Filename: wp-content/plugins/sitepress-multilingual-cms/menu/troubleshooting.php
File type: Not a core, theme or plugin file.
Issue first detected: 14 hours 10 mins ago.
Severity: Critical

---This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'base64_decode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code.

February 5, 2014 at 2:32 am #333474

francoisB

Should these files be part of wplm or should they be deleted?

February 5, 2014 at 8:44 am #333566

Andreas Neuber
Supporter

Languages: English (English ) German (Deutsch )

Hello francoisB,

Thanks for mentioning.

These 3 files are absolutely necessary for the operation of WPML.
If you delete them = game over*.
No worries, they are not malicious code.

--
*'wp-content/plugins/sitepress-multilingual-cms/ajax.php'
handles for example the saving of settings under "WPML > Languages"

February 6, 2014 at 5:50 am #334333

francoisB

Thank you Andreas,

Saved me from destroying my site 🙂