Skip Navigation

This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

Elementor users - please update WPML to the latest version to maintain compatibility. More details here - https://wpml.org/changelog/2024/12/wpml-4-6-15-critical-update-for-elementor-sites/
Sun Mon Tue Wed Thu Fri Sat
- 8:00 – 13:00 9:00 – 13:00 9:00 – 13:00 8:00 – 12:00 8:00 – 12:00 -
- 14:00 – 17:00 14:00 – 18:00 14:00 – 18:00 13:00 – 17:00 13:00 – 17:00 -

Supporter timezone: Europe/Zagreb (GMT+01:00)

Tagged: 

This topic contains 6 replies, has 2 voices.

Last updated by Bruno Kos 23 hours, 12 minutes ago.

Assisted by: Bruno Kos.

Author Posts
November 14, 2024 at 1:36 am #16400366

christopheF-5

Background of the issue:
I am trying to deploy websites on Alibaba Cloud servers. Recently, Alibaba Cloud reported that many websites have WebShell. The issue is related to files in the wp-content/plugins/sitepress-multilingual-cms/vendor/otgs/installer/includes/utilities/FP/Logic.php and wp-content/plugins/otgs-installer-plugin/vendor/otgs/installer/includes/utilities/FP/Logic.php with MD5: 5889f0565aee3c571662e180e21c44bb.

Symptoms:
Alibaba Cloud reported Trojan files with malicious behavior tags such as uncertain value defense bypass, branch defense bypass, and arbitrary PHP code execution.

Questions:
Can you arrange a fix for this issue?

November 14, 2024 at 7:50 am #16400925

Bruno Kos
Supporter

Languages: English (English ) German (Deutsch ) French (Français )

Timezone: Europe/Zagreb (GMT+01:00)

Hi,

Thank you for contacting WPML support!

I am checking this with our 2nd tier. Apart from our the above screenshots, is there maybe additional info on the exact code parts that are reported as being malicious?

Regards,
Bruno Kos

November 14, 2024 at 9:23 am #16401395

christopheF-5

Sorry, unfortunately it's not highlight the part of the code.

November 14, 2024 at 1:25 pm #16402731

Bruno Kos
Supporter

Languages: English (English ) German (Deutsch ) French (Français )

Timezone: Europe/Zagreb (GMT+01:00)

I see. We are checking with with our development team and will keep you posted.

November 18, 2024 at 6:14 am #16412836

Bruno Kos
Supporter

Languages: English (English ) German (Deutsch ) French (Français )

Timezone: Europe/Zagreb (GMT+01:00)

This issue has been escalated to WPML developers.

I will keep this thread updated as soon as I get any new information from them!

December 24, 2024 at 2:09 am #16542252

christopheF-5

Hi Team,

Can you please update what's the status about this? It's been a month, and we keep receiving warning from the hosting provider, but didn't see any fix from your team.

December 24, 2024 at 7:23 am #16542765

Bruno Kos
Supporter

Languages: English (English ) German (Deutsch ) French (Français )

Timezone: Europe/Zagreb (GMT+01:00)

Our team of developers is actively working on this issue. However, it is quite complex and is planned to be addressed in WPML version 4.7.

Currently, 4.7 is in its Beta 1 phase and is not recommended for production sites. Unfortunately, the solution for this issue is not included in the beta version.

At this time, I’m unable to provide specific dates for when this will be fixed, as it depends on the release timeline for version 4.7, which has not been finalized yet.