This thread is resolved. Here is a description of the problem and solution.
Problem:
The client reported a critical security alert from Wordfence concerning a file in the wpml-string-translation.3.5.0 update, identified as potentially malicious or unsafe. The file in question is located at wp-content/plugins/wpml-string-translation/lib/StringScanning/vendor/wp-cli/wp-cli/features/context.feature, and it is flagged as a backdoor with suspicious modifications.
Solution:
We have identified this issue as a false-positive warning by Wordfence. This will be addressed and resolved in the upcoming WPML release. For more details, please visit our errata page at https://wpml.org/errata/wordfence-reports-a-false-positive-security-warning-with-wpml-4-9-0/.
If this solution does not seem relevant to your case, or if it appears outdated, we highly recommend checking related known issues at https://wpml.org/known-issues/, verifying the version of the permanent fix, and confirming that you have installed the latest versions of themes and plugins. Should you need further assistance, please do not hesitate to open a new support ticket at WPML support forum.
This is the technical support forum for WPML - the multilingual WordPress plugin.
Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.
