Skip Navigation

This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

Our wait time is higher than usual, please make sure you are meeting the minimum requirement - https://wpml.org/home/minimum-requirements before you report issues, and if you can take a look at current Known Issues - https://wpml.org/known-issues/. Thank you.
Sun Mon Tue Wed Thu Fri Sat
- 8:00 – 13:00 9:00 – 13:00 9:00 – 13:00 8:00 – 12:00 8:00 – 12:00 -
- 14:00 – 17:00 14:00 – 18:00 14:00 – 18:00 13:00 – 17:00 13:00 – 17:00 -

Supporter timezone: Europe/Zagreb (GMT+02:00)

Tagged: 

This topic contains 11 replies, has 2 voices.

Last updated by christopheF-5 1 week, 2 days ago.

Assisted by: Bruno Kos.

Author Posts
November 14, 2024 at 1:36 am #16400366

christopheF-5

Background of the issue:
I am trying to deploy websites on Alibaba Cloud servers. Recently, Alibaba Cloud reported that many websites have WebShell. The issue is related to files in the wp-content/plugins/sitepress-multilingual-cms/vendor/otgs/installer/includes/utilities/FP/Logic.php and wp-content/plugins/otgs-installer-plugin/vendor/otgs/installer/includes/utilities/FP/Logic.php with MD5: 5889f0565aee3c571662e180e21c44bb.

Symptoms:
Alibaba Cloud reported Trojan files with malicious behavior tags such as uncertain value defense bypass, branch defense bypass, and arbitrary PHP code execution.

Questions:
Can you arrange a fix for this issue?

November 14, 2024 at 7:50 am #16400925

Bruno Kos
Supporter

Languages: English (English ) German (Deutsch ) French (Français )

Timezone: Europe/Zagreb (GMT+02:00)

Hi,

Thank you for contacting WPML support!

I am checking this with our 2nd tier. Apart from our the above screenshots, is there maybe additional info on the exact code parts that are reported as being malicious?

Regards,
Bruno Kos

November 14, 2024 at 9:23 am #16401395

christopheF-5

Sorry, unfortunately it's not highlight the part of the code.

November 14, 2024 at 1:25 pm #16402731

Bruno Kos
Supporter

Languages: English (English ) German (Deutsch ) French (Français )

Timezone: Europe/Zagreb (GMT+02:00)

I see. We are checking with with our development team and will keep you posted.

November 18, 2024 at 6:14 am #16412836

Bruno Kos
Supporter

Languages: English (English ) German (Deutsch ) French (Français )

Timezone: Europe/Zagreb (GMT+02:00)

This issue has been escalated to WPML developers.

I will keep this thread updated as soon as I get any new information from them!

December 24, 2024 at 2:09 am #16542252

christopheF-5

Hi Team,

Can you please update what's the status about this? It's been a month, and we keep receiving warning from the hosting provider, but didn't see any fix from your team.

December 24, 2024 at 7:23 am #16542765

Bruno Kos
Supporter

Languages: English (English ) German (Deutsch ) French (Français )

Timezone: Europe/Zagreb (GMT+02:00)

Our team of developers is actively working on this issue. However, it is quite complex and is planned to be addressed in WPML version 4.7.

Currently, 4.7 is in its Beta 1 phase and is not recommended for production sites. Unfortunately, the solution for this issue is not included in the beta version.

At this time, I’m unable to provide specific dates for when this will be fixed, as it depends on the release timeline for version 4.7, which has not been finalized yet.

January 23, 2025 at 3:28 pm #16628966

Giuseppe Toto
Supporter

Hi ChristopheF-5,

I am a developer from the WPML Team, and I am currently working on replicating the issue you reported. However, I need your assistance to proceed further.

Could you please provide detailed steps to reproduce the issue? I have already set up an EC2 Alibaba instance with an enterprise account, with WordPress and WPML installed and configured.

At this point, I need detailed guidance on how to correctly set up and run the web shell detection service. Please provide all the necessary steps to replicate this phase.

Looking forward to your response.

Best regards,
Giuseppe Toto
WPML Team

March 27, 2025 at 6:38 am #16866176

christopheF-5

Hi Guiseppe,

We did nothing about it actually, but just install the plugin. I think Aliyun just report that issue via scanning the plugins files. All the wordpress project with WPML plugin got that alert basically.

March 27, 2025 at 6:59 am #16866226

Bruno Kos
Supporter

Languages: English (English ) German (Deutsch ) French (Français )

Timezone: Europe/Zagreb (GMT+02:00)

Our developers are actively working on this and the solution may end up in WPML 4.7.3.

March 27, 2025 at 9:51 am #16867277

Bruno Kos
Supporter

Languages: English (English ) German (Deutsch ) French (Français )

Timezone: Europe/Zagreb (GMT+02:00)

We were able to replicate the issue and, based on our investigation, it appears this may be a "false positive" as outlined in Alibaba's documentation. Alibaba also provides guidance on how to manage such warnings, which can be found on hidden link

At this point, we're still determining the best way to suppress or prevent this warning on our end.

March 28, 2025 at 1:45 am #16870709

christopheF-5

Ok, thanks for that.