Jilibet download app ios.Claim Your Free 999 Pesos Bonus Today

kevinwrdprssdvlpr
(@kevinwrdprssdvlpr)

2 years, 3 months ago

Wordfence is telling me that this plugin is installing code and giving us a critical error. i have about 10 errors like this!!!!

Critical error 1: Filename: /www/wp-content/plugins/miniorange-saml-20-single-sign-on/includes/lib/mo-options-enum.php
Details: This file contains an obfuscated include statement that is usually associated with a deeper infection. We suggest getting your site professionally cleaned by the experts at Wordfence.
The matched text in this file is: include “\102\141\x73

The issue type is: Backdoor:PHP/ObfuscatedInclude.6067
Description: PHP include() statement with an obfuscated filepath.`

Critical error 2: File appears to be malicious or unsafe: wp-content/plugins/miniorange-saml-20-single-sign-on/login.php

Critical error 3: file appears to be malicious or unsafe: wp-content/plugins/miniorange-saml-20-single-sign-on/mo_saml_settings_page.php
Type: File

Viewing 3 replies - 1 through 3 (of 3 total)

prashantrajkhurana
(@prashantrajkhurana)

2 years, 3 months ago
Hi @kevinwrdprssdvlpr,

The code flagged by WordFence is actually an obfuscated version of the plugin code. We use obfuscation to deter the reverse-engineering of the licensed plugins.

I can assure you that no malicious code is part of the plugin files.
To resolve this permanently, we went ahead and release a new version of the plugin with compatibility with the WordFence scanner.

You can update the plugin to the latest version of the Standard plan (v16.0.9 ) to resolve the errors generated by the Wordfence Scanner plugin.

Feel free to reach out to me if you have any other issues.

Thanks,
miniOrange.
- This reply was modified 2 years, 3 months ago by prashantrajkhurana.
Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

2 years, 3 months ago

Moderator question: Is this on the free version of your plugin? Obfuscated code is a violation of the repository guidelines: https://developer.www.ads-software.com/plugins/wordpress-org/detailed-plugin-guidelines/#4-code-must-be-mostly-human-readable

prashantrajkhurana
(@prashantrajkhurana)

2 years, 3 months ago

@sterndata He is talking about the paid version of the plugin (v16.0.8).
You can see the detailed conversation in this support forum [ https://www.ads-software.com/support/topic/persistent-malware/ ]. You might need to scroll down a bit to see the conversion between me and @kevinwrdprssdvlpr.

Let me know if this clears up that we are talking about the paid plugin.

Also,

The code flagged by WordFence is actually an obfuscated version of the plugin code. We use obfuscation to deter the reverse-engineering of the licensed plugins.

Let me know if want me to change the word in the above sentence to “Paid plugins” from “Licensed plugins”

Thanks,
miniOrange.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Virus that comes with the plugin’ is closed to new replies.