Persistent Malware

Hi Nathan,

Thanks for reaching out to us.

As I understand, you are using the licensed version of our plugin (v12.1).

The code flagged by WordFence is actually an obfuscated version of the plugin code. We use obfuscation to deter the reverse-engineering of the licensed plugins.

I can assure you that no malicious code is part of the plugin files. You can safely add an exception for these files in Wordfence.

Also, I would like to mention that the plugin is completely on-premise and we have a complete security scan of our plugins before release. However, if you are regularly facing malware warnings, please do share the complete report with us over email. Please feel free to start a support ticket via the plugin’s Contact Us/Support form.

Thanks,
Anukasha

That’s all very good, except that our host continually suspends our account because of detected malware. It does not seem you have thought through the consequences of using obfuscated code. Also, if we are not able to view the code ourselves, that is a massive security problem for any organization as you are publishing a plugin that deliberately frustrates security audits.

Hi Nathan,

Thanks for getting back to us.

We totally understand your concern.
It would be great if you could mail us with a detailed report of the scan that your host has run. We will get the report examined by our security team and would be glad to provide you with a solution which doesnot prompt for malware again and again in the obfuscated code.

Please feel free to start a support ticket via the plugin’s Contact Us/Support form so that we can work on this further.

Thanks,
Anukasha

Hi Nathan,

I just wanted to follow up here and mention that we have fixed this issue in the plugin.

Can you please reach out to us over email so that we can provide you with the fixed plugin?

Thanks,
Anukasha

I still have the issue

Wordfence is telling me that this plugin is installing code and giving us a critical error. i have about 10 errors like this!!!!

Critical error 1: Filename: /www/wp-content/plugins/miniorange-saml-20-single-sign-on/includes/lib/mo-options-enum.php
Details: This file contains an obfuscated include statement that is usually associated with a deeper infection. We suggest getting your site professionally cleaned by the experts at Wordfence.
The matched text in this file is: include “\102\141\x73

The issue type is: Backdoor:PHP/ObfuscatedInclude.6067
Description: PHP include() statement with an obfuscated filepath.

Critical error 2: File appears to be malicious or unsafe: wp-content/plugins/miniorange-saml-20-single-sign-on/login.php

Critical error 3: file appears to be malicious or unsafe: wp-content/plugins/miniorange-saml-20-single-sign-on/mo_saml_settings_page.php
Type: File`

@anukasha how do i get this update? We keep on getting flagged and cannot run ads on google due to your malware.

Hi @kevinwrdprssdvlpr,

Please allow me to elaborate.

We fixed this issue in our last release of the All-inclusive plugin(version 25.0.8 ). We will release the patch for this issue for all the paid versions of the plugin by end of this month if not sooner.

Can you please let me know the plugin version of the miniOrange SAML 2.0 SSO plugin active on your site? So that I can provide you with the patched version of the plugin immediately.

To resolve this issue quickly and to get the patched version of the plugin. Please raise a ticket using this link

Thanks,
miniOrange

Version 16.0.8

Hi @kevinwrdprssdvlpr,

Thanks for the update.

Did you also raise a ticket on miniOrange support? I will not be able to share the download link of the patched version of the premium plugin on the WordPress forum.

If you haven’t done so, please raise the ticket using this Link

OR

Navigate to the miniOrange SAML 2.0 SSO plugin and you will find the support form on the right side. Under the “Service Provider Setup” tab.

Looking forward to your email.

Thanks,
miniOrange

Hi @kevinwrdprssdvlpr,

Just touching base here.

I didn’t see any ticket on our side similar to your query.
Please let me know if you are facing any issues while raising the ticket.

Looking forward to your email.

Thanks,
miniOrange

Hi @kevinwrdprssdvlpr,

I never heard back from you. But we went ahead and release a new version of the plugin with compatibility with the WordFence scanner.

You can update the plugin to the latest version of the Standard plan (v16.0.9 ) to resolve the errors generated by the Wordfence Scanner plugin.

Feel free to reach out to me if you have any other issues.

Thanks,
miniOrange.

ill update today and post here if the anti-virus still pops up for this plugin

Hi, @kevinwrdprssdvlpr.

It would be really helpful if you could let us know if the new version resolved your issues.

Thanks,
miniOrange