Okay
  Public Ticket #3675623
Polyfill Malware Warning
Closed

Comments

  •  3
    Keith started the conversation

    This is a ver serious issue and needs your immediate attention - your plugin is very dangerous as it contains malware.

    This email was sent from your website xxx by the Wordfence plugin.

    Wordfence found the following new issues on 

    Alert generated at Friday 28th of June 2024 at 04:46:28 AM

    See the details of these scan results on your site at:wp-admin/admin.php?page=WordfenceScan

    Critical Problems:

    * File contains suspected malware URL: wp-content/plugins/ameliabooking/src/Infrastructure/WP/ShortcodeService/AmeliaShortcodeService.php

    ?k=be06e7827292982ae73de2bda302328e7a46c1d1f0832d920ed8de832a1d4745730d7d5f2c8ec98b9b83a580aa6404de5e76dfe2347b53d50c9ea8db38e82524124609691494ca4f775c2740715fcafd&s=eyJ3cCI6IjYuNS41Iiwid2YiOiI3LjExLjYiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvd2hpdGVjYW5hcnljb3Vuc2VsbGluZy5pZSIsInNzbHYiOjI2OTQ4ODUxMSwicHYiOiI3LjQuMzMiLCJwdCI6ImxpdGVzcGVlZCIsImN2IjoiNy44Ny4wIiwiY3MiOiJPcGVuU1NMXC8xLjEuMXciLCJzdiI6IkxpdGVTcGVlZCIsImR2IjoiOC4wLjM3LWNsbC1sdmUiLCJsYW5nIjoiZW5fR0IifQ&action=image&txt=aHR0cDovL3BvbHlmaWxsLmlvL3YyL3BvbHlmaWxsLmpz

    * File contains suspected malware URL: plugins/ameliabooking/src/Infrastructure/WP/WPMenu/SubmenuPageHandler.php

    ?k=be06e7827292982ae73de2bda302328e7a46c1d1f0832d920ed8de832a1d4745730d7d5f2c8ec98b9b83a580aa6404de5e76dfe2347b53d50c9ea8db38e82524124609691494ca4f775c2740715fcafd&s=eyJ3cCI6IjYuNS41Iiwid2YiOiI3LjExLjYiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvd2hpdGVjYW5hcnljb3Vuc2VsbGluZy5pZSIsInNzbHYiOjI2OTQ4ODUxMSwicHYiOiI3LjQuMzMiLCJwdCI6ImxpdGVzcGVlZCIsImN2IjoiNy44Ny4wIiwiY3MiOiJPcGVuU1NMXC8xLjEuMXciLCJzdiI6IkxpdGVTcGVlZCIsImR2IjoiOC4wLjM3LWNsbC1sdmUiLCJsYW5nIjoiZW5fR0IifQ&action=image&txt=aHR0cDovL3BvbHlmaWxsLmlvL3YyL3BvbHlmaWxsLmpz

  •  4
    Lyle de Groot replied

    I have seen this too from Wordfence on multiple websites I won, I think it is a red herring but lets see what support says. That url has been present for a long time so I'd be surprised if it's a critical issue.

    Alert generated at Thursday 27th of June 2024 at 09:30:06 PM

    See the details of these scan results on your site at: https://xxx.com/wp-admin/admin.php?page=WordfenceScan

    Critical Problems:

    * File contains suspected malware URL: /home/sites/15a/7/74fd865db1/public_html/wp-content/plugins/ameliabooking/src/Infrastructure/WP/WPMenu/SubmenuPageHandler.php

    ?k=23fb3c3d54206bd48aebf7f73c1466961ca6da8e7d6592c1890afea2091c4d2d059f3d7eecb4b1fc48e87c947fc43ee201f614ca230865b5a3d50efef95c699b&s=eyJ3cCI6IjYuNS40Iiwid2YiOiI3LjExLjYiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvam1kcml2aW5nLmNvbSIsInNzbHYiOjI2OTQ4ODQ2MywicHYiOiI4LjAuMzAiLCJwdCI6ImZwbS1mY2dpIiwiY3YiOiI4LjEuMiIsImNzIjoiT3BlblNTTFwvMy4wLjgiLCJzdiI6IkFwYWNoZSIsImR2IjoiMTAuNC4yNy1NYXJpYURCLWxvZyIsImxhbmciOiJlbl9HQiJ9&action=image&txt=aHR0cDovL3BvbHlmaWxsLmlvL3YyL3BvbHlmaWxsLmpz

    * File contains suspected malware URL: /home/sites/15a/7/74fd865db1/public_html/wp-content/plugins/ameliabooking/src/Infrastructure/WP/ShortcodeService/AmeliaShortcodeService.php ?k=23fb3c3d54206bd48aebf7f73c1466961ca6da8e7d6592c1890afea2091c4d2d059f3d7eecb4b1fc48e87c947fc43ee201f614ca230865b5a3d50efef95c699b&s=eyJ3cCI6IjYuNS40Iiwid2YiOiI3LjExLjYiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvam1kcml2aW5nLmNvbSIsInNzbHYiOjI2OTQ4ODQ2MywicHYiOiI4LjAuMzAiLCJwdCI6ImZwbS1mY2dpIiwiY3YiOiI4LjEuMiIsImNzIjoiT3BlblNTTFwvMy4wLjgiLCJzdiI6IkFwYWNoZSIsImR2IjoiMTAuNC4yNy1NYXJpYURCLWxvZyIsImxhbmciOiJlbl9HQiJ9&action=image&txt=aHR0cDovL3BvbHlmaWxsLmlvL3YyL3BvbHlmaWxsLmpz


  •  3
    Keith replied

    Hi Lyle, I would hope it is not an issue however a quick gogle search found this article dated to just yesterday which talks about 100000+ websites being affected by this https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-websites-all-you-need-to-know

  •  6
    Jacob S replied

    Receiving the same... hoping this gets immediate attention from Amelia as this does not sound good at all.

  •  6
    Jacob S replied

    To add some more information  this only appears to be an issue in newer versions of Amelia.

    I have older versions 6.6 running on other sites, but they are not detecting any MalWare. Yet my sites with 6.7 & 7.5 are detecting it.

    EDIT: Disregard... it seems to slowly be popping up on all versions.

  •  1
    Henri Sechet replied

    Same problem for me, nothing reassuring about this sonatype article.
    Amelia version 7.6.1

  •  1,564
    Marko replied

    Hello there,

    Thank you for reaching out to us.

    We want to assure you that Amelia is safe and free from any malware. The indication from a specific plugin may not necessarily reflect the true situation accurately. We will be in touch with Wordfence to investigate this issue promptly, and they will address it accordingly. Rest assured, there is no cause for concern with Amelia; it does not contain any such elements, allowing you to use it without worry.

    We wish you all the best and hope you have a wonderful day ahead. 

    Kind Regards, 

    Marko Davidovic
    [email protected]

    Rate my support

    wpDataTables: FAQ | Facebook | Twitter | InstagramFront-end and back-end demo | Docs

    Amelia: FAQ | Facebook | Twitter | InstagramAmelia demo sites | Docs | Discord Community

    You can try wpDataTables add-ons before purchasing on these sandbox sites:

    Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables

  •  3
    Keith replied

    Hi Marko, this is obviously a very concerning issue, if it proves that there is an exploit in the plugin as highlighted by wordfence will your company take responsibility should ther ebe any loss or damage to website owners or users?

  •  6
    Jacob S replied

    Agreed with Keith... upon looking into this matter it seems extremely concerning with the flaw having compromised many websites.

    While it is good to hear the Amelia team say there is nothing to worry about, perhaps a more comprehensive explanation would be helpful.

    The flaw is clearly present with code from this website injected into our websites THROUGH Aemlia... so what makes it nothing to worry about exactly? And why are we continuing to keep this compromised code on our websites?

  •  2
    Wim replied

    This is indeed a very serious issue. Wordfence is reporting the same issue on our website. This should be addressed with the highest priority. You can not get away with "We want to assure you that Amelia is safe and free from any malware" 

    I manually removed the links in both files reported by wordfence. In our case Amelia booking still seems to run fine when booking a appointment.

  •  1,564
    Marko replied

    Hello again,

    We checked with our developers and there is nothing wrong with Amelia despite WordFence showing warnings. And this is not a serous issue since there is nothing wrong with Amelia.

    That line of code shows if option "Enable usage for older IE browsers" setting is turned on. That setting has been turned off by default for about 2 years, so it must be turned on manually in order for this allegedly problematic JS to appear on the page. Our developers will work on removing it completely in one of the next updates. They will completely remove the call to that JS polyfill script and that warning should no longer appear.

    If you have Enable usage for older IE browsers turned on in settings activations, just turn it off and make sure to purge the cache, and this should not appear anymore. In the event that it continues to appear as we mentioned, there is nothing wrong with Amelia that would harm your site or similar, and in one of the next updates, very possibly in the next one, we hope our developers will remove that string and this warning should no longer appear. appears.

    We wish you all the best and hope you have a wonderful day ahead. 

    Kind Regards, 

    Marko Davidovic
    [email protected]

    Rate my support

    wpDataTables: FAQ | Facebook | Twitter | InstagramFront-end and back-end demo | Docs

    Amelia: FAQ | Facebook | Twitter | InstagramAmelia demo sites | Docs | Discord Community

    You can try wpDataTables add-ons before purchasing on these sandbox sites:

    Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables

  •  4
    An Janssens replied

    The setting is turned off on my site, but I still got the warning message from Wordfence. 

  •  4
    Eduardo replied

    I already made a private ticket but it is truly concerning. I have more than 10 clients affected :S.

    "That line of code shows if option "Enable usage for older IE browsers" setting is turned on. "


    As someone already just said, none of my sites had ever that option enabled and all of them are triggering the same error. All the information that you can find on a quick search regarding polyfill.io clearly states a red flag and/or vulnerability but you say we shouldn't worry...

    I would rather do something about it, can we delete the code? please give us a solution asap.

  •  6
    Jacob S replied

    The answers from the Amelia team so far are extremely disappointing.

    Addressing a critical flaw in "one of the next updates" and saying "MAYBE" in the next one is truly taking no responsibility for your user's security....

    You keep claiming there is no risk but have no evidence to prove otherwise and offer no solution. Amelia updates are few and far between, I don't think anyone wants to wait a month for this.

    Generally when a flaw like this is identified plugin developers immediately address it and push a fix.

    Hope we can get some actual support here instead of avoidant statements and no action. 

  •  1,564
    Marko replied

    Hello to all,

    I wanted to bring to your attention that when the settings are turned off, JavaScript (JS) will not be invoked on the page. However, Wordfence will still detect the presence of a supposedly Amelia issue with code, likely based on identifying that specific string.

    Therefore, even if you have disabled this option, you may still be able to identify the issue. 

    Rest assured, we plan to address this with an upcoming update scheduled for next week, tentatively on Tuesday, where we will ensure that JS is not called to the page.

    Thank you for your attention to this matter.

    Best regards. 

    Kind Regards, 

    Marko Davidovic
    [email protected]

    Rate my support

    wpDataTables: FAQ | Facebook | Twitter | InstagramFront-end and back-end demo | Docs

    Amelia: FAQ | Facebook | Twitter | InstagramAmelia demo sites | Docs | Discord Community

    You can try wpDataTables add-ons before purchasing on these sandbox sites:

    Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables

  •  1,564
    Marko replied

    Hello again to all,

    We just got the feedback from our developers and they have told us that the fix is confirmed for an upcoming update in version 7.6.2 and they will remove the call to that JS polyfill script and that warning should no longer appear. You can confirm this in the screenshots below

    6201442211.png

    We wish you all the best and hope you have a weekend ahead. 

    Kind Regards, 

    Marko Davidovic
    [email protected]

    Rate my support

    wpDataTables: FAQ | Facebook | Twitter | InstagramFront-end and back-end demo | Docs

    Amelia: FAQ | Facebook | Twitter | InstagramAmelia demo sites | Docs | Discord Community

    You can try wpDataTables add-ons before purchasing on these sandbox sites:

    Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables

  •  9
    Elisabeth replied

    I turned the setting off and then I thought I could remove the file. Now there has been a critical error and the site is down.

    How could I fix this asap please?

  •  3
    Keith replied

    Elisabeth, this happened to me also, I deleted and reinstalled the plugin and that restored everything. The wordfence notice gives you a link to login to your website in restore mode. You could also do a back up restore if you have site back ups,, bit be carefult with this option because any data that was added to your website, including new appointments, since the last back up will be lost.

  •  1,564
    Marko replied

    Hello Elisabeth,

    You should not have done that you should not remove this on your own and since we can not know exactly what you did the best course of action is to restore to a previous backup. An update should be released tomorrow so after that there should be no more warnings from wordfence.

    Should you have any further inquiries, we kindly request that you open separate tickets for each question and we will gladly help you there.

    We wish you all the best and hope you have a wonderful day ahead. 


    Kind Regards, 

    Marko Davidovic
    [email protected]

    Rate my support

    wpDataTables: FAQ | Facebook | Twitter | InstagramFront-end and back-end demo | Docs

    Amelia: FAQ | Facebook | Twitter | InstagramAmelia demo sites | Docs | Discord Community

    You can try wpDataTables add-ons before purchasing on these sandbox sites:

    Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables

  •  9
    Elisabeth replied

    Thanks both. I had indeed deactivated, removed and reinstalled the plugin which worked fine. Except for the polyfill malware file... even Google is sending warnings now about this on all my sites. I wish people would quit sending malware & spam...

  •  1,564
    Marko replied

    Hello Elisabeth,

    You are most welcome we are glad that everything is working now and this should be removed with the update that we should be released tomorrow.

    We wish you all the best and hope you have a wonderful day ahead. 

    Kind Regards, 

    Marko Davidovic
    [email protected]

    Rate my support

    wpDataTables: FAQ | Facebook | Twitter | InstagramFront-end and back-end demo | Docs

    Amelia: FAQ | Facebook | Twitter | InstagramAmelia demo sites | Docs | Discord Community

    You can try wpDataTables add-ons before purchasing on these sandbox sites:

    Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables