Support » Plugin: UpdraftPlus WordPress Backup Plugin » PHISHING URL in UpdraftPlus file

  • Resolved Stevo

    (@sd142ppr)


    FOR GENERAL INFORMATION:

    The following file was correctly found in UPDRAFTPLUS by Wordfence this morning as containing a blacklisted URL:

    THIS FROM WORDFENCE:

    Filename: wp-content/plugins/updraftplus/includes/class-onedrive-account.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Bad URL: http://login.microsoftonline.de/common/oauth2/v2.0/authorize

    Details: This file contains a URL that is a suspected phishing site that is currently listed on Google’s list of known phishing sites. The URL is: http://login.microsoftonline.de/common/oauth2/v2.0/authorize

    If you try to load this page, a RED WARNING from Google appears, saying that this is a phishing URL.

    I’m awaiting a response from Updraft Plus regarding the issue.

    Regards
    Steve

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • same here :
    Wordfence found the following new issues
    * File contains suspected phishing URL: wp-content/plugins/updraftplus/includes/class-onedrive-account.php

    I’m seeing the same warning as well . . . so far for three sites.

    I just updated one to UpdraftPlus version 2.16.6.24, cleared the Wordfence warning and then ran a full scan. The warning re-generated.

    Plugin Contributor aporter

    (@aporter)

    Hi,

    It’s an official site of Microsoft Germany: https://docs.microsoft.com/en-us/office/enterprise-includes/o365endpoints/office-365-germany-endpoints

    The URL appears in the source code, because it’s used to authenticate with Microsoft Germany when using OneDrive for Germany.

    Please do report this false positive to Wordfence so that they can fix it.

    You can also report this as a false positive to Google via https://safebrowsing.google.com/safebrowsing/report_error/

    Best Wishes,

    Ashley

    Ashley,

    Well, maybe it is the official link and a false positive or maybe it’s not!

    The BETTER approach is for UndraftPlus to sort this out on behalf of all of its Customers working with Google and/or Wordfence and then to let us know what the resolution is.

    Thank you, in advance.

    Scott

    Plugin Author David Anderson

    (@davidanderson)

    Since this issue only applies to paid customers (OneDrive support/code is not in the free version of UpdraftPlus), the following requirement of wordpress.org for use of their forum applies: https://wordpress.org/support/guidelines/#do-not-post-about-commercial-products .

    Therefore, I will mark this topic as resolved.

    P.S. We’ve asked Wordfence in the past to run their scanning code against popular plugins to prevent alerting their users of false positives in UpdraftPlus and other plugins. But, we have no power to actually force them to do anything.

    Thread Starter Stevo

    (@sd142ppr)

    David – It’s an issue that, regardless, is affecting ALL UpdraftPLus users – free and premium, whether they use One Drive or not, as crucially its an integral file, so it seems a bit premature to just shut it off.

    I’m hoping Wordfence will mark this as a false positive in the near future!

    Regards
    Stevo

    Plugin Author David Anderson

    (@davidanderson)

    David – It’s an issue that, regardless, is affecting ALL UpdraftPLus users – free and premium

    Hi Steve,

    As I say, not so – OneDrive support/code is not in the free version of UpdraftPlus (verify the non-existence of the indicated file class-onedrive-account.php here: http://plugins.svn.wordpress.org/updraftplus/trunk/includes ).

    I don’t run wordpress.org, but we (as all users of their forums) are obliged to obey their rules in order to have an account on wordpress.org, and they don’t offer any room for negotiation on that.

    David

    Thread Starter Stevo

    (@sd142ppr)

    OK 🙂

    Thread Starter Stevo

    (@sd142ppr)

    I note that you informed Wordfence of a probable fals positive anyhow, so thank you for that 🙂

    Over and out!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘PHISHING URL in UpdraftPlus file’ is closed to new replies.