Hi,
I am getting messages about gp premium files from a malware scanner that point to bad / dangerous / suspicious codes. Is this something other people have or something that needs to be addressed from GP? The files are: /wp-content/plugins/gp-premium/elements/class-hooks.php and /wp-content/plugins/gp-premium/hooks/functions/hooks.php
Thx for your reply
I am no expert but maybe there is an issue that needs to be cleared up.
The scanner says this code should never be used. Can’t it be converted? Here is an example when I researched eval(): https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval . Similar statement: “Warning: Executing JavaScript from a string is an enormous security risk. It is far too easy for a bad actor to run arbitrary code when you use eval(). See Never use eval()!, below.”
We’ve actually had this double-checked by WordPress security experts. The eval() function can only contain content which is saved by you, the administrator. It’s not possible for a non-administrator to run code through it.
If someone bad is logged in as an administrator, they can do anything they want through the theme/plugin editor (so that eval() function is the least of your worries).