Has anyone here had any experience with FlexiThemes?


(Not an affiliate link, don't worry.)

I like their themes (simple, functional and attractive). However, they're not a well-known company. So I want to make sure their themes are clean and contain no malware. They are listed as a GPL-compliant theme provider on WordPress.org, but I don't know if there is any vetting there.

I did notice a couple of base64 commands in their themes, but those appear to just be for encoding and decoding export and import of theme settings (when you want to export your settings and bring them into another instance of the theme on another WordPress installation).

That code:

if($do == 'export') {
echo '<textarea class="fp-textarea" style="height:300px; margin-bottom:30px;">' . base64_encode(serialize(get_option($this->theme->theme_options_name))) . '</textarea>';
} elseif($do == 'import') {
$import_flexipanel_options = $_POST['import_flexipanel_options'];
$import_flexipanel_options = unserialize(base64_decode($import_flexipanel_options));
if(is_array($import_flexipanel_options)) {
update_option($this->theme->theme_options_name, $import_flexipanel_options);

I also ran Donncha's Exploit Scanner, and it flagged quite a few uses of "eval" (which of course is often a false positive). Random examples:

}return eval("("+string+")");}});Native.
return eval(rs);};var Fx=new Class({Implements:[Chain,Event
response = eval("(" + response + ")");

If anyone is familiar with these themes, or can give any feedback on the items mentioned above, it would be greatly appreciated. I don't have ready access to a security expert for the next couple of weeks.