Pro Sites unsafe functions with up to high risk!

HI WPMUDEV

Could you please check with your dev and let him remove the unsafe function and replacing them with safe functions. Some are indicated as having even a high risk!

Thanks

Andi

---------

Now scanning: Pro Sites v. 3.5.4

Number of files to scan: 282

Files remain: 0

Verbose output
You can ignore all Unsafe messages if you trust the author and the source of this plugin.

Unsafe/pro-sites/pro-sites.php view source
call_user_func at line 107:
call_user_func( array( $module, 'run_critical_tasks' ) );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 2248:
call_user_func( $gateways[ $last_gateway ]['class'] . '::cancel_subscription', $blog_id );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
create_function at line 2811:
add_action( 'wp_footer', create_function( '', $function ), 99999 );
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
create_function at line 4008:
uasort( $psts_modules, create_function( '$a,$b', 'if ($a[0] == $b[0]) return 0;return ($a[0] < $b[0])? -1 : 1;' ) ); //sort modules by name
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
OK/pro-sites/pro-sites-files/data.php
OK/pro-sites/pro-sites-files/logging.php
Unsafe/pro-sites/pro-sites-files/plugins-loader.php view source
call_user_func at line 81:
$name = call_user_func( $class . '::get_name' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 82:
$description = call_user_func( $class . '::get_description' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 86:
$restriction = call_user_func( $class . '::get_class_restriction' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
OK/pro-sites/pro-sites-files/tcpdf-config.php
OK/pro-sites/pro-sites-files/tcpdf/encodings_maps.php
OK/pro-sites/pro-sites-files/tcpdf/htmlcolors.php
OK/pro-sites/pro-sites-files/tcpdf/spotcolors.php
Unsafe/pro-sites/pro-sites-files/tcpdf/tcpdf.php view source
file_get_contents at line 5783:
$data = file_get_contents($filedata['file']);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
curl_exec at line 7976:
$imgdata = curl_exec($cs);
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source without any restrictions.
file_get_contents at line 8177:
$svgimg = file_get_contents($file);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 8466:
$data = file_get_contents($file);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 9016:
$signature = file_get_contents($tempsign);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
base64_decode at line 9025:
$signature = base64_decode(trim($signature));
Potential risk: High. Decode data encoded with MIME base64. May be used to obfuscate (hide) malicious code. Often paired with eval function to execute malicious code.
file_get_contents at line 9111:
$this->sendOutputData(file_get_contents($name), filesize($name));
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 9137:
$this->sendOutputData(file_get_contents($name), filesize($name));
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 10382:
$font = file_get_contents($fontfile);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 11778:
$font = file_get_contents($fontfile);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 12281:
$stream = $this->_getrawstream(file_get_contents($fontfile));
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 12910:
$icc = file_get_contents(dirname(__FILE__).'/sRGB.icc');
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 14708:
$signature = file_get_contents($tempencfile, false, null, $envelope_length);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
base64_decode at line 14716:
$signature = base64_decode($signature);
Potential risk: High. Decode data encoded with MIME base64. May be used to obfuscate (hide) malicious code. Often paired with eval function to execute malicious code.
file_get_contents at line 19696:
$data = file_get_contents($file);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 21491:
$cssdata = file_get_contents(trim($type[1]));
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
create_function at line 22948:
create_function('$matches', 'global $spacew;
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
create_function at line 22990:
create_function('$matches', 'global $x_diff, $w_diff;
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
create_function at line 23002:
create_function('$matches', 'global $spacew;
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
create_function at line 23054:
create_function('$matches', 'global $spacew;
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
base64_decode at line 23948:
$tag['attribute']['src'] = '@'.base64_decode(substr($tag['attribute']['src'], 1));
Potential risk: High. Decode data encoded with MIME base64. May be used to obfuscate (hide) malicious code. Often paired with eval function to execute malicious code.
call_user_func_array at line 24445:
call_user_func_array(array($this, $tcpdf_method), $params);
Potential risk: Low. Call any function with an array of parameters. May be used to hide facts of using unsafe system commands or to mislead code inspection.
file_get_contents at line 25914:
return file_get_contents($filename);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
create_function at line 26283:
create_function('$matches', 'global $jfrompage, $jtopage;
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
create_function at line 26463:
create_function('$matches', 'global $jpage;
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
file_get_contents at line 27361:
$data = file_get_contents($file);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 28121:
$svgdata = file_get_contents($file);
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
call_user_func_array at line 28630:
$bbox = call_user_func_array(array($this, $clip_function), $clip_params);
Potential risk: Low. Call any function with an array of parameters. May be used to hide facts of using unsafe system commands or to mislead code inspection.
base64_decode at line 29628:
$img = '@'.base64_decode(substr($img, strlen($m[0])));
Potential risk: High. Decode data encoded with MIME base64. May be used to obfuscate (hide) malicious code. Often paired with eval function to execute malicious code.
OK/pro-sites/pro-sites-files/tcpdf/tcpdf_filters.php
OK/pro-sites/pro-sites-files/tcpdf/tcpdf_parser.php
OK/pro-sites/pro-sites-files/tcpdf/unicode_data.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/courier.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/courierb.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/courierbi.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/courieri.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/helvetica.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/helveticab.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/helveticabi.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/helveticai.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfacourierb.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfacourierbi.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfacourieri.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfahelvetica.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfahelveticab.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfahelveticabi.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfahelveticai.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfasymbol.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfatimes.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfatimesb.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfatimesbi.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfatimesi.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/pdfazapfdingbats.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/symbol.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/times.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/timesb.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/timesbi.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/timesi.php
OK/pro-sites/pro-sites-files/tcpdf/fonts/zapfdingbats.php
OK/pro-sites/pro-sites-files/tcpdf/config/tcpdf_config.php
OK/pro-sites/pro-sites-files/tcpdf/config/tcpdf_config_alt.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/afr.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/ara.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/aze.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/bel.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/bra.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/bul.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/cat.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/ces.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/chi.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/cym.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/dan.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/eng.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/est.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/eus.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/far.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/fra.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/ger.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/gle.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/glg.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/hat.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/heb.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/hrv.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/hun.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/hye.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/ind.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/ita.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/jpn.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/kat.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/kor.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/mkd.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/mlt.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/msa.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/nld.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/nob.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/pol.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/por.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/ron.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/rus.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/slv.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/spa.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/sqi.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/srp.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/swa.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/swe.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/ukr.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/urd.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/yid.php
OK/pro-sites/pro-sites-files/tcpdf/config/lang/zho.php
Unsafe/pro-sites/pro-sites-files/dash-notice/wpmudev-dash-notification.php view source
wp_remote_get at line 403:
$response = wp_remote_get($url, $options);
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
Unsafe/pro-sites/pro-sites-files/gateways/gateway-2checkout.php view source
wp_remote_post at line 1502:
$response = wp_remote_post( $url, $args );
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
OK/pro-sites/pro-sites-files/gateways/gateway-manual.php
Unsafe/pro-sites/pro-sites-files/gateways/gateway-paypal-express-pro.php view source
wp_remote_post at line 2849:
$response = wp_remote_post( $paypal_domain, $args );
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
Unsafe/pro-sites/pro-sites-files/gateways/gateway-stripe.php view source
file_get_contents at line 1049:
$body = @file_get_contents( 'php://input' );
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
OK/pro-sites/pro-sites-files/gateways/gateway-trial.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/TwocheckoutCharge.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/TwocheckoutMessage.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/TwocheckoutNotification.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/TwocheckoutReturn.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/Api/TwocheckoutAccount.php
Unsafe/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/Api/TwocheckoutApi.php view source
curl_exec at line 44:
$resp = curl_exec( $ch );
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source without any restrictions.
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/Api/TwocheckoutCoupon.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/Api/TwocheckoutError.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/Api/TwocheckoutOption.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/Api/TwocheckoutPayment.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/Api/TwocheckoutProduct.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/Api/TwocheckoutSale.php
OK/pro-sites/pro-sites-files/gateways/gateway-2checkout-files/Twocheckout/Api/TwocheckoutUtil.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Account.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/ApiConnectionError.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/ApiError.php
Unsafe/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/ApiRequestor.php view source
curl_exec at line 313:
$rbody = curl_exec($curl);
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source without any restrictions.
curl_exec at line 330:
$rbody = curl_exec($curl);
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source without any restrictions.
base64_decode at line 453:
$derCert = base64_decode(implode("", $lines));
Potential risk: High. Decode data encoded with MIME base64. May be used to obfuscate (hide) malicious code. Often paired with eval function to execute malicious code.
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/ApiResource.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/ApplicationFee.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/ApplicationFeeRefund.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/AttachedObject.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/AuthenticationError.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Balance.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/BalanceTransaction.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/BitcoinReceiver.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/BitcoinTransaction.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Card.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/CardError.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Charge.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Coupon.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Customer.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Error.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Event.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/FileUpload.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/InvalidRequestError.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Invoice.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/InvoiceItem.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/List.php
Unsafe/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Object.php view source
call_user_func_array at line 231:
return call_user_func_array(array($class, $method), $args);
Potential risk: Low. Call any function with an array of parameters. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func_array at line 236:
return call_user_func_array(array($class, $method), $args);
Potential risk: Low. Call any function with an array of parameters. May be used to hide facts of using unsafe system commands or to mislead code inspection.
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Plan.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/RateLimitError.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Recipient.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Refund.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/RequestOptions.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/SingletonApiResource.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Stripe.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Subscription.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Token.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Transfer.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Util.php
OK/pro-sites/pro-sites-files/gateways/gateway-stripe-files/lib/Stripe/Util/Set.php
Unsafe/pro-sites/pro-sites-files/gateways/backwards-compatibility/supporter-amazon.php view source
curl_exec at line 218:
$response = curl_exec($curlHandle);
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source without any restrictions.
Unsafe/pro-sites/pro-sites-files/gateways/backwards-compatibility/supporter-bulk-upgrades-paypal.php view source
wp_remote_post at line 56:
$response = wp_remote_post($domain, $args);
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
OK/pro-sites/pro-sites-files/gateways/backwards-compatibility/supporter-paypal.php
Unsafe/pro-sites/pro-sites-files/gateways/gateway-paypal-files/class-paypal-api-helper.php view source
wp_remote_post at line 446:
$response = wp_remote_post( $API_Endpoint, $args );
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
OK/pro-sites/pro-sites-files/lib/prosites-signup.php
Unsafe/pro-sites/pro-sites-files/lib/psts_pricing_table.php view source
call_user_func at line 458:
$is_included = call_user_func( $class_name . '::is_included', $level_id );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
OK/pro-sites/pro-sites-files/lib/psts_pricing_table_admin.php
Unsafe/pro-sites/pro-sites-files/lib/external/csstidy/class.csstidy.php view source
file_get_contents at line 545:
$content = strip_tags(file_get_contents($content), '<span>');
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
file_get_contents at line 562:
return $this->parse(@file_get_contents($url));
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
OK/pro-sites/pro-sites-files/lib/external/csstidy/class.csstidy_optimise.php
Unsafe/pro-sites/pro-sites-files/lib/external/csstidy/class.csstidy_print.php view source
file_get_contents at line 154:
$cssparsed = file_get_contents('cssparsed.css');
Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.
OK/pro-sites/pro-sites-files/lib/external/csstidy/class.csstidy_sanitize_wp.php
OK/pro-sites/pro-sites-files/lib/external/csstidy/data.inc.php
OK/pro-sites/pro-sites-files/lib/external/csstidy/lang.inc.php
Unsafe/pro-sites/pro-sites-files/lib/ProSites/Model/Data.php view source
call_user_func at line 15:
$currencies = call_user_func( $class . '::get_supported_currencies' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
OK/pro-sites/pro-sites-files/lib/ProSites/Model/Gateways.php
Unsafe/pro-sites/pro-sites-files/lib/ProSites/Model/Pricing.php view source
call_user_func at line 217:
$status = call_user_func( $feature['module'] . '::get_level_status', $l_key );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 263:
$status = call_user_func( $feature['module'] . '::get_level_status', $key );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 274:
$new_status = call_user_func( $feature['module'] . '::get_level_status', $key );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 318:
if ( call_user_func( $module . '::hide_from_pricing_table' ) ) {
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 326:
$name = call_user_func( $module . '::get_name' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 330:
'description' => call_user_func( $module . '::get_description' ),
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 344:
$level_settings[ $level_code ]['status'] = call_user_func( $module . '::get_level_status', $level_code );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 360:
$feature['active'] = call_user_func( $module . '::is_active' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
OK/pro-sites/pro-sites-files/lib/ProSites/Model/Receipt.php
OK/pro-sites/pro-sites-files/lib/ProSites/Model/Registration.php
OK/pro-sites/pro-sites-files/lib/ProSites/Model/Settings.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Coupons.php
Unsafe/pro-sites/pro-sites-files/lib/ProSites/Helper/Gateway.php view source
call_user_func at line 29:
$name = call_user_func( $active_gateway . '::get_name' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
Unsafe/pro-sites/pro-sites-files/lib/ProSites/Helper/Geolocation.php view source
wp_remote_get at line 50:
$response_object = wp_remote_get( 'http://freegeoip.net/json/' . $ip );
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
wp_remote_get at line 64:
$response_object = wp_remote_get( 'http://www.datasciencetoolkit.org/ip2coordinates/' . $ip );
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/IMSI.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Integration.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/ProSite.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Registration.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Session.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Settings.php
Unsafe/pro-sites/pro-sites-files/lib/ProSites/Helper/Tabs.php view source
call_user_func at line 53:
$tabs = call_user_func( array( $child, 'get_tabs' ) );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 90:
$html = call_user_func( $render_callback );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 169:
$tabs = call_user_func( array( $child, 'get_tabs' ) );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Tax.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Transaction.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/UI.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Integration/BuddyPress.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Tabs/Gateways.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Tabs/Pricing.php
OK/pro-sites/pro-sites-files/lib/ProSites/Helper/Tabs/Settings.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo.php
Unsafe/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/Swagger.php view source
curl_exec at line 115:
$response = curl_exec($curl);
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source without any restrictions.
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/C.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/N.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/additional_currencies.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/additional_currency.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/by_country.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/by_status.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/by_taxation_type.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/calculateSimpleTaxOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/calculateTaxIn.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/calculateTaxLocationOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/calculateTaxOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/cancelTransactionOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/capturePaymentOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/confirmTransactionIn.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/confirmTransactionOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/countries.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/country.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/country_schema.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/createPaymentIn.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/createPaymentOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/createRefundIn.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/createRefundOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/createSMSTokenIn.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/createSMSTokenOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/createTransactionIn.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/createTransactionOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/currency_schema.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/custom_fields.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/emailInvoiceIn.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/emailInvoiceOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/evidence.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/evidence_schema.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getCountriesDictOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getCurrenciesDictOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getDailySettlementStatsOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getProductTypesDictOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getRefundsOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getSettlementOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getSettlementReportOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getSettlementStatsByCountryOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getSettlementStatsByTaxationTypeOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getSettlementSummaryOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getTransactionOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/getTransactionsStatsOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/input_transaction.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/input_transaction_line.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/input_transaction_update.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/invoice_address.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/listPaymentsOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/listTransactionsOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/locateGivenIPOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/locateMyIPOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/payments.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/product_type_schema.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/report.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/settlement_daily_stats_schema.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/settlement_report_entry.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/summary.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/transaction.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/transaction_lines.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/transactions.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/unconfirmTransactionIn.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/unconfirmTransactionOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/updateTransactionIn.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/updateTransactionOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/validateTaxNumberOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/Module/Taxamo/lib/Taxamo/models/verifySMSTokenOut.php
OK/pro-sites/pro-sites-files/lib/ProSites/View/Coupons.php
Unsafe/pro-sites/pro-sites-files/lib/ProSites/View/Gateways.php view source
call_user_func at line 232:
$name = call_user_func( $gateway . '::get_name' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
Unsafe/pro-sites/pro-sites-files/lib/ProSites/View/Pricing.php view source
call_user_func at line 525:
$original_value = call_user_func( $setting['module'] . '::get_name' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 553:
$original_value = call_user_func( $setting['module'] . '::get_description' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 589:
$level_status = call_user_func( $setting['module'] . '::get_level_status', $level_id );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 661:
$module_active = call_user_func( $setting['module'] . '::is_active' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
OK/pro-sites/pro-sites-files/lib/ProSites/View/Settings.php
OK/pro-sites/pro-sites-files/lib/ProSites/View/Pricing/Styling.php
Unsafe/pro-sites/pro-sites-files/lib/ProSites/View/Front/Checkout.php view source
call_user_func at line 619:
$is_active = call_user_func( $module . '::is_active' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 644:
$status = call_user_func( $module . '::get_level_status', $level );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 652:
$status = call_user_func( $module . '::get_level_status', $level );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
Unsafe/pro-sites/pro-sites-files/lib/ProSites/View/Front/Gateway.php view source
call_user_func at line 54:
call_user_func( $gateways[ $gateway ]['class'] . '::cancel_subscription', $blog_id, true );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 89:
method_exists( $gateways[ $primary_gateway ]['class'], 'process_on_render' ) && call_user_func( $gateways[ $primary_gateway ]['class'] . '::process_on_render' ) &&
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 92:
$primary_args = call_user_func( $gateways[ $primary_gateway ]['class'] . '::process_checkout_form', $render_data, $blog_id, $domain );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 95:
method_exists( $gateways[ $secondary_gateway ]['class'], 'process_on_render' ) && call_user_func( $gateways[ $secondary_gateway ]['class'] . '::process_on_render' ) &&
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 98:
$secondary_args = call_user_func( $gateways[ $secondary_gateway ]['class'] . '::process_checkout_form', $render_data, $blog_id, $domain );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 101:
$manual_args = call_user_func( $gateways[ $manual_gateway ]['class'] . '::process_checkout_form', $render_data, $blog_id, $domain );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 153:
$content .= call_user_func( $gateways[ $primary_gateway ]['class'] . '::render_gateway', $render_data, $primary_args, $blog_id, $domain );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 159:
$name = call_user_func( $gateways[ $site_details['last_payment_gateway'] ]['class'] . '::get_name' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 179:
$content .= call_user_func( $gateways[ $secondary_gateway ]['class'] . '::render_gateway', $render_data, $secondary_args, $blog_id, $domain, false );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 185:
$name = call_user_func( $gateways[ $site_details['last_payment_gateway'] ]['class'] . '::get_name' );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 204:
$content .= call_user_func( $gateways[ $manual_gateway ]['class'] . '::render_gateway', $render_data, $manual_args, $blog_id, $domain, false );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 247:
$info_retrieved = call_user_func( $gateways[ $key ]['class'] . '::get_existing_user_information', $blog_id, $domain );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
call_user_func at line 438:
$info_retrieved = call_user_func( $gateways[ $key ]['class'] . '::get_existing_user_information', $blog_id, $domain, false );
Potential risk: Low. Call any function given by the first parameter. May be used to hide facts of using unsafe system commands or to mislead code inspection.
OK/pro-sites/pro-sites-files/lib/ProSites/View/Front/Registration.php
OK/pro-sites/pro-sites-files/modules/ads.php
Unsafe/pro-sites/pro-sites-files/modules/badge-widget.php view source
create_function at line 29:
add_action( 'widgets_init', create_function( '', 'return register_widget("ProSites_Pro_Widget");' ) );
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
OK/pro-sites/pro-sites-files/modules/buddypress.php
Unsafe/pro-sites/pro-sites-files/modules/bulk-upgrades.php view source
wp_remote_post at line 153:
$response = wp_remote_post( $domain, $args );
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
OK/pro-sites/pro-sites-files/modules/marketpress-filter.php
Unsafe/pro-sites/pro-sites-files/modules/pay-to-blog.php view source
create_function at line 28:
add_filter( 'psts_prevent_dismiss', create_function( null, 'return true;' ) );
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
OK/pro-sites/pro-sites-files/modules/post-throttling.php
OK/pro-sites/pro-sites-files/modules/posting-quota.php
OK/pro-sites/pro-sites-files/modules/premium-plugins-manager.php
OK/pro-sites/pro-sites-files/modules/premium-plugins.php
OK/pro-sites/pro-sites-files/modules/premium-support.php
OK/pro-sites/pro-sites-files/modules/premium-themes.php
OK/pro-sites/pro-sites-files/modules/quota.php
OK/pro-sites/pro-sites-files/modules/unfiltered-html.php
OK/pro-sites/pro-sites-files/modules/upgrade-admin-links.php
OK/pro-sites/pro-sites-files/modules/write.php
OK/pro-sites/pro-sites-files/modules/xmlrpc.php
OK/pro-sites/tests/bootstrap.php
OK/pro-sites/tests/test-coupon-check.php
Deprecated/pro-sites/tests/objects/prosites-tests-utility.php view source
wp_get_sites at line 89:
$sites = wp_get_sites();
Deprecated 4.6.0