WPMUDEV Dashboard - wp_remote calls - purpose?

Hi WPMUDEV

we are currently checking the plugins and have some questions we need to get clarified in case customers will ask us this too.

IN your dashboard are several remote calls - could please short explain why they are marked as medium risk and why there is no other way - more safer way.

Thanks

Andi

--------

Now scanning: WPMU DEV Dashboard v. 4.2

Number of files to scan: 28

Files remain: 0

Verbose output
You can ignore all Unsafe messages if you trust the author and the source of this plugin.

OK/wpmudev-updates/update-notifications.php
OK/wpmudev-updates/shared-ui/plugin-ui.php
OK/wpmudev-updates/template/dashboard.php
OK/wpmudev-updates/template/element-last-refresh.php
OK/wpmudev-updates/template/element-project-info.php
OK/wpmudev-updates/template/login.php
OK/wpmudev-updates/template/no_access.php
OK/wpmudev-updates/template/plugins.php
OK/wpmudev-updates/template/popup-after-install-failed.php
OK/wpmudev-updates/template/popup-after-install-upfront.php
OK/wpmudev-updates/template/popup-after-install.php
OK/wpmudev-updates/template/popup-ftp-details.php
OK/wpmudev-updates/template/popup-no-access.php
OK/wpmudev-updates/template/popup-no-data-found.php
OK/wpmudev-updates/template/popup-project-changelog.php
OK/wpmudev-updates/template/popup-project-info.php
OK/wpmudev-updates/template/popup-update-info.php
OK/wpmudev-updates/template/popup-wordpress-changelog.php
OK/wpmudev-updates/template/settings.php
OK/wpmudev-updates/template/support-demo.php
Unsafe/wpmudev-updates/template/support-system.php view source
wp_remote_get at line 188:
$remote_get = wp_remote_get( $remote_url, $options );
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
wp_remote_post at line 189:
$remote_post = wp_remote_post( $remote_url, $options );
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
wp_remote_post at line 190:
$remote_paypal = wp_remote_post(
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
OK/wpmudev-updates/template/support.php
OK/wpmudev-updates/template/themes.php
Unsafe/wpmudev-updates/includes/class-wpmudev-dashboard-api.php view source
wp_remote_get at line 240:
$response = wp_remote_get( $link, $options );
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
wp_remote_post at line 243:
$response = wp_remote_post( $link, $options );
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
create_function at line 1470:
create_function( '$a', 'return 3600;' )
Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.
OK/wpmudev-updates/includes/class-wpmudev-dashboard-notice.php
OK/wpmudev-updates/includes/class-wpmudev-dashboard-site.php
Unsafe/wpmudev-updates/includes/class-wpmudev-dashboard-ui.php view source
wp_remote_get at line 1571:
$request = wp_remote_get(
Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.
Unsafe/wpmudev-updates/includes/class-wpmudev-dashboard-upgrader.php view source
wp_remote_post at line 452:
$res = wp_remote_post( $async_url, $async_args );
Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.