False Positives in Google SiteKit | WordPress.org

Resolved JVM Design
(@jvmd)

1 month, 3 weeks ago

I believe the latest scan picked up some false positives on the Google Site Kit plugin, so just wanted to let you know: https://snipboard.io/fj2ESG.jpg

Thanks!

The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

Plugin Author Eli
(@scheeeli)

1 month, 3 weeks ago

It looks like they released some new code a few weeks ago that includes a new email template library which uses variable functions. It’s really hard to figure out what these functions might be because of the way they are setting these variables, so it falls under code obfuscation, which is not really allowed in the WordPress plugin repository, but this is a popular plugin so I have whitelisted it for now. I may revisit this later to try to figure out what these variables are being set to and make sure that the way they have included these new classes and templates is actually safe, but for now it should no longer come up as a Known Threat in the scan if you download the latest definition updates.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

1 reply
2 participants
Last reply from: Eli
Last activity: 1 month, 3 weeks ago
Status: resolved