0
Validation results

Avada

Avada

WordPress 6.4.3 theme
0
This theme seems to be proprietary. Themecheck doesn't distribute commercial themes.
Critical alerts
  1. Title : Title The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  2. Security breaches : Use of PHP sytem calls Found ->exec in file CurlPost.php. 95: $response = $this->curl->exec($handle);
  3. Security breaches : Use of base64_decode() Found base64_decode in file class-awb-setup-wizard.php. 363: $dynamic_params = json_decode( base64_decode( $attr['dynamic_params'] ), true ); // phpcs:ignore WordPress
  4. Security breaches : Use of base64_encode() Found base64_encode in file class-awb-setup-wizard.php.
     'dynamic_params'   => base64_encode( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions
  5. Unwanted files : hidden file(s) or folder(s) .stylelintignore .stylelintrc.json was found.
  6. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe width="' . self::$args['width'] . '" height="' . self::$args['height'] . '" frameborder="0" style="border:0" src="https://www.google.com/maps/embed/v1/place?key=' . $api_key . '&language=' . $lang_code . '&q=' . $embed_address . '&maptype=' . self::$args['embed_map_type'] . '&zoom=' . self::$args['zoom'] . '" allowfullscreen> in file class-avada-googlemap.php. 311: $html .= '<iframe width='' . self::$args['width'] . '' height='' . self::$args['heighFound <iframe ', '<iframe data-privacy-type="' . $type . '" src="" ', $frame ); if ( strpos( $frame, 'class="' ) || strpos( $frame, "class='" ) ) { $frame = str_replace( [ 'class="', "class='" ], 'class="fusion-hidden ', $frame ); } else { $frame = str_replace( '<iframe ', '<iframe class="fusion-hidden" ', $frame ); } $frame_width = false; $frame_height = false; // Get dimensions if set. preg_match( '/width="(.*?)"/', $frame, $width ); if ( isset( $width[1] ) ) { preg_match( '/height="(.*?)"/', $frame, $height ); if ( isset( $height[1] ) ) { $frame_width = $width[1]; $frame_height = $height[1]; } } // Add placeholder. $placeholder = ''; if ( ! strpos( $frame, 'data-fusion-no-placeholder' ) ) { $placeholder = $this-> in file class-avada-privacy-embeds.php. Found <iframe class="avada-db-welcome-video-iframe" data-src="<?php echo esc_url( $welcome_video ); ?> in file dashboard.php. 78: <iframe class='avada-db-welcome-video-iframe' data-src='<?php echo esc_url(Found <iframe class="lazyload" data-orig-src="<?php echo esc_attr( $default_header_url ); ?> in file setup.php. 524: <iframe class='lazyload' data-orig-src='<?php echo esc_attr( $default_headeFound <iframe id="fb-preview" name="fb-preview" data-viewport="desktop" title="<?php esc_attr_e( 'Site Preview', 'Avada' ); ?>" name="customize-preview-0" onmousewheel="" src="<?php echo esc_url_raw( $permalink ); ?> in file front-customize.php. 54: <iframe id='fb-preview' name='fb-preview' data-viewport='desktop' title='<?Found <iframe [^>]*src=")? # If iframe match up to first quote of src (?: # Group vimeo url https?:\/\/ # Either http or https (?:[\w]+\.)* # Optional subdomains vimeo\.com # Match vimeo.com (?:[\/\w:]*(?:\/videos)?)? # Optional video sub directory this handles groups links also \/ # Slash before Id ([0-9]+) # $1: VIDEO_ID is numeric [^\s]* # Not a space ) # End group "? # Match end quote if part of src (?:[^> in file functions.php.
  7. Malware : Operations on file system file_put_contents was found in the file class-avada-migrate.php 588: file_put_contents( $debug_file_path, $debug_content ); // phpcs:ignore Wordfile_get_contents was found in the file Post.php 80: $response = file_get_contents($this->siteVerifyUrl, false, $context);fwrite was found in the file SocketPost.php 91: $this->socket->fwrite($request);fclose was found in the file SocketPost.php 98: $this->socket->fclose();fwrite was found in the file Socket.php 67: * fwrite69: * @see http://php.net/fwrite74: public function fwrite($string, $length = null)76: return fwrite($this->handle, $string, (is_null($length) ? strlen($string) : $lengtfwrite was found in the file Socket.php 67: * fwrite69: * @see http://php.net/fwrite74: public function fwrite($string, $length = null)76: return fwrite($this->handle, $string, (is_null($length) ? strlen($string) : $lengtfclose was found in the file Socket.php 103: * fclose105: * @see http://php.net/fclose108: public function fclose()110: return fclose($this->handle);fclose was found in the file Socket.php 103: * fclose105: * @see http://php.net/fclose108: public function fclose()110: return fclose($this->handle);fopen was found in the file class.fusionredux_helpers.php 631: //$fp = fopen( $file, 'r' );fread was found in the file class.fusionredux_helpers.php 634: //$file_data = fread( $fp, 8192 );fclose was found in the file class.fusionredux_helpers.php 637: //fclose( $fp );file_get_contents was found in the file functions.php 1690: function fusion_file_get_contents( $url ) {1701: $file_content = file_get_contents( $url ); // phpcs:ignore WordPress.WP.AlternativeFunctionfopen was found in the file avada-functions.php 890: $fp = fopen( $file_path, 'w' ); // phpcs:ignore WordPress.WP.AlternativeFunctions892: // Return if fopen failed.fwrite was found in the file avada-functions.php 888: // If the attempt to write to the file failed, then fallback to fwrite.897: $written = fwrite( $fp, $body ); // phpcs:ignore WordPress.WP.AlternativeFunctionsfclose was found in the file avada-functions.php 898: fclose( $fp ); // phpcs:ignore WordPress.WP.AlternativeFunctions
  8. Malware : Network operations curl_init was found in the file Curl.php 44: * @see http://php.net/curl_init50: return curl_init($url);curl_exec was found in the file Curl.php 65: * @see http://php.net/curl_exec71: return curl_exec($ch);fsockopen was found in the file SocketPost.php 42: * Sends a POST request to the reCAPTCHA service, but makes use of fsockopen()78: if (false === $this->socket->fsockopen('ssl://' . $urlParsed['host'], 443, $errno, $errstr, 30)) {fsockopen was found in the file SocketPost.php 42: * Sends a POST request to the reCAPTCHA service, but makes use of fsockopen()78: if (false === $this->socket->fsockopen('ssl://' . $urlParsed['host'], 443, $errno, $errstr, 30)) {fsockopen was found in the file Socket.php 46: * fsockopen48: * @see http://php.net/fsockopen56: public function fsockopen($hostname, $port = -1, &$errno = 0, &$errstr = '', $timeout = nul58: $this->handle = fsockopen($hostname, $port, $errno, $errstr, (is_null($timeout) ? ini_get('fsockopen was found in the file Socket.php 46: * fsockopen48: * @see http://php.net/fsockopen56: public function fsockopen($hostname, $port = -1, &$errno = 0, &$errstr = '', $timeout = nul58: $this->handle = fsockopen($hostname, $port, $errno, $errstr, (is_null($timeout) ? ini_get('
  9. Admin menu : Themes should use add_theme_page() for adding admin pages. File class-avada-avadaredux.php : 263: add_submenu_page( 'themes.php', __( 'Avada Options have moved!', 'Avada' ),File class-avada-layout-bbpress.php : 49: add_action( 'bbp_template_before_search', [ $this, 'add_search_page_search_form' ] );135: public function add_search_page_search_form() {File welcome.php : 163: $page = 'add_management_page';File framework.php : 1265: // wrappers and need to be appened to using add_submenu_page.1316: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission1374: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['tFile framework.php : 1265: // wrappers and need to be appened to using add_submenu_page.1316: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission1374: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['tFile framework.php : 1342: $this->page = call_user_func( 'add_menu_page', $this->args['page_title'], $this->args['menu_title'], $thisFile framework.php : 1265: // wrappers and need to be appened to using add_submenu_page.1316: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission1374: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['tFile class-fusion-patcher-admin-screen.php : 122: add_submenu_page( // phpcs:ignore WPThemeReview.PluginTerritory.NoAddAdminPFile class-avada-admin.php : 339: $avada_menu_page_creation_method = 'add_menu_page';File class-avada-admin.php : 340: $avada_submenu_page_creation_method = 'add_submenu_page';
  10. Hidden admin bar : Hidden admin Bar Themes should not hide admin bar. Detected in file : class-fusion-app.php.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in enqueue.php. Themes must not deregister core scripts. 215: wp_deregister_script( 'jquerySelect3' );Found wp_deregister_script in framework.php. Themes must not deregister core scripts. 531: wp_deregister_script( 'wpb_ace' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is avada.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file list-widget.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Avada' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Avada' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Import Page Options. You can import via file or copy and paste from JSON data.' in file class-fusion-panel.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Export your Page Options. You can either export as a file or copy the data.' in file class-fusion-panel.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Import Global Options. You can import via file, copy and paste or select an Avada prebuilt website.' in file class-fusion-panel.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Export your Global Options. You can either export as a file or copy the data.' in file class-fusion-panel.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'Performance Wizard' in file performance.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments '1.067 - Minor Second' in file setup.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments '1.125 - Major Second' in file setup.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments '1.200 - Minor Third' in file setup.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments '1.250 - Major Third' in file setup.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments '1.333 - Perfect Fourth' in file setup.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments '1.414 - Augmented Fourth' in file setup.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments '1.500 - Perfect Fifth' in file setup.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments '1.618 - Golden Ratio' in file setup.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Move Row' in file form-options.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Check Row' in file form-options.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Remove Row' in file form-options.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Move Row' in file form-options.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Check Row' in file form-options.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Remove Row' in file form-options.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Move Row' in file sortable-text.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Remove Row' in file sortable-text.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Move Row' in file sortable-text.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Remove Row' in file sortable-text.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Allowed Files' in file class-fusion-custom-icon-set.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'Select File' in file class-fusion-custom-icon-set.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux localization utilities', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux Resting Diles', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux Code Styles', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux Unit Testing', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux Plugin File', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux Boostrap Tests', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'CI Testing FIle', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'PHP Unit Testing', themecheck, 'Avada' in file full_package.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'The %1$sPatcher%2$s allows you to apply small fixes to your site between Avada releases, thereby keeping your site up to date.' in file class-fusion-patcher-admin-screen.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Avada requires at least WordPress version %1$s. You are running version %2$s. Please upgrade and try again.' in file bootstrap-compat.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Avada requires at least PHP version %1$s. You are running version %2$s. Please upgrade and try again.' in file bootstrap-compat.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Creating database tables failed.' in file class-avada-system-status.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Security check failed.' in file class-avada-system-status.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Database tables are created successfully.' in file class-avada-system-status.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'This will be used in the font-family dropdown.' in file typography.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'See the added Adobe Fonts, or press the button to reset Adobe Fonts cache.' in file typography.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Select an featured image to represent the term. This can then be used in dynamic data and post cards.' in file class-avada-taxonomy-meta.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are Avada, the-events-calendar, tribe-events-calendar-pro, woocommerce, bbpress, smile, fusion-builder, themecheck, fusion-core, avada-studio, sermon-manager.
  5. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.
  6. PHP short tags : Presence of PHP short tagsPHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.765: if (preg_match('/^\[(.+?)\]:[ ]*<?(\S+?)>?(?:[ ]+['\'(](.+)['\')])?[ ]*$/', $Line['text'], $matches))
  7. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file admin.css.
  8. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  9. I18N implementation : Proper use of _e(Possible variable $link_to_all found in translation function in list-widget.php. Translation function calls should not contain PHP variables.
  10. I18N implementation : Proper use of esc_attr_e(Possible variable $link_to_all found in translation function in list-widget.php. Translation function calls should not contain PHP variables.
  11. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in class-avada-head.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  6. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  7. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : custom-functions.php 340: // We use include() instead of get_template_part() to pass the $name.353: // We use include() instead of get_template_part() to pass the $id.366: // We use include() instead of get_template_part() to pass the $term. If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : class-fusion-settings.php 687: include_once 'class-fusion-multilingual.php'; If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : class-user-agent-info.php 674: * The platform section will include 'Mobile' for phones and 'Tablet' for tablets. If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : field_button_set.php 46: * ['format'] string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : framework.php 381: // require_once 'core/dashboard.php';385: // require_once 'core/newsflash.php'; If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : class-fusion-cache.php 210: include_once 'class-fusion-settings.php';235: include_once 'class-fusion-settings.php'; If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : metaboxes.php 437: include 'options/options_es.php';446: include 'options/options_slide.php'; If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes