0
Validation results

Avada

Avada

WordPress 6.7 theme
0
  • THEME TYPEWordPress theme 6.7
  • FILE NAMEAvada-NULLED.zip
  • FILE SIZE5409412 bytes
  • MD594f6c48c93a649246246f19d3d01282f
  • SHA1064fe7b5696e804220a1a139e8510dd50fabd089
  • LICENSECustom
  • FILES INCLUDEDCSS, PHP, HTML, XML, Bitmap images, Adobe Illustrator, RTF
  • THEME URIhttp://avada.theme-fusion.com/
  • VERSION5.1.5
  • CREATION DATE2019-05-16
  • LAST FILE UPDATE2019-05-16
  • LAST VALIDATION2019-05-16 10:46
This theme seems to be proprietary. Themecheck doesn't distribute commercial themes.
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Title : Title The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  3. Security breaches : Use of PHP sytem calls Found ->exec in file CurlPost.php. 83: $response = $this->curl->exec($handle);
  4. Security breaches : Modification of PHP server settings Found ini_set in file importer.php. 55: @ini_set( 'max_execution_time', 300 );58: @ini_set( 'memory_limit', '512M' );Found ini_set in file class-avada-migrate.php. 131: @ini_set( 'memory_limit', '256M' );
  5. Security breaches : Use of base64_decode() Found base64_decode in file class-fusion-patcher-client.php. 122: $args['reference'] = base64_decode( $args['reference'] );Found base64_decode in file class-fusion-patcher-apply-patch.php. 88: $setting = (array) json_decode( base64_decode( $setting ) );
  6. Security breaches : Use of base64_encode() Found base64_encode in file class-fusion-widget-tweets.php.
     $to_send     = base64_encode( $credentials );
    Found base64_encode in file class-fusion-patcher-admin-screen.php.
     return base64_encode( wp_json_encode( $patches ) );
  7. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe width="1120" height="630" src="https://www.youtube.com/embed/X92mpPz1COM?rel=0" frameborder="0" allowfullscreen> in file welcome.php. 22: <iframe width='1120' height='630' src='https://www.youtube.com/embed/X92mpP
  8. Malware : Operations on file system fopen was found in the file class.fusionredux_helpers.php 631: //$fp = fopen( $file, 'r' );fread was found in the file class.fusionredux_helpers.php 634: //$file_data = fread( $fp, 8192 );fclose was found in the file class.fusionredux_helpers.php 637: //fclose( $fp );fwrite was found in the file SocketPost.php 104: $this->socket->fwrite($request);fclose was found in the file SocketPost.php 111: $this->socket->fclose();file_get_contents was found in the file Post.php 68: $contents = file_get_contents(self::SITE_VERIFY_URL, false, $context);fwrite was found in the file Socket.php 59: * fwrite61: * @see http://php.net/fwrite66: public function fwrite($string, $length = null)68: return fwrite($this->handle, $string, (is_null($length) ? strlen($string) : $lengtfwrite was found in the file Socket.php 59: * fwrite61: * @see http://php.net/fwrite66: public function fwrite($string, $length = null)68: return fwrite($this->handle, $string, (is_null($length) ? strlen($string) : $lengtfclose was found in the file Socket.php 95: * fclose97: * @see http://php.net/fclose100: public function fclose()102: return fclose($this->handle);fclose was found in the file Socket.php 95: * fclose97: * @see http://php.net/fclose100: public function fclose()102: return fclose($this->handle);file_get_contents was found in the file parsers.php 69: $success = $dom->loadXML( file_get_contents( $file ) );301: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {file_get_contents was found in the file parsers.php 69: $success = $dom->loadXML( file_get_contents( $file ) );301: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {fopen was found in the file parsers.php 449: $fp = $this->fopen( $file, 'r' );675: function fopen( $filename, $mode = 'r' ) {678: return fopen( $filename, $mode );fclose was found in the file parsers.php 498: $this->fclose($fp);693: function fclose( $fp ) {696: return fclose( $fp );fopen was found in the file parsers.php 449: $fp = $this->fopen( $file, 'r' );675: function fopen( $filename, $mode = 'r' ) {678: return fopen( $filename, $mode );fopen was found in the file parsers.php 449: $fp = $this->fopen( $file, 'r' );675: function fopen( $filename, $mode = 'r' ) {678: return fopen( $filename, $mode );fclose was found in the file parsers.php 498: $this->fclose($fp);693: function fclose( $fp ) {696: return fclose( $fp );fclose was found in the file parsers.php 498: $this->fclose($fp);693: function fclose( $fp ) {696: return fclose( $fp );file_get_contents was found in the file importer.php 257: $theme_options_json = file_get_contents( $theme_options_file );285: $widgets_json = file_get_contents( $widgets_json );file_get_contents was found in the file importer.php 257: $theme_options_json = file_get_contents( $theme_options_file );285: $widgets_json = file_get_contents( $widgets_json );file_get_contents was found in the file class-avada-importer-data.php 112: $demos = file_get_contents( Avada::$template_dir_path . '/includes/plugins/importer/file_get_contents was found in the file avada-functions.php 758: $try_file_get_contents = false;782: // Try file_get_contents if body is empty.785: $body = @file_get_contents( $url );fopen was found in the file avada-functions.php 784: if ( function_exists( 'ini_get' ) && ini_get( 'allow_url_fopen' ) ) {804: $fp = @fopen( $file_path, 'w' );fwrite was found in the file avada-functions.php 801: // If the attempt to write to the file failed, then fallback to fwrite.806: $written = @fwrite( $fp, $body );fclose was found in the file avada-functions.php 807: @fclose( $fp );file_get_contents was found in the file class-avada-migrate.php 572: $debug_content = file_get_contents( $debug_file_path );file_put_contents was found in the file class-avada-migrate.php 576: file_put_contents( $debug_file_path, $debug_content );
  9. Malware : Network operations curl_init was found in the file Curl.php 36: * @see http://php.net/curl_init42: return curl_init($url);curl_exec was found in the file Curl.php 57: * @see http://php.net/curl_exec63: return curl_exec($ch);fsockopen was found in the file SocketPost.php 33: * Sends a POST request to the reCAPTCHA service, but makes use of fsockopen()91: if (false === $this->socket->fsockopen('ssl://' . self::RECAPTCHA_HOST, 443, $errno, $errstr, 30)) {fsockopen was found in the file SocketPost.php 33: * Sends a POST request to the reCAPTCHA service, but makes use of fsockopen()91: if (false === $this->socket->fsockopen('ssl://' . self::RECAPTCHA_HOST, 443, $errno, $errstr, 30)) {fsockopen was found in the file Socket.php 38: * fsockopen40: * @see http://php.net/fsockopen48: public function fsockopen($hostname, $port = -1, &$errno = 0, &$errstr = '', $timeout = nul50: $this->handle = fsockopen($hostname, $port, $errno, $errstr, (is_null($timeout) ? ini_get('fsockopen was found in the file Socket.php 38: * fsockopen40: * @see http://php.net/fsockopen48: public function fsockopen($hostname, $port = -1, &$errno = 0, &$errstr = '', $timeout = nul50: $this->handle = fsockopen($hostname, $port, $errno, $errstr, (is_null($timeout) ? ini_get('
  10. Admin menu : Themes should use add_theme_page() for adding admin pages. File class-avada-admin.php : 408: $avada_menu_page_creation_method = 'add_menu_page';File class-avada-admin.php : 409: $avada_submenu_page_creation_method = 'add_submenu_page';File class-avada-avadaredux.php : 227: add_submenu_page( 'themes.php', __( 'Avada Options have moved!', 'Avada' ),File class-fusion-patcher-admin-screen.php : 142: add_submenu_page(File framework.php : 1344: // wrappers and need to be appened to using add_submenu_page.1395: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission1453: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['tFile framework.php : 1344: // wrappers and need to be appened to using add_submenu_page.1395: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission1453: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['tFile framework.php : 1421: $this->page = call_user_func( 'add_menu_page', $this->args['page_title'], $this->args['menu_title'], $thisFile framework.php : 1344: // wrappers and need to be appened to using add_submenu_page.1395: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission1453: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['tFile welcome.php : 163: $page = 'add_management_page';File framework.php : 1344: // wrappers and need to be appened to using add_submenu_page.1395: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission1453: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['tFile framework.php : 1344: // wrappers and need to be appened to using add_submenu_page.1395: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission1453: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['tFile framework.php : 1421: $this->page = call_user_func( 'add_menu_page', $this->args['page_title'], $this->args['menu_title'], $thisFile framework.php : 1344: // wrappers and need to be appened to using add_submenu_page.1395: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission1453: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['tFile class-avada-layout-bbpress.php : 47: add_action( 'bbp_template_before_search', array( $this, 'add_search_page_search_form' ) );134: public function add_search_page_search_form() {
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts. 562: wp_deregister_script( 'wpb_ace' );Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts. 215: wp_deregister_script( 'jquerySelect3' );Found wp_deregister_script in framework.php. Themes must not deregister core scripts. 562: wp_deregister_script( 'wpb_ace' );Found wp_deregister_script in metaboxes.php. Themes must not deregister core scripts. 91: wp_deregister_script( 'yoast-seo-select2' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is avada.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file list-widget.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments 'View 1 %1$s', 'View All %2$s %3$s', total_events, 'the-events-calendar' in file single-day.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Avada' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Avada' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments '&mdash; Select &mdash;' in file class-fusion-widget-menu.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux localization utilities', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux Resting Diles', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux Code Styles', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux Unit Testing', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux Plugin File', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'FusionRedux Boostrap Tests', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'CI Testing FIle', themecheck, 'Avada' in file full_package.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'PHP Unit Testing', themecheck, 'Avada' in file full_package.php.Found a translation function that is missing a text-domain. Function esc_attr__, with the arguments 'All Demos' in file demos.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are Avada, woocommerce, the-events-calendar, tribe-events-calendar-pro, total_events, fusion-builder, tgmpa, fusionredux-framework, themecheck, sermon-manager, bbpress, wordpress-importer.
  5. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  6. PHP short tags : Presence of PHP short tagsPHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.765: if (preg_match('/^\[(.+?)\]:[ ]*<?(\S+?)>?(?:[ ]+['\'(](.+)['\')])?[ ]*$/', $Line['text'], $matches))
  7. Line endings consistency : Both DOS and UNIX style line endingsFound a mix of \r\n and \n line endings in file changelog.txt.
  8. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file style.min.css.
  9. Comment pagination : Declaration of comment paginationThe theme doesn't have comment pagination code in it. Use paginate_comments_links() to add comment pagination, or older previous_comments_link() and next_comments_link() functions.
  10. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  11. I18N implementation : Proper use of _e(Possible variable $link_to_all found in translation function in list-widget.php. Translation function calls should not contain PHP variables.
  12. I18N implementation : Proper use of esc_attr_e(Possible variable $link_to_all found in translation function in list-widget.php. Translation function calls should not contain PHP variables.
  13. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  8. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  9. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  10. Use of includes : Use of include or requireThe theme appears to use include or require : framework.php 410: // require_once 'core/dashboard.php';414: // require_once 'core/newsflash.php'; If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : field_button_set.php 46: * ['format'] string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : framework.php 410: // require_once 'core/dashboard.php';414: // require_once 'core/newsflash.php'; If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : metaboxes.php 258: include 'options/options_es.php';267: include 'options/options_slide.php'; If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes