0
Validation results

JNews

JNews

WordPress 6.7 theme
0
This theme seems to be proprietary. Themecheck doesn't distribute commercial themes.
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file class-customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Security breaches : Use of base64_encode() Found base64_encode in file HmacSha1.php. 
     return base64_encode(hash_hmac('sha1', $signatureBase, $key, true));
    Found base64_encode in file TwitterOAuth.php. 
     $parameters['media'] = base64_encode($file);
     'media_data' => base64_encode(fread($media, $this->chunkSize))
     return base64_encode($key . ':' . $secret);
  3. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src=\"//www.youtube.com/embed/" . $video_id . "?showinfo=1" . $autoplay . "&amp;autohide=1&amp;rel=0&amp;wmode=opaque\" allowfullscreen=\"\" height=\"500\" width=\"700\"> in file Element_Videoplaylist_View.php. 52: <iframe src=\'//www.youtube.com/embed/' . $video_id . '?showinfo=1' . $autoFound <iframe src=\"//www.youtube.com/embed/" . $video_id . "?showinfo=1" . $autoplay . "&amp;autohide=1&amp;rel=0&amp;wmode=opaque\" allowfullscreen=\"\" height=\"500\" width=\"700\"> in file Element_Embedplaylist_View.php. 194: <iframe src=\'//www.youtube.com/embed/' . $video_id . '?showinfo=1' . $auto
  4. Malware : Operations on file system file_put_contents was found in the file class-style-generator.php 381: if ( file_put_contents( $file_path, $styles ) ) {file_get_contents was found in the file TwitterOAuth.php 296: ($file = file_get_contents($parameters['media'])) === false) {fopen was found in the file TwitterOAuth.php 316: $media = fopen($parameters['media'], 'rb');fread was found in the file TwitterOAuth.php 322: 'media_data' => base64_encode(fread($media, $this->chunkSize))fclose was found in the file TwitterOAuth.php 325: fclose($media);
  5. Malware : Network operations curl_init was found in the file TwitterOAuth.php 545: $curlHandle = curl_init();curl_exec was found in the file TwitterOAuth.php 547: $response = curl_exec($curlHandle);
  6. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was jnews-like.zip jnews-customizer-category.zip jnews-migration-sahifa.zip jnews-demo-elementor.zip revslider.zip jnews-migration-newspaper.zip jnews-food-recipe.zip jnews-meta-header.zip jnews-push-notification.zip jnews-migration-publisher.zip jnews-migration-soledad.zip jnews-auto-load-post.zip jnews-front-translation.zip jnews-frontend-submit.zip jnews-review.zip waspthemes-yellow-pencil.zip jnews-instagram.zip jnews-jsonld.zip jnews-split.zip jnews-social-share.zip jnews-option-category.zip jnews-amp.zip elementor.zip jnews-essential.zip jnews-social-login.zip js_composer.zip jnews-migration-jmagz.zip jnews-weather.zip jnews-view-counter.zip jnews-migration-newsmag.zip jnews-migration-jannah.zip jnews-gallery.zip jnews-breadcrumb.zip jnews-gutenberg.zip vafpress-post-formats-ui-develop.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in ModuleElementor.php. Themes must not deregister core scripts. 196: wp_deregister_script('elementor-editor');
  2. Text domain : Incorrect use of translation functions.Found a translation function that has an incorrect number of arguments. Function esc_html__, with the arguments 'Insert ids of ', that you want to include as filter and separate them by comma (Ex: 12,34,56)., 'jnews' in file ModuleOptionAbstract.php.Found a translation function that is missing a text-domain. Function _x, with the arguments 'Y', 'yearly archives date format' in file Archive_Title_View.php.Found a translation function that is missing a text-domain. Function _x, with the arguments 'F Y', 'monthly archives date format' in file Archive_Title_View.php.Found a translation function that is missing a text-domain. Function _x, with the arguments 'F j, Y', 'daily archives date format' in file Archive_Title_View.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'This feature disabled when you enabling <strong>JNews - Auto Load Next Post Plugin.</strong>' in file single_video_following.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file multiauthor.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file multicategory.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file singlecategory.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file multitag.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Clear' in file class-form-builder.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Default' in file class-form-builder.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Select Color' in file class-form-builder.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Current Color' in file class-form-builder.php.Found a translation function that has an incorrect number of arguments. Function esc_attr_e, with the arguments 'position-sidebar', , 'sticky-sidebar' in file archive-sidebar.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'width-sidebar' in file archive-sidebar.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are jnews, helper, name, that you want to include as filter and separate them by comma (Ex: 12,34,56)., jnews-auto-load-post, jnews_dark_mode_section, js_composer, elementor, jeg, .
  3. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.
  4. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file main.css.
  5. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  6. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  7. I18N implementation : Proper use of _e(Possible variable $ajax_class found in translation function in multiauthor.php. Translation function calls should not contain PHP variables. Possible variable $ajax_class found in translation function in multicategory.php. Translation function calls should not contain PHP variables. Possible variable $ajax_class found in translation function in singlecategory.php. Translation function calls should not contain PHP variables. Possible variable $ajax_class found in translation function in multitag.php. Translation function calls should not contain PHP variables. Possible variable $sidebar found in translation function in archive-sidebar.php. Translation function calls should not contain PHP variables. Possible variable $sidebar found in translation function in archive-sidebar.php. Translation function calls should not contain PHP variables.
  8. I18N implementation : Proper use of ___all(Possible variable $value found in translation function in ModuleOptionAbstract.php. Translation function calls should not contain PHP variables.
  9. I18N implementation : Proper use of esc_attr_e(Possible variable $ajax_class found in translation function in multiauthor.php. Translation function calls should not contain PHP variables. Possible variable $ajax_class found in translation function in multicategory.php. Translation function calls should not contain PHP variables. Possible variable $ajax_class found in translation function in singlecategory.php. Translation function calls should not contain PHP variables. Possible variable $ajax_class found in translation function in multitag.php. Translation function calls should not contain PHP variables. Possible variable $sidebar found in translation function in archive-sidebar.php. Translation function calls should not contain PHP variables. Possible variable $sidebar found in translation function in archive-sidebar.php. Translation function calls should not contain PHP variables.
  10. I18N implementation : Proper use of esc_html___all(Possible variable $value found in translation function in ModuleOptionAbstract.php. Translation function calls should not contain PHP variables.
  11. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  5. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  6. Use of includes : Use of include or requireThe theme appears to use include or require : ModuleVC.php 586: require_once (ABSPATH . '/wp-admin/includes/file.php'); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : ModuleOptionAbstract.php 123: include_once 'modules-container.php'; If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : ModuleManager.php 188: If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : SingleArchiveTemplate.php 261: If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : ArchiveBuilder.php 106: If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : VideoThumbnail.php 224: require_once( ABSPATH . 'wp-admin/includes/image.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : FooterBuilder.php 435: If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : SinglePostTemplate.php 79: If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : bootstrap.php 21: require_once 'autoload.php';22: require_once 'util/framework-helper.php'; If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : bootstrap.php 9: require_once 'constant.php';14: require_once 'autoload.php';30: require_once($datasource); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes
0

WordPress 6.7 theme

54

WordPress 6.7 theme

74

WordPress 6.7 theme