0
Validation results

soledad

soledad

WordPress 6.6.2 theme
0
This theme seems to be proprietary. Themecheck doesn't distribute commercial themes.
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file Setting.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Security breaches : Use of base64_decode() Found base64_decode in file counter-instagram-api.php. 64: $cleaned = $parts[0] . '.' . base64_decode( $parts[1] ) . '.' . base64_decode( $last_part );Found base64_decode in file instagram.php. 556: $cleaned = $parts[0] . '.' . base64_decode( $parts[1] ) . '.' . base64_decode( $last_part );
  3. Security breaches : Use of base64_encode() Found base64_encode in file twitter-client.php.
     $this->args['oauth_signature'] = base64_encode( hash_hmac( 'sha1', $str, $key, true ) );
  4. Unwanted files : hidden file(s) or folder(s) .gitignore .babelrc was found.
  5. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe class="penci-video-frame" id="video-<?php echo esc_attr( $rand_video_list ) ?>-1" src="<?php echo esc_attr( $video['id'] ) ?> in file video_playlist.php. 92: <iframe class='penci-video-frame' id='video-<?php echo esc_attr( $rand_videFound <iframe class="penci-video-frame" id="video-<?php echo esc_attr( $rand_video_list ) ?>-1" src="<?php echo esc_attr( $video['id'] ) ?> in file penci-video-playlist.php. 513: <iframe class='penci-video-frame' id='video-<?php echo esc_attr( $rand_videFound <iframe class="penci-video-frame" id="video-<?php echo esc_attr( $rand_video_list ) ?>-1" src="<?php echo esc_attr( $video['id'] ) ?> in file frontend.php. 49: <iframe class='penci-video-frame' id='video-<?php echo esc_attr( $rand_vide
  6. Malware : Network operations curl_init was found in the file twitter-client.php 377: $ch = curl_init();curl_exec was found in the file twitter-client.php 404: $response = curl_exec( $ch );407: $response = curl_exec($ch);curl_exec was found in the file twitter-client.php 404: $response = curl_exec( $ch );407: $response = curl_exec($ch);
  7. Admin menu : Themes should use add_theme_page() for adding admin pages. File require-activation.php : 37: add_action('admin_menu', array($this, 'add_submenu_page'), 15);68: function add_submenu_page(){73: add_submenu_page( 'soledad_dashboard_welcome',File require-activation.php : 37: add_action('admin_menu', array($this, 'add_submenu_page'), 15);68: function add_submenu_page(){73: add_submenu_page( 'soledad_dashboard_welcome',File Factory.php : 35: 'icon_url' => '', // Icon URL. @see add_menu_page().36: 'position' => null, // Menu position. @see add_menu_page().File Factory.php : 35: 'icon_url' => '', // Icon URL. @see add_menu_page().36: 'position' => null, // Menu position. @see add_menu_page().File SettingsPage.php : 21: $this->page_hook = add_menu_page(File SettingsPage.php : 33: add_submenu_page(44: $this->page_hook = add_submenu_page(File SettingsPage.php : 33: add_submenu_page(44: $this->page_hook = add_submenu_page(File settings.php : 63: add_action( $admin_menu_hook, array( $this, 'add_settings_page' ), 90 );69: public function add_settings_page() {File settings.php : 73: $page_hook = add_submenu_page(File about.php : 68: add_menu_page(File about.php : 83: $about = add_submenu_page(File class-penci-dashboard.php : 58: add_menu_page( $wel_page_title, $wel_page_title, 'manage_options', 'soledadFile class-penci-dashboard.php : 59: add_submenu_page( 'soledad_dashboard_welcome', esc_html__( 'Custom fonts', File class-tgm-plugin-activation.php : 619: $this->page_hook = call_user_func( 'add_submenu_page', $args['parent_slug'], $args['page_title'], $args['menu_t
Warning
  1. special URIs : Presence of bad theme tagsTheme URI and Author URI should not be the same.
  2. theme tags : Presence of bad theme tagsThe tag black has been deprecated, it must be removed from style.css header.The tag green has been deprecated, it must be removed from style.css header.The tag white has been deprecated, it must be removed from style.css header.The tag light has been deprecated, it must be removed from style.css header.The tag fluid-layout has been deprecated, it must be removed from style.css header.The tag responsive-layout has been deprecated, it must be removed from style.css header.
  3. Text domain : Incorrect use of translation functions.Found a translation function that has an incorrect number of arguments. Function esc_html__, with the arguments 'Invalid pinterest data for <strong>', </strong> please check the <em>user/board_id</em>, 'soledad' in file pinterest_widget.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'There is no excerpt because this is a protected post.' in file excerpt.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Empty post id, Enter post Id' in file index.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Empty post id, Enter post Id' in file index.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Author' in file register.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Date' in file register.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Min Read' in file register.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Comments' in file register.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Post Count Views' in file register.php.Found a translation function that is missing a text-domain. Function _e, with the arguments 'No image selected' in file fields.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'Select' in file fields.php.Found a translation function that is missing a text-domain. Function esc_html_e, with the arguments 'Remove' in file fields.php.Found a translation function that is missing a text-domain. Function _e, with the arguments 'View your shopping cart' in file cart-icon.php.Found a translation function that is missing a text-domain. Function _n, with the arguments '%d', '%d' in file cart-icon.php.Found a translation function that is missing a text-domain. Function _n, with the arguments '%d', '%d' in file functions.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are soledad, </strong> please check the <em>user/board_id</em>, mb-settings-page, meta-box, falcon, twentyseventeen, elementor, penci-framework, elementor-pro, js_composer, pennews, ultimate_vc, smile, bbpress, tgmpa.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. Unwanted directories : GIT revision control directoryA.git was found.
  6. PHP short tags : Presence of PHP short tagsPHP short tags were found in file SettingsPage.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.70: <div class='<?= esc_attr( $class ) ?>'>71: <h1><?= esc_html( get_admin_page_title() ) ?></h1>84: <div id='post-body' class='metabox-holder columns-<?= intval( $this->columns ); ?>'>PHP short tags were found in file twitter-client.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.310: if( 0 === strpos($body, '<?') ){
  7. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file style.css.
  8. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  9. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  10. I18N implementation : Proper use of ___all(Possible variable $username found in translation function in pinterest_widget.php. Translation function calls should not contain PHP variables.
  11. I18N implementation : Proper use of esc_html___all(Possible variable $username found in translation function in pinterest_widget.php. Translation function calls should not contain PHP variables.
  12. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file pinterest_widget.php.334: <p class='description' style='padding: 0; margin-bottom: 13px;'>Example if you want to load a board has url <strong style='color: #ff0000;'><a href='https://www.pinterest.com/thefirstmess/animals-cuteness' target='_blank'>htPossible hard-coded links were found in the file require-activation.php.184: <li>Please make sure you followed all the steps as above - if you did it and still can't activate the theme - please create a new ticket on <a href='https://pencidesign.ticksy.com/' target='_blank'>our support forum</a> or <Possible hard-coded links were found in the file about.php.56: $links[] = '<a href='https://metabox.io/pricing/' style='color: #39b54a; font-weight: bold'>' . Possible hard-coded links were found in the file products.php.16: <p><a href='https://wpslimseo.com?utm_source=WordPress&utm_medium=link&utm_campaign=met17: <p><a href='https://gretathemes.com/wordpress-themes/estar/?utm_source=WordPress&utm_mePossible hard-coded links were found in the file extensions.php.124: <a href='https://metabox.io/plugins/?utm_source=WordPress&utm_medium=link&utm_campaiPossible hard-coded links were found in the file core.php.38: $links[] = '<a href='https://docs.metabox.io'>' . esc_html__( 'Docs', 'meta-box' ) . '</a>';Possible hard-coded links were found in the file admin-options.php.85: 'desc' => 'Please go to <a href='https://smashballoon.com/custom-facebook-feed/access-token/' target='_blank309: 'desc' => 'Please enter the instagram Access Token.You can get this information from <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesignPossible hard-coded links were found in the file penci-instagram.php.75: 'description' => 'Please fill the Instagram Access Token here. You can get Instagram Access Token via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesign86: 'description' => 'Please enter the User ID for this Profile ( Eg: 123456789987654321 ). You can get User ID via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesign75: 'description' => 'Please fill the Instagram Access Token here. You can get Instagram Access Token via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesign86: 'description' => 'Please enter the User ID for this Profile ( Eg: 123456789987654321 ). You can get User ID via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesignPossible hard-coded links were found in the file penci-pintersest.php.45: 'description' => 'Example if you want to load a board has url <strong style='color: #ff0000;'><a href='https://www.pinterest.com/thefirstmess/animals-cuteness' target='_blank'>htPossible hard-coded links were found in the file settings.php.36: 'description' => 'Please fill the Instagram Access Token here. You can get Instagram Access Token via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesign43: 'description' => 'Please enter the User ID for this Profile ( Eg: 123456789987654321 ). You can get User ID via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesign36: 'description' => 'Please fill the Instagram Access Token here. You can get Instagram Access Token via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesign43: 'description' => 'Please enter the User ID for this Profile ( Eg: 123456789987654321 ). You can get User ID via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesignPossible hard-coded links were found in the file settings.php.20: 'description' => 'Example if you want to load a board has url <strong style='color: #ff0000;'><a href='https://www.pinterest.com/thefirstmess/animals-cuteness' target='_blank'>htPossible hard-coded links were found in the file widget.php.133: <span class='penci-description'>Please fill the Instagram Access Token here. You can get Instagram Access Token via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesign138: <span class='penci-description'>Please enter the User ID for this Profile ( Eg: 123456789987654321 ) You can get User ID via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesign133: <span class='penci-description'>Please fill the Instagram Access Token here. You can get Instagram Access Token via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesign138: <span class='penci-description'>Please enter the User ID for this Profile ( Eg: 123456789987654321 ) You can get User ID via <a href='http://pencidesign.com/penci_instagram/' target='_blank'>http://pencidesignPossible hard-coded links were found in the file settings.php.706: 'description' => 'Please go to <a href='https://developers.google.com/youtube/v3/getting-started?hl=en' target='_bl
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  6. Use of includes : Use of include or requireThe theme appears to use include or require : index.php 82: include( locate_template( 'content-' . $layout_this . '.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : tag.php 89: include( locate_template( 'content-' . $layout_this . '.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-standard-boxed-1.php 17: include( locate_template( 'content-standard.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : author.php 93: include( locate_template( 'content-' . $layout_this . '.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-standard-grid.php 17: include( locate_template( 'content-standard.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : archive.php 123: include( locate_template( 'content-' . $layout_this . '.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : loader.php 71: include( $filename ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : js_composer.php 68: If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : register.php 783: include( trailingslashit( get_template_directory() ) . 'inc/js_composer/par If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : instagram.php 5: include( trailingslashit( get_template_directory() ) . 'inc/instagram/widge If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : featured-categories.php 108: include( locate_template( 'inc/modules/magazine-' . $cat_layout . '.php' ) If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : penci-walker.php 25: include_once( trailingslashit( get_template_directory() ). 'inc/modules/pen If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : custom-css.php 16: require_once( $root . '/wp-load.php' );18: require_once( $root2 . '/wp-load.php' );20: require_once( $root3 . '/wp-load.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : search.php 84: include( locate_template( 'content-' . $layout_this . '.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-classic-boxed-1.php 17: include( locate_template( 'content-classic.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : category.php 124: include( locate_template( 'content-' . $layout_this . '.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-standard-boxed-1.php 16: //include( locate_template( 'template-parts/latest-posts-sc/content-boxed-1.p17: include( locate_template( 'template-parts/latest-posts-sc/content-standard.20: include( locate_template( 'template-parts/latest-posts-sc/content-boxed-1.p If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-standard-grid.php 16: include( locate_template( 'template-parts/latest-posts-sc/content-standard.19: include( locate_template( 'template-parts/latest-posts-sc/content-grid.php' If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-mixed.php 32: include( locate_template( 'template-parts/latest-posts-sc/content-mixed-pos35: include( locate_template( 'template-parts/latest-posts-sc/content-grid.php' If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-mixed-larger.php 11: include( locate_template( 'template-parts/latest-posts-sc/content-mixed-pos14: include( locate_template( 'template-parts/latest-posts-sc/content-grid.php' If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-classic-boxed-1.php 16: //include( locate_template( 'template-parts/latest-posts-sc/content-boxed-1.p17: include( locate_template( 'template-parts/latest-posts-sc/content-classic.p20: include( locate_template( 'template-parts/latest-posts-sc/content-boxed-1.p If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-overlay-grid.php 16: include( locate_template( 'template-parts/latest-posts-sc/content-overlay.p19: include( locate_template( 'template-parts/latest-posts-sc/content-grid.php' If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-classic-grid-2.php 16: include( locate_template( 'template-parts/latest-posts-sc/content-classic.p19: include( locate_template( 'template-parts/latest-posts-sc/content-grid-2.ph If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-standard-grid-2.php 16: include( locate_template( 'template-parts/latest-posts-sc/content-standard.19: include( locate_template( 'template-parts/latest-posts-sc/content-grid-2.ph If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-mixed-2.php 33: include( locate_template( 'template-parts/latest-posts-sc/content-overlay.p36: include( locate_template( 'template-parts/latest-posts-sc/content-grid.php' If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-standard-list.php 16: include( locate_template( 'template-parts/latest-posts-sc/content-standard.19: include( locate_template( 'template-parts/latest-posts-sc/content-list.php' If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-classic-list.php 16: //include( locate_template( 'template-parts/latest-posts-sc/content-boxed-1.p17: include( locate_template( 'template-parts/latest-posts-sc/content-classic.p20: include( locate_template( 'template-parts/latest-posts-sc/content-list.php' If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-classic-grid.php 16: //include( locate_template( 'template-parts/latest-posts-sc/content-boxed-1.p17: include( locate_template( 'template-parts/latest-posts-sc/content-classic.p20: include( locate_template( 'template-parts/latest-posts-sc/content-grid.php' If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-overlay-list.php 16: include( locate_template( 'template-parts/latest-posts-sc/content-overlay.p19: include( locate_template( 'template-parts/latest-posts-sc/content-list.php' If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-classic-grid-2.php 17: include( locate_template( 'content-classic.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-standard-grid-2.php 17: include( locate_template( 'content-standard.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-standard-list.php 17: include( locate_template( 'content-standard.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-classic-list.php 17: include( locate_template( 'content-classic.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : soledad_vc.php 314: include( locate_template( 'template-parts/latest-posts-sc/content-' . $styl659: include( locate_template( 'template-parts/magazine-sc/magazine-' . $style . If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : wp-updates-theme.php 8: require_once('wp-updates-theme.php'); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : template-custom-all-blog-posts.php 167: include( locate_template( 'content-' . $layout_this . '.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : content-classic-grid.php 17: include( locate_template( 'content-classic.php' ) ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes