0
Validation results

Wavo

Wavo

WordPress 6.7 theme
0
  • THEME TYPEWordPress theme 6.7
  • FILE NAMEwavo.zip
  • FILE SIZE8929790 bytes
  • MD56cae01ecf911f292e242571bd2561624
  • SHA1b72955024fe3f92ccd1f36ef6231c736a1239976
  • LICENSEGNU GPL 3
  • FILES INCLUDEDCSS, PHP, XML, Bitmap images, Adobe Illustrator
  • THEME URIhttp://ninetheme.com/
  • VERSION2.0.6
  • AUTHOR URI
  • TAGScustom-colors, custom-menu, editor-style, featured-images, post-formats, threaded-comments, translation-ready
  • CREATION DATE2021-10-27
  • LAST FILE UPDATE2021-10-27
  • LAST VALIDATION2021-10-27 16:35
  • OTHER VERSIONS

    1.1.8 : 15%

This theme seems to be proprietary. Themecheck doesn't distribute commercial themes.
Critical alerts
  1. Security breaches : Use of base64_decode() Found base64_decode in file class-merlin-option-tree-importer.php. 31: $decoded = base64_decode( $wp_filesystem->get_contents( $local_file ) );
  2. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fwww.facebook.com%2F9theme&width=120&layout=button&action=like&size=small&share=true&height=65&appId=433796757824092" width="160" height="65" style="border:none;overflow:hidden" scrolling="no" frameborder="0" allowfullscreen="true" allow="autoplay; clipboard-write; encrypted-media; picture-in-picture; web-share"> in file admin-menu.php. 96: <iframe src='https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fw
  3. Malware : Operations on file system file_get_contents was found in the file class-merlin-widget-importer.php 74: $data = file_get_contents( $file );file_get_contents was found in the file class-merlin-customizer-importer.php 62: $raw = file_get_contents( $import_file_path );file_get_contents was found in the file class-merlin-cptui-importer.php 25: $cptui_raw_data = file_get_contents( $import_data[0]['cpt_file_url'] );31: $cptui_tax_data = file_get_contents( $import_data[0]['tax_file_url'] );file_get_contents was found in the file class-merlin-cptui-importer.php 25: $cptui_raw_data = file_get_contents( $import_data[0]['cpt_file_url'] );31: $cptui_tax_data = file_get_contents( $import_data[0]['tax_file_url'] );file_get_contents was found in the file class-merlin-redux-importer.php 25: $redux_options_raw_data = file_get_contents( $redux_item['file_path'] );file_put_contents was found in the file class-merlin-downloader.php 42: $saved_file = file_put_contents( $this->download_directory_path . $filename, $content );
  4. Admin menu : Themes should use add_theme_page() for adding admin pages. File class-merlin.php : 415: $this->hook_suffix = add_submenu_page(File admin-menu.php : 24: add_menu_page( $parent_title, $parent_title, $capability, $parent_slug, $maFile admin-menu.php : 25: add_submenu_page( $parent_slug, $parent_title, $parent_title, $capability, 30: add_submenu_page( $parent_slug, $sub_title1, $sub_title1, $capability, $sub31: add_submenu_page( $parent_slug, $sub_title2, $sub_title2, $capability, $subFile admin-menu.php : 25: add_submenu_page( $parent_slug, $parent_title, $parent_title, $capability, 30: add_submenu_page( $parent_slug, $sub_title1, $sub_title1, $capability, $sub31: add_submenu_page( $parent_slug, $sub_title2, $sub_title2, $capability, $subFile admin-menu.php : 25: add_submenu_page( $parent_slug, $parent_title, $parent_title, $capability, 30: add_submenu_page( $parent_slug, $sub_title1, $sub_title1, $capability, $sub31: add_submenu_page( $parent_slug, $sub_title2, $sub_title2, $capability, $subFile options.php : 64: // For a full list of options, visit: http://codex.wordpress.org/Function_Reference/add_submenu_page#ParametersFile class-tgm-plugin-activation.php : 764: $this->page_hook = call_user_func( 'add_submenu_page', $args['parent_slug'], $args['page_title'], $args['menu_t
  5. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was wavo-elementor-addons.zip envato-market.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in functions.php. Themes must not deregister core scripts. 113: wp_deregister_script( 'swiper' );
  2. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function __, with the arguments 'Cannot import auto-draft posts' in file WXRImporter.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'merlin-wp' in file class-merlin.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'merlin-wp' in file class-merlin.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'merlin-wp' in file class-merlin.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'merlin-wp' in file class-merlin.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'merlin-wp' in file class-merlin.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments '%1$s done.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments '%1$s done.' in file class-tgm-plugin-activation.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are wavo, wordpress-importer, merlin-wp, wp-merlin, tgmpa.
  3. Plugin territory : Plugin territory functionalitiesThe theme uses the register_taxonomy() function, which is plugin-territory functionality.
  4. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file update.css.
  5. I18N implementation : Proper use of ___all(Possible variable $output found in translation function in class-merlin.php. Translation function calls should not contain PHP variables. Possible variable $output found in translation function in class-merlin.php. Translation function calls should not contain PHP variables. Possible variable $output found in translation function in class-merlin.php. Translation function calls should not contain PHP variables. Possible variable $output found in translation function in class-merlin.php. Translation function calls should not contain PHP variables. Possible variable $output found in translation function in class-merlin.php. Translation function calls should not contain PHP variables.
  6. I18N implementation : Proper use of esc_html___all(Possible variable $output found in translation function in class-merlin.php. Translation function calls should not contain PHP variables. Possible variable $output found in translation function in class-merlin.php. Translation function calls should not contain PHP variables. Possible variable $output found in translation function in class-merlin.php. Translation function calls should not contain PHP variables. Possible variable $output found in translation function in class-merlin.php. Translation function calls should not contain PHP variables. Possible variable $output found in translation function in class-merlin.php. Translation function calls should not contain PHP variables.
  7. Date and time implementation : Use of the_time()At least one hard coded date was found in the file post-formats.php. Function get_option( 'date_format' ) should be used instead.
  8. Screenshot : Screenshot fileScreenshot is wrong size! Detected: 1201x901px. Maximum allowed size is 1200x900px.Screenshot dimensions are wrong! Detected: 1201x901px (1201:901). Ratio of width to height should be 4:3.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file class-merlin.php.1002: <p class='server_check_notice step_welcome'><?php echo sprintf( __( '%sAdjust your settings%s, or proceed with caution :(', 'wavo' ), '<a href='https://ninetheme.com/docs/wordpress-server-requirements/' target='_blank'>Possible hard-coded links were found in the file admin-menu.php.97: <a href='https://twitter.com/nine_theme' class='twitter-follow-button' data-show-cou103: <a class='s-link' target='_blank' href='https://twitter.com/nine_theme'><span class='dashicons dashicons-twitter'><
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  6. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  7. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  8. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  9. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  10. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  11. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  12. Use of includes : Use of include or requireThe theme appears to use include or require : class-merlin-customizer-importer.php 171: require_once( ABSPATH . 'wp-admin/includes/media.php' );172: require_once( ABSPATH . 'wp-admin/includes/file.php' );173: require_once( ABSPATH . 'wp-admin/includes/image.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : class-merlin-option-tree-importer.php 26: require_once ( ABSPATH . '/wp-admin/includes/file.php' ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.The theme appears to use include or require : loader.php 22: require_once( $class_file ); If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes
12

WordPress 6.7 theme

98

WordPress 6.7 theme

74

WordPress 6.7 theme