0
Validation results

Avada

Avada

WordPress 4.8 theme
0
Critical alerts
  1. WPScan Vulnerability Database : This theme is vulnerable to security breach "Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF "
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/8801
  2. Title : Title No reference to add_theme_support( "title-tag" ) was found in the theme.The theme needs to have <title> tags, ideally in the header.php file.The theme needs to have a call to wp_title(), ideally in the header.php file.
  3. Security breaches : Use of base64_decode() Found base64_decode in file functions.interface.php.
    Line 296: $smof_data = unserialize(base64_decode($imported_data)); //100% safe - ignore theme check nag
    Found base64_decode in file importer.php.
    Line 388: $smof_data = unserialize( base64_decode( $theme_options_txt )  );
  4. Security breaches : Use of base64_encode() Found base64_encode in file class.options_machine.php.
     $output .= '<textarea id='export_data' rows='8'>'.base64_encode(serialize($smof_data)) /* 100% safe - ignore theme check nag 
    Found base64_encode in file class-fusion-widget-tweets.php.
     $toSend = base64_encode( $credentials );
  5. Unwanted files : hidden file(s) or folder(s) .ds_store .gitignore .editorconfig was found.
  6. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe frameborder="0" height="100%" width="100%" src="http<?php echo ( is_ssl() ) ? 's' : ''; ?> in file custom_functions.php.
    Line 383: <iframe frameborder='0' height='100%' width='100%' src='http<?php echo ( is
  7. Malware : Operations on file system file_get_contents was found in the file parsers.php
    Line 69: $success = $dom->loadXML( file_get_contents( $file ) );
    Line 273: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    file_get_contents was found in the file parsers.php
    Line 69: $success = $dom->loadXML( file_get_contents( $file ) );
    Line 273: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    fopen was found in the file parsers.php
    Line 421: $fp = $this->fopen( $file, 'r' );
    Line 647: function fopen( $filename, $mode = 'r' ) {
    Line 650: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 470: $this->fclose($fp);
    Line 665: function fclose( $fp ) {
    Line 668: return fclose( $fp );
    fopen was found in the file parsers.php
    Line 421: $fp = $this->fopen( $file, 'r' );
    Line 647: function fopen( $filename, $mode = 'r' ) {
    Line 650: return fopen( $filename, $mode );
    fopen was found in the file parsers.php
    Line 421: $fp = $this->fopen( $file, 'r' );
    Line 647: function fopen( $filename, $mode = 'r' ) {
    Line 650: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 470: $this->fclose($fp);
    Line 665: function fclose( $fp ) {
    Line 668: return fclose( $fp );
    fclose was found in the file parsers.php
    Line 470: $this->fclose($fp);
    Line 665: function fclose( $fp ) {
    Line 668: return fclose( $fp );
    file_get_contents was found in the file importer.php
    Line 387: $theme_options_txt = file_get_contents( $theme_options_txt );
    Line 411: $widgets_json = file_get_contents( $widgets_json );
    Line 502: $content = @file_get_contents($filepath);
    file_get_contents was found in the file importer.php
    Line 387: $theme_options_txt = file_get_contents( $theme_options_txt );
    Line 411: $widgets_json = file_get_contents( $widgets_json );
    Line 502: $content = @file_get_contents($filepath);
    fread was found in the file importer.php
    Line 488: while (!feof($slider_export)) $content .= fread($slider_export, 1024);
    Line 489: if($custom_animations){ while (!feof($custom_animations)) $animations .= fread($custom_animations, 1024); }
    Line 490: if($dynamic_captions){ while (!feof($dynamic_captions)) $dynamic .= fread($dynamic_captions, 1024); }
    Line 491: if($static_captions){ while (!feof($static_captions)) $static .= fread($static_captions, 1024); }
    fread was found in the file importer.php
    Line 488: while (!feof($slider_export)) $content .= fread($slider_export, 1024);
    Line 489: if($custom_animations){ while (!feof($custom_animations)) $animations .= fread($custom_animations, 1024); }
    Line 490: if($dynamic_captions){ while (!feof($dynamic_captions)) $dynamic .= fread($dynamic_captions, 1024); }
    Line 491: if($static_captions){ while (!feof($static_captions)) $static .= fread($static_captions, 1024); }
    fread was found in the file importer.php
    Line 488: while (!feof($slider_export)) $content .= fread($slider_export, 1024);
    Line 489: if($custom_animations){ while (!feof($custom_animations)) $animations .= fread($custom_animations, 1024); }
    Line 490: if($dynamic_captions){ while (!feof($dynamic_captions)) $dynamic .= fread($dynamic_captions, 1024); }
    Line 491: if($static_captions){ while (!feof($static_captions)) $static .= fread($static_captions, 1024); }
    fread was found in the file importer.php
    Line 488: while (!feof($slider_export)) $content .= fread($slider_export, 1024);
    Line 489: if($custom_animations){ while (!feof($custom_animations)) $animations .= fread($custom_animations, 1024); }
    Line 490: if($dynamic_captions){ while (!feof($dynamic_captions)) $dynamic .= fread($dynamic_captions, 1024); }
    Line 491: if($static_captions){ while (!feof($static_captions)) $static .= fread($static_captions, 1024); }
    fclose was found in the file importer.php
    Line 493: fclose($slider_export);
    Line 494: if($custom_animations){ fclose($custom_animations); }
    Line 495: if($dynamic_captions){ fclose($dynamic_captions); }
    Line 496: if($static_captions){ fclose($static_captions); }
    fclose was found in the file importer.php
    Line 493: fclose($slider_export);
    Line 494: if($custom_animations){ fclose($custom_animations); }
    Line 495: if($dynamic_captions){ fclose($dynamic_captions); }
    Line 496: if($static_captions){ fclose($static_captions); }
    fclose was found in the file importer.php
    Line 493: fclose($slider_export);
    Line 494: if($custom_animations){ fclose($custom_animations); }
    Line 495: if($dynamic_captions){ fclose($dynamic_captions); }
    Line 496: if($static_captions){ fclose($static_captions); }
    fclose was found in the file importer.php
    Line 493: fclose($slider_export);
    Line 494: if($custom_animations){ fclose($custom_animations); }
    Line 495: if($dynamic_captions){ fclose($dynamic_captions); }
    Line 496: if($static_captions){ fclose($static_captions); }
    file_get_contents was found in the file importer.php
    Line 387: $theme_options_txt = file_get_contents( $theme_options_txt );
    Line 411: $widgets_json = file_get_contents( $widgets_json );
    Line 502: $content = @file_get_contents($filepath);
    fopen was found in the file class-avada-theme-updater.php
    Line 58: /*$handle = fopen($filename, 'a');
    fwrite was found in the file class-avada-theme-updater.php
    Line 59: fwrite($handle, json_encode($request_string));
    Line 60: fwrite($handle, json_encode($raw_response));*/
    fwrite was found in the file class-avada-theme-updater.php
    Line 59: fwrite($handle, json_encode($request_string));
    Line 60: fwrite($handle, json_encode($raw_response));*/
  8. Admin menu : Themes should use add_theme_page() for adding admin pages. File avada.php :
    Line 163: $avada_menu_page_creation_method    = 'add_menu_page';
    File avada.php :
    Line 164: $avada_submenu_page_creation_method = 'add_submenu_page';
  9. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Line 905: $headers = wp_get_http( $url, $upload['file'] );
  10. Deprecated functions : get_currentuserinfo get_currentuserinfo found in file form-edit-address.php. Deprecated since version 4.5. Use wp_get_current_user instead.
    Line 18: get_currentuserinfo();
    get_currentuserinfo found in file form-edit-address.php. Deprecated since version 4.5. Use wp_get_current_user instead.
    Line 18: get_currentuserinfo();
  11. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was revslider.zip layerslider.zip fusion_slider.zip avada_full_width.zip captions_tall.zip avada_small_slider.zip avada_page_slider.zip layerslider_export_2015-07-10_at_11.44.29.zip fusion-core.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in class-avada-scripts.php. Themes must not deregister core scripts.
    Line 33: wp_deregister_script( 'novagallery_modernizr' );
    Line 37: wp_deregister_script( 'ccgallery_modernizr' );
    Line 49: wp_deregister_script( 'wc-cart-fragments' );
    Line 56: wp_deregister_script( 'bootstrap' );
    Line 60: wp_deregister_script( 'cssua' );
    Line 64: wp_deregister_script( 'easyPieChart' );
    Line 68: wp_deregister_script( 'excanvas' );
    Line 72: wp_deregister_script( 'Froogaloop' );
    Line 76: wp_deregister_script( 'imagesLoaded' );
    Line 80: wp_deregister_script( 'jquery.infinitescroll' );
    Line 84: wp_deregister_script( 'isotope' );
    Line 88: wp_deregister_script( 'jquery.appear' );
    Line 92: wp_deregister_script( 'jquery.touchSwipe' );
    Line 96: wp_deregister_script( 'jquery.carouFredSel' );
    Line 100: wp_deregister_script( 'jquery.countTo' );
    Line 104: wp_deregister_script( 'jquery.cycle' );
    Line 108: wp_deregister_script( 'jquery.easing' );
    Line 112: wp_deregister_script( 'jquery.elasticslider' );
    Line 116: wp_deregister_script( 'jquery.fitvids' );
    Line 120: wp_deregister_script( 'jquery.flexslider' );
    Line 124: wp_deregister_script( 'jquery.fusion_maps' );
    Line 128: wp_deregister_script( 'jquery.hoverflow' );
    Line 132: wp_deregister_script( 'jquery.hoverIntent' );
    Line 136: wp_deregister_script( 'jquery.placeholder' );
    Line 140: wp_deregister_script( 'jquery.toTop' );
    Line 144: wp_deregister_script( 'jquery.waypoints' );
    Line 148: wp_deregister_script( 'modernizr' );
    Line 152: wp_deregister_script( 'jquery.requestAnimationFrame' );
    Line 156: wp_deregister_script( 'jquery.mousewheel' );
    Line 161: wp_deregister_script( 'ilightbox.packed' );
    Line 166: wp_deregister_script( 'avada-lightbox' );
    Line 170: wp_deregister_script( 'avada-header' );
    Line 174: wp_deregister_script( 'avada-select' );
    Line 178: wp_deregister_script( 'avada-parallax' );
    Line 182: wp_deregister_script( 'avada-video-bg' );
    Line 213: wp_deregister_script( 'avada' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is avada.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function __, with the arguments 'error' in file functions.interface.php.Found a translation function that is missing a text-domain. Function _e, with the arguments 'Menu First Level Style' in file mega-menus.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme requires the following plugin: %1$s.', 'This theme requires the following plugins installed: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme recommends the following plugin: %1$s.', 'This theme recommends the following plugins: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'There is a new update for %1$s.', 'There are several plugins updates available %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Go install Plugin', 'Go install Plugins' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Go update Plugin', 'Go update Plugins' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Activate installed plugin', 'Activate installed plugins' in file class-tgm-plugin-activation.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'There is an update available for the ', theme., 'Avada' in file class-avada-theme-updater.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme requires the following plugin installed or update: %1$s.', 'This theme requires the following plugins installed or updated: %1$s.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme recommends the following plugin installed or updated: %1$s.', 'This theme recommends the following plugins installed or updated: %1$s.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Go Install Plugin', 'Go Install Plugins' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Go Activate Plugin', 'Go Activate Plugins' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'woocommerce' in file woo-config.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file woo-config.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file woo-config.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file woo-config.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are Avada, wordpress-importer, shoestrap, theme., woocommerce, bbpress.
  5. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  6. Unwanted directories : GIT revision control directoryGIT revision control directory.git was found.
  7. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file style.css.
  8. Deprecated functions : post_permalinkpost_permalink found in file avada-functions.php. Deprecated since version 4.4. Use get_permalink instead.
    Line 249: function avada_render_rollover( $post_id, $post_permalink = '', $display_woo_price = false, $display_woo_buttons = fal
    Line 251: if ( ! $post_permalink ) {
    Line 252: $post_permalink = get_permalink( $post_id );
    Line 274: $icon_permalink = ( fusion_get_page_option( 'link_icon_url', $post_id ) != null ) ? fusion_get_page_option( 'link_icon_url', $post_id ) : $post_permalink;
    Line 372: <a class='fusion-show-details-button' href='<?php echo post_permalink(); ?>'><?php _e( 'Details', 'Avada' ); ?></a>
    Line 411: * @param  string  $post_permalink 				Permalink of current post
    Line 417: function avada_render_first_featured_image_markup( $post_id, $post_featured_image_size = '', $post_permalink = '', $display_placeholder_image = FALSE, $display_woo_price
    Line 463: do_action( 'avada_rollover', $post_id, $post_permalink, $display_woo_price, $display_woo_buttons, $display_post_cat
    Line 470: $html .= sprintf( '<a href='%s'>%s</a>', $post_permalink, $featured_image );
  9. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  10. I18N implementation : Proper use of _e(Possible variable $user found in translation function in woo-config.php. Translation function calls should not contain PHP variables.
    Line 1610: value='<?php esc_attr_e( $user->first_name ); ?>'/>
    Possible variable $user found in translation function in woo-config.php. Translation function calls should not contain PHP variables.
    Line 1617: value='<?php esc_attr_e( $user->last_name ); ?>'/>
    Possible variable $user found in translation function in woo-config.php. Translation function calls should not contain PHP variables.
    Line 1624: value='<?php esc_attr_e( $user->user_email ); ?>'/>
  11. I18N implementation : Proper use of ___all(Possible variable $uploaded_file found in translation function in functions.interface.php. Translation function calls should not contain PHP variables.
    Line 258: if(!empty($uploaded_file['error'])) { echo sprintf(__('Upload Error: %s', 'Avada'), __($uploaded_file['error'])); }
    Possible variable $theme_name found in translation function in class-avada-theme-updater.php. Translation function calls should not contain PHP variables.
    Line 88: <p>' . __( 'There is an update available for the ' . $theme_name . ' theme.', 'Ava
    Possible variable $cvalue found in translation function in woo-config.php. Translation function calls should not contain PHP variables.
    Line 1155: echo '<option value='' . esc_attr( $ckey ) . '' ' . selected( $current_r, $ckey, false ) . '>' . __( esc_html( $cvalue ), 'woocommerce' ) . '</option>';
  12. I18N implementation : Proper use of esc_attr_e(Possible variable $user found in translation function in woo-config.php. Translation function calls should not contain PHP variables.
    Line 1610: value='<?php esc_attr_e( $user->first_name ); ?>'/>
    Possible variable $user found in translation function in woo-config.php. Translation function calls should not contain PHP variables.
    Line 1617: value='<?php esc_attr_e( $user->last_name ); ?>'/>
    Possible variable $user found in translation function in woo-config.php. Translation function calls should not contain PHP variables.
    Line 1624: value='<?php esc_attr_e( $user->user_email ); ?>'/>
  13. CSS files : Presence of .screen-reader-text class.screen-reader-text css class is needed in your theme css. See : the Codex for an example implementation.
  14. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in header.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file fusion-plugins.php.
    Line 26: <p class='about-description'>These are the plugins we include with Avada.  Currently Fusion Core is the only required plugin that is needed to use Avada. You can activate, deactivate or update the plugins from this tab.  In addition, we are very excited about new products being released in 2015. <a href='http://theme-fusion.us2.list-manage2.com/subscribe?u=4345c7e8c4f2826cc52bb8
    Possible hard-coded links were found in the file install-demos.php.
    Line 19: <p><strong><?php _e( 'Solution 1:', 'Avada' ); ?></strong> <?php _e( 'Import the demo using alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 28: <p><strong><?php _e( 'Solution 1:', 'Avada' ); ?></strong> <?php _e( 'Import the demo using alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 19: <p><strong><?php _e( 'Solution 1:', 'Avada' ); ?></strong> <?php _e( 'Import the demo using alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 28: <p><strong><?php _e( 'Solution 1:', 'Avada' ); ?></strong> <?php _e( 'Import the demo using alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Possible hard-coded links were found in the file multiple-featured-images.php.
    Line 4: Description: Enables multiple featured images for posts and pages. If you like my plugin, feel free to give me reward ;) <a href='http://www.amazon.de/registry/wishlist/16KTW9ZG027C8' title='Amazon Wishlis
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  6. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  7. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  8. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  9. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  10. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  11. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  12. Use of includes : Use of include or requireThe theme appears to use include or require : fusion-framework.php
    Line 34: require( 'fusion-functions.php' );
    Line 41: require_once ( 'avada-admin/avada.php' );
    Line 48: require_once ( 'ajax-functions.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : avada.php
    Line 183: require_once( 'screens/welcome.php' );
    Line 187: require_once( 'screens/support.php' );
    Line 191: require_once( 'screens/install-demos.php' );
    Line 195: require_once( 'screens/fusion-plugins.php' );
    Line 199: require_once( 'screens/system-status.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : fusion-functions.php
    Line 833: require_once(ABSPATH . 'wp-admin/includes/file.php');
    Line 883: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : index.php
    Line 135: require_once ( ADMIN_PATH . 'functions/functions.load.php' );
    Line 136: require_once ( ADMIN_PATH . 'classes/class.options_machine.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions.load.php
    Line 10: require_once( ADMIN_PATH . 'functions/functions.php' );
    Line 11: require_once( ADMIN_PATH . 'functions/functions.filters.php' );
    Line 12: require_once( ADMIN_PATH . 'functions/functions.interface.php' );
    Line 13: require_once( ADMIN_PATH . 'functions/functions.options.php' );
    Line 14: require_once( ADMIN_PATH . 'functions/functions.admin.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions.interface.php
    Line 144: include_once( ADMIN_PATH . 'front-end/options.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : mega-menu-framework.php
    Line 83: require_once( 'mega-menus.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : importer.php
    Line 957: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : metaboxes.php
    Line 93: include 'options/options_es.php';
    Line 97: include 'options/options_slide.php';
    Line 135: <?php require_once( 'tabs/tab_' . $tab_name . '.php' ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm-plugin-activation.php
    Line 1065: require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-dynamic-css.php
    Line 157: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-contact.php
    Line 27: // 			require_once( trailingslashit( get_template_directory() ) . 'framework/reca
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : contact.php
    Line 10: require_once( 'framework/recaptchalib.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

0
Critical alerts
  1. WPScan Vulnerability Database : This theme is vulnerable to security breach "Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF "
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/8801
  2. Title : Title No reference to add_theme_support( "title-tag" ) was found in the theme.The theme needs to have <title> tags, ideally in the header.php file.The theme needs to have a call to wp_title(), ideally in the header.php file.
  3. Unwanted files : hidden file(s) or folder(s) .ds_store .gitignore .editorconfig was found.
  4. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Line 905: $headers = wp_get_http( $url, $upload['file'] );
  5. Deprecated functions : get_currentuserinfo get_currentuserinfo found in file form-edit-address.php. Deprecated since version 4.5. Use wp_get_current_user instead.
    Line 18: get_currentuserinfo();
    get_currentuserinfo found in file form-edit-address.php. Deprecated since version 4.5. Use wp_get_current_user instead.
    Line 18: get_currentuserinfo();
  6. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was revslider.zip layerslider.zip fusion_slider.zip avada_full_width.zip captions_tall.zip avada_small_slider.zip avada_page_slider.zip layerslider_export_2015-07-10_at_11.44.29.zip fusion-core.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in class-avada-scripts.php. Themes must not deregister core scripts.
    Line 33: wp_deregister_script( 'novagallery_modernizr' );
    Line 37: wp_deregister_script( 'ccgallery_modernizr' );
    Line 49: wp_deregister_script( 'wc-cart-fragments' );
    Line 56: wp_deregister_script( 'bootstrap' );
    Line 60: wp_deregister_script( 'cssua' );
    Line 64: wp_deregister_script( 'easyPieChart' );
    Line 68: wp_deregister_script( 'excanvas' );
    Line 72: wp_deregister_script( 'Froogaloop' );
    Line 76: wp_deregister_script( 'imagesLoaded' );
    Line 80: wp_deregister_script( 'jquery.infinitescroll' );
    Line 84: wp_deregister_script( 'isotope' );
    Line 88: wp_deregister_script( 'jquery.appear' );
    Line 92: wp_deregister_script( 'jquery.touchSwipe' );
    Line 96: wp_deregister_script( 'jquery.carouFredSel' );
    Line 100: wp_deregister_script( 'jquery.countTo' );
    Line 104: wp_deregister_script( 'jquery.cycle' );
    Line 108: wp_deregister_script( 'jquery.easing' );
    Line 112: wp_deregister_script( 'jquery.elasticslider' );
    Line 116: wp_deregister_script( 'jquery.fitvids' );
    Line 120: wp_deregister_script( 'jquery.flexslider' );
    Line 124: wp_deregister_script( 'jquery.fusion_maps' );
    Line 128: wp_deregister_script( 'jquery.hoverflow' );
    Line 132: wp_deregister_script( 'jquery.hoverIntent' );
    Line 136: wp_deregister_script( 'jquery.placeholder' );
    Line 140: wp_deregister_script( 'jquery.toTop' );
    Line 144: wp_deregister_script( 'jquery.waypoints' );
    Line 148: wp_deregister_script( 'modernizr' );
    Line 152: wp_deregister_script( 'jquery.requestAnimationFrame' );
    Line 156: wp_deregister_script( 'jquery.mousewheel' );
    Line 161: wp_deregister_script( 'ilightbox.packed' );
    Line 166: wp_deregister_script( 'avada-lightbox' );
    Line 170: wp_deregister_script( 'avada-header' );
    Line 174: wp_deregister_script( 'avada-select' );
    Line 178: wp_deregister_script( 'avada-parallax' );
    Line 182: wp_deregister_script( 'avada-video-bg' );
    Line 213: wp_deregister_script( 'avada' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is avada.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function __, with the arguments 'error' in file functions.interface.php.Found a translation function that is missing a text-domain. Function _e, with the arguments 'Menu First Level Style' in file mega-menus.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme requires the following plugin: %1$s.', 'This theme requires the following plugins installed: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme recommends the following plugin: %1$s.', 'This theme recommends the following plugins: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'There is a new update for %1$s.', 'There are several plugins updates available %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Go install Plugin', 'Go install Plugins' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Go update Plugin', 'Go update Plugins' in file class-tgm-plugin-activation.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Activate installed plugin', 'Activate installed plugins' in file class-tgm-plugin-activation.php.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'There is an update available for the ', theme., 'Avada' in file class-avada-theme-updater.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme requires the following plugin installed or update: %1$s.', 'This theme requires the following plugins installed or updated: %1$s.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'This theme recommends the following plugin installed or updated: %1$s.', 'This theme recommends the following plugins installed or updated: %1$s.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Go Install Plugin', 'Go Install Plugins' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Go Activate Plugin', 'Go Activate Plugins' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'woocommerce' in file woo-config.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file woo-config.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file woo-config.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file woo-config.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are Avada, wordpress-importer, shoestrap, theme., woocommerce, bbpress.
  5. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  6. Unwanted directories : GIT revision control directoryGIT revision control directory.git was found.
  7. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file style.css.
  8. Deprecated functions : post_permalinkpost_permalink found in file avada-functions.php. Deprecated since version 4.4. Use get_permalink instead.
    Line 249: function avada_render_rollover( $post_id, $post_permalink = '', $display_woo_price = false, $display_woo_buttons = fal
    Line 251: if ( ! $post_permalink ) {
    Line 252: $post_permalink = get_permalink( $post_id );
    Line 274: $icon_permalink = ( fusion_get_page_option( 'link_icon_url', $post_id ) != null ) ? fusion_get_page_option( 'link_icon_url', $post_id ) : $post_permalink;
    Line 372: <a class='fusion-show-details-button' href='<?php echo post_permalink(); ?>'><?php _e( 'Details', 'Avada' ); ?></a>
    Line 411: * @param  string  $post_permalink 				Permalink of current post
    Line 417: function avada_render_first_featured_image_markup( $post_id, $post_featured_image_size = '', $post_permalink = '', $display_placeholder_image = FALSE, $display_woo_price
    Line 463: do_action( 'avada_rollover', $post_id, $post_permalink, $display_woo_price, $display_woo_buttons, $display_post_cat
    Line 470: $html .= sprintf( '<a href='%s'>%s</a>', $post_permalink, $featured_image );
  9. CSS files : Presence of .screen-reader-text class.screen-reader-text css class is needed in your theme css. See : the Codex for an example implementation.
  10. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in header.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file fusion-plugins.php.
    Line 26: <p class='about-description'>These are the plugins we include with Avada.  Currently Fusion Core is the only required plugin that is needed to use Avada. You can activate, deactivate or update the plugins from this tab.  In addition, we are very excited about new products being released in 2015. <a href='http://theme-fusion.us2.list-manage2.com/subscribe?u=4345c7e8c4f2826cc52bb8
    Possible hard-coded links were found in the file install-demos.php.
    Line 19: <p><strong><?php _e( 'Solution 1:', 'Avada' ); ?></strong> <?php _e( 'Import the demo using alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 28: <p><strong><?php _e( 'Solution 1:', 'Avada' ); ?></strong> <?php _e( 'Import the demo using alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 19: <p><strong><?php _e( 'Solution 1:', 'Avada' ); ?></strong> <?php _e( 'Import the demo using alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 28: <p><strong><?php _e( 'Solution 1:', 'Avada' ); ?></strong> <?php _e( 'Import the demo using alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Possible hard-coded links were found in the file multiple-featured-images.php.
    Line 4: Description: Enables multiple featured images for posts and pages. If you like my plugin, feel free to give me reward ;) <a href='http://www.amazon.de/registry/wishlist/16KTW9ZG027C8' title='Amazon Wishlis
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  6. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  7. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  8. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  9. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  10. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  11. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  12. Use of includes : Use of include or requireThe theme appears to use include or require : fusion-framework.php
    Line 34: require( 'fusion-functions.php' );
    Line 41: require_once ( 'avada-admin/avada.php' );
    Line 48: require_once ( 'ajax-functions.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : avada.php
    Line 183: require_once( 'screens/welcome.php' );
    Line 187: require_once( 'screens/support.php' );
    Line 191: require_once( 'screens/install-demos.php' );
    Line 195: require_once( 'screens/fusion-plugins.php' );
    Line 199: require_once( 'screens/system-status.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : fusion-functions.php
    Line 833: require_once(ABSPATH . 'wp-admin/includes/file.php');
    Line 883: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : index.php
    Line 135: require_once ( ADMIN_PATH . 'functions/functions.load.php' );
    Line 136: require_once ( ADMIN_PATH . 'classes/class.options_machine.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions.load.php
    Line 10: require_once( ADMIN_PATH . 'functions/functions.php' );
    Line 11: require_once( ADMIN_PATH . 'functions/functions.filters.php' );
    Line 12: require_once( ADMIN_PATH . 'functions/functions.interface.php' );
    Line 13: require_once( ADMIN_PATH . 'functions/functions.options.php' );
    Line 14: require_once( ADMIN_PATH . 'functions/functions.admin.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions.interface.php
    Line 144: include_once( ADMIN_PATH . 'front-end/options.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : mega-menu-framework.php
    Line 83: require_once( 'mega-menus.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : importer.php
    Line 957: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : metaboxes.php
    Line 93: include 'options/options_es.php';
    Line 97: include 'options/options_slide.php';
    Line 135: <?php require_once( 'tabs/tab_' . $tab_name . '.php' ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm-plugin-activation.php
    Line 1065: require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-dynamic-css.php
    Line 157: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-contact.php
    Line 27: // 			require_once( trailingslashit( get_template_directory() ) . 'framework/reca
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : contact.php
    Line 10: require_once( 'framework/recaptchalib.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes