0
Validation results

Blender

Blender

WordPress 4.9.1 theme
0
Critical alerts
  1. Security breaches : Use of base64_decode() Found base64_decode in file OAuth.php.
    Line 200: $decoded_sig = base64_decode($signature);
  2. Security breaches : Use of base64_encode() Found base64_encode in file OAuth.php.
     return base64_encode(hash_hmac('sha1', $base_string, $key, true));
     return base64_encode($signature);
  3. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="<?php echo $video; ?> in file thumb-video.php.
    Line 8: <iframe src='<?php echo $video; ?>' width='500' height='281'></iframe>
    Found <iframe src="<?php echo $video_link; ?> in file single-video.php.
    Line 13: <iframe src='<?php echo $video_link; ?>' width='500' height='281'></iframe>
  4. Malware : Operations on file system file_get_contents was found in the file parsers.php
    Line 66: $success = $dom->loadXML( file_get_contents( $file ) );
    Line 269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    file_get_contents was found in the file parsers.php
    Line 66: $success = $dom->loadXML( file_get_contents( $file ) );
    Line 269: if ( ! xml_parse( $xml, file_get_contents( $file ), true ) ) {
    fopen was found in the file parsers.php
    Line 415: $fp = $this->fopen( $file, 'r' );
    Line 641: function fopen( $filename, $mode = 'r' ) {
    Line 644: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 464: $this->fclose($fp);
    Line 659: function fclose( $fp ) {
    Line 662: return fclose( $fp );
    fopen was found in the file parsers.php
    Line 415: $fp = $this->fopen( $file, 'r' );
    Line 641: function fopen( $filename, $mode = 'r' ) {
    Line 644: return fopen( $filename, $mode );
    fopen was found in the file parsers.php
    Line 415: $fp = $this->fopen( $file, 'r' );
    Line 641: function fopen( $filename, $mode = 'r' ) {
    Line 644: return fopen( $filename, $mode );
    fclose was found in the file parsers.php
    Line 464: $this->fclose($fp);
    Line 659: function fclose( $fp ) {
    Line 662: return fclose( $fp );
    fclose was found in the file parsers.php
    Line 464: $this->fclose($fp);
    Line 659: function fclose( $fp ) {
    Line 662: return fclose( $fp );
    fopen was found in the file tweets.php
    Line 45: $cache_static = fopen($cache_file, 'wb');
    Line 52: $cache_static = fopen($cache_file, 'r');
    fwrite was found in the file tweets.php
    Line 46: fwrite($cache_static, $cache_rss);
    fclose was found in the file tweets.php
    Line 47: fclose($cache_static);
    Line 54: fclose($cache_static);
    fopen was found in the file tweets.php
    Line 45: $cache_static = fopen($cache_file, 'wb');
    Line 52: $cache_static = fopen($cache_file, 'r');
    fread was found in the file tweets.php
    Line 53: $cache_rss = fread($cache_static,filesize($cache_file));
    fclose was found in the file tweets.php
    Line 47: fclose($cache_static);
    Line 54: fclose($cache_static);
  5. Malware : Network operations curl_init was found in the file subscribe.php
    Line 33: // $ch = curl_init();
    curl_exec was found in the file subscribe.php
    Line 39: // $result = curl_exec($ch);
    curl_init was found in the file twitteroauth.php
    Line 195: // $ci = curl_init();
    curl_exec was found in the file twitteroauth.php
    Line 221: // $response = curl_exec($ci);
  6. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Line 907: $headers = wp_get_http( $url, $upload['file'] );
  7. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was ._acf-field-date-time-picker.zip ._via-plugin.zip ._revslider.zip ._advanced-custom-fields-pro.zip ._beaver-builder-lite-version.zip beaver-builder-lite-version.zip via-plugin.zip revslider.zip advanced-custom-fields-pro.zip acf-field-date-time-picker.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in functions.php. Themes must not deregister core scripts.
    Line 22: wp_deregister_script('jquery');
  2. special URIs : Presence of bad theme tagsTheme URI and Author URI should not be the same.
  3. theme tags : Presence of bad theme tagsThe tag dark has been deprecated, it must be removed from style.css header.The tag black has been deprecated, it must be removed from style.css header.The tag orange has been deprecated, it must be removed from style.css header.The tag responsive-layout has been deprecated, it must be removed from style.css header.The tag fixed-layout has been deprecated, it must be removed from style.css header.Found wrong tag pagebuilder in style.css header.
  4. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is blender.
  5. Text domain : Incorrect use of translation functions.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'Footer Column2', via-theme, 'via-theme' in file functions.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are via-theme, tgmpa, wordpress-importer, fl-builder, widget-importer-exporter.
  6. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  7. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  8. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  9. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  10. Optional files : Presence of search results template file search.phpThis theme does not contain optional file search.php.
  11. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  12. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  13. Use of includes : Use of include or requireThe theme appears to use include or require : via-importer.php
    Line 32: include_once('via-import.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : twitteroauth.php
    Line 10: require_once('OAuth.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : tweets.php
    Line 6: require_once('oauth/twitteroauth.php'); //Path to twitteroauth library
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

34
Critical alerts
  1. Malware : Network operations curl_init was found in the file subscribe.php
    Line 33: // $ch = curl_init();
    curl_exec was found in the file subscribe.php
    Line 39: // $result = curl_exec($ch);
    curl_init was found in the file twitteroauth.php
    Line 195: // $ci = curl_init();
    curl_exec was found in the file twitteroauth.php
    Line 221: // $response = curl_exec($ci);
  2. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Line 907: $headers = wp_get_http( $url, $upload['file'] );
  3. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was ._acf-field-date-time-picker.zip ._via-plugin.zip ._revslider.zip ._advanced-custom-fields-pro.zip ._beaver-builder-lite-version.zip beaver-builder-lite-version.zip via-plugin.zip revslider.zip advanced-custom-fields-pro.zip acf-field-date-time-picker.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in functions.php. Themes must not deregister core scripts.
    Line 22: wp_deregister_script('jquery');
  2. special URIs : Presence of bad theme tagsTheme URI and Author URI should not be the same.
  3. theme tags : Presence of bad theme tagsThe tag dark has been deprecated, it must be removed from style.css header.The tag black has been deprecated, it must be removed from style.css header.The tag orange has been deprecated, it must be removed from style.css header.The tag responsive-layout has been deprecated, it must be removed from style.css header.The tag fixed-layout has been deprecated, it must be removed from style.css header.Found wrong tag pagebuilder in style.css header.
  4. Text domain : Incorrect use of translation functions.Wrong installation directory for the theme name. The directory name must match the slug of the theme. This theme's correct slug and text-domain is blender.
  5. Text domain : Incorrect use of translation functions.Found a translation function that has an incorrect number of arguments. Function __, with the arguments 'Footer Column2', via-theme, 'via-theme' in file functions.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are via-theme, tgmpa, wordpress-importer, fl-builder, widget-importer-exporter.
  6. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of archive template file archive.phpThis theme does not contain optional file archive.php.
  10. Optional files : Presence of search results template file search.phpThis theme does not contain optional file search.php.
  11. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  12. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  13. Use of includes : Use of include or requireThe theme appears to use include or require : via-importer.php
    Line 32: include_once('via-import.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : twitteroauth.php
    Line 10: require_once('OAuth.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : tweets.php
    Line 6: require_once('oauth/twitteroauth.php'); //Path to twitteroauth library
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes