0
Validation results

Construct

Construct

WordPress 4.9.8 theme
0
Critical alerts
  1. WPScan Vulnerability Database : This theme is vulnerable to security breach "Construct 1.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion"
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/7466
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/7466"Construct 1.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download"
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/7467
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/7467
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/7467
  2. Security breaches : Use of base64_decode() Found base64_decode in file admin-functions.php.
    Line 164: $data = unserialize(base64_decode( $data['weblusive_import'] ));
  3. Security breaches : Use of base64_encode() Found base64_encode in file admin-ui.php.
     <textarea style='width:100%' rows='7'><?php echo html_entity_decode( $currentsettings = base64_encode( serialize( $current_options )) ); ?></textarea>
  4. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="http://player.vimeo.com/video/<?php echo esc_attr($video)?> in file inner-header-content.php.
    Line 164: <iframe src='http://player.vimeo.com/video/<?php echo esc_attr($video)?>' w
  5. Admin menu : Themes should use add_theme_page() for adding admin pages. File class-tgm-plugin-activation.php :
    Line 641: $this->page_hook = call_user_func( 'add_submenu_page', $args['parent_slug'], $args['page_title'], $args['menu_t
    File admin-functions.php :
    Line 180: add_menu_page(theme_name.' Settings', theme_name ,'switch_themes', 'panel' 
    File admin-functions.php :
    Line 181: $theme_page = add_submenu_page('panel',theme_name.' Settings', theme_name.' Settings','sw
    Line 182: //add_submenu_page('panel', theme_name, 'Pricing Tables', 'switch_themes', 'p
    File admin-functions.php :
    Line 181: $theme_page = add_submenu_page('panel',theme_name.' Settings', theme_name.' Settings','sw
    Line 182: //add_submenu_page('panel', theme_name, 'Pricing Tables', 'switch_themes', 'p
Warning
  1. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  2. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  3. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  4. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : archive.php
    Line 56: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : index.php
    Line 45: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : google_font_list.php
    Line 5: require ('google-fonts.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : customizer.php
    Line 808: require_once('google_font_list.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : admin-functions.php
    Line 90: require ('google-fonts.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : portfolio_loop.php
    Line 177: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?> 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : search.php
    Line 52: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : blog-template.php
    Line 32: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : taxonomy-portfolio_category.php
    Line 138: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?> 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : dynamic-styles.php
    Line 3: require_once( $parse_uri[0] . 'wp-load.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

79
Critical alerts
  1. WPScan Vulnerability Database : This theme is vulnerable to security breach "Construct 1.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion"
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/7466
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/7466"Construct 1.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download"
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/7467
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/7467
    More on Wordpress Vulnerability Scanner site : https://wpvulndb.com/vulnerabilities/7467
Warning
  1. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Optional files : Presence of image template file image.phpThis theme does not contain optional file image.php.
  11. Use of includes : Use of include or requireThe theme appears to use include or require : archive.php
    Line 56: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : index.php
    Line 45: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : google_font_list.php
    Line 5: require ('google-fonts.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : customizer.php
    Line 808: require_once('google_font_list.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : admin-functions.php
    Line 90: require ('google-fonts.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : portfolio_loop.php
    Line 177: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?> 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : search.php
    Line 52: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : blog-template.php
    Line 32: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?>
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : taxonomy-portfolio_category.php
    Line 138: <?php include(construct_PLUGINS . '/wp-pagenavi.php' ); wp_pagenavi(); ?> 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : dynamic-styles.php
    Line 3: require_once( $parse_uri[0] . 'wp-load.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes