0
Validation results

JNews

JNews

WordPress 4.9.8 theme
0
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file Customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Security breaches : Use of base64_encode() Found base64_encode in file TwitterOAuth.php.
     $parameters['media'] = base64_encode($file);
     'media_data' => base64_encode(fread($media, $this->chunkSize))
     return base64_encode($key . ':' . $secret);
    Found base64_encode in file HmacSha1.php.
     return base64_encode(hash_hmac('sha1', $signatureBase, $key, true));
  3. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src=\"//www.youtube.com/embed/" . $video_id . "?showinfo=1" . $autoplay . "&amp;autohide=1&amp;rel=0&amp;wmode=opaque\" allowfullscreen=\"\" height=\"500\" width=\"700\"> in file Element_Embedplaylist_View.php.
    Line 194: <iframe src=\'//www.youtube.com/embed/' . $video_id . '?showinfo=1' . $auto
    Found <iframe src=\"//www.youtube.com/embed/" . $video_id . "?showinfo=1" . $autoplay . "&amp;autohide=1&amp;rel=0&amp;wmode=opaque\" allowfullscreen=\"\" height=\"500\" width=\"700\"> in file Element_Videoplaylist_View.php.
    Line 52: <iframe src=\'//www.youtube.com/embed/' . $video_id . '?showinfo=1' . $auto
  4. Malware : Operations on file system file_put_contents was found in the file StyleGenerator.php
    Line 293: if ( file_put_contents( $file_path, $styles ) )
    file_get_contents was found in the file TwitterOAuth.php
    Line 296: ($file = file_get_contents($parameters['media'])) === false) {
    fopen was found in the file TwitterOAuth.php
    Line 316: $media = fopen($parameters['media'], 'rb');
    fread was found in the file TwitterOAuth.php
    Line 322: 'media_data' => base64_encode(fread($media, $this->chunkSize))
    fclose was found in the file TwitterOAuth.php
    Line 325: fclose($media);
  5. Malware : Network operations curl_init was found in the file TwitterOAuth.php
    Line 545: $curlHandle = curl_init();
    curl_exec was found in the file TwitterOAuth.php
    Line 547: $response = curl_exec($curlHandle);
  6. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was jnews-demo-elementor.zip elementor.zip jnews-customizer-category.zip jnews-jsonld.zip jnews-social-login.zip jnews-essential.zip jnews-migration-newspaper.zip jnews-review.zip jnews-view-counter.zip jnews-migration-newsmag.zip jnews-weather.zip jnews-push-notification.zip jnews-food-recipe.zip jnews-gallery.zip revslider.zip jnews-migration-jmagz.zip jnews-breadcrumb.zip jnews-like.zip jnews-option-category.zip jnews-migration-sahifa.zip jnews-migration-publisher.zip vafpress-post-formats-ui-develop.zip jnews-migration-jannah.zip js_composer.zip jnews-instagram.zip jnews-split.zip jnews-social-share.zip jnews-auto-load-post.zip jnews-migration-soledad.zip waspthemes-yellow-pencil.zip jnews-front-translation.zip jnews-speed.zip jnews-frontend-submit.zip jnews-meta-header.zip jnews-amp.zip jnews-gutenberg.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in ModuleElementor.php. Themes must not deregister core scripts.
    Line 195: wp_deregister_script('elementor-editor');
  2. Text domain : Incorrect use of translation functions.Found a translation function that has an incorrect number of arguments. Function esc_attr_e, with the arguments 'position-sidebar', , 'sticky-sidebar' in file archive-sidebar.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'width-sidebar' in file archive-sidebar.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Partial render must echo the content or return the content string (or array), but not both.' in file Customizer.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file multitag.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file singlecategory.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file multicategory.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file multiauthor.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'This feature disabled when you enabling <strong>JNews - Auto Load Next Post Plugin.</strong>' in file single_video_following.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are jnews, , helper, elementor, js_composer.
  3. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.
  4. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file frontend.min.css.
  5. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  6. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  7. I18N implementation : Proper use of _e(Possible variable $sidebar found in translation function in archive-sidebar.php. Translation function calls should not contain PHP variables.
    Line 1: <div class='jeg_sidebar <?php esc_attr_e( $sidebar['position-sidebar'] . ' ' . $sidebar['sticky-sidebar'] ); ?> c
    Possible variable $sidebar found in translation function in archive-sidebar.php. Translation function calls should not contain PHP variables.
    Line 1: <div class='jeg_sidebar <?php esc_attr_e( $sidebar['position-sidebar'] . ' ' . $sidebar['sticky-sidebar'] ); ?> col-sm-<?php esc_attr_e($sidebar['width-sidebar']); ?>'>
    Possible variable $ajax_class found in translation function in multitag.php. Translation function calls should not contain PHP variables.
    Line 37: <div class='multitag-wrapper <?php esc_attr_e($ajax_class); ?>'>
    Possible variable $ajax_class found in translation function in singlecategory.php. Translation function calls should not contain PHP variables.
    Line 37: <div class='singlecategory-wrapper <?php esc_attr_e($ajax_class); ?>'>
    Possible variable $ajax_class found in translation function in multicategory.php. Translation function calls should not contain PHP variables.
    Line 37: <div class='multicategory-wrapper <?php esc_attr_e($ajax_class); ?>'>
    Possible variable $ajax_class found in translation function in multiauthor.php. Translation function calls should not contain PHP variables.
    Line 37: <div class='multiauthor-wrapper <?php esc_attr_e($ajax_class); ?>'>
  8. I18N implementation : Proper use of esc_attr_e(Possible variable $sidebar found in translation function in archive-sidebar.php. Translation function calls should not contain PHP variables.
    Line 1: <div class='jeg_sidebar <?php esc_attr_e( $sidebar['position-sidebar'] . ' ' . $sidebar['sticky-sidebar']
    Possible variable $sidebar found in translation function in archive-sidebar.php. Translation function calls should not contain PHP variables.
    Line 1: <div class='jeg_sidebar <?php esc_attr_e( $sidebar['position-sidebar'] . ' ' . $sidebar['sticky-sidebar'] ); ?> col-sm-<?php esc_attr_e($sidebar['width-sidebar']); ?>'>
    Possible variable $ajax_class found in translation function in multitag.php. Translation function calls should not contain PHP variables.
    Line 37: <div class='multitag-wrapper <?php esc_attr_e($ajax_class); ?>'>
    Possible variable $ajax_class found in translation function in singlecategory.php. Translation function calls should not contain PHP variables.
    Line 37: <div class='singlecategory-wrapper <?php esc_attr_e($ajax_class); ?>'>
    Possible variable $ajax_class found in translation function in multicategory.php. Translation function calls should not contain PHP variables.
    Line 37: <div class='multicategory-wrapper <?php esc_attr_e($ajax_class); ?>'>
    Possible variable $ajax_class found in translation function in multiauthor.php. Translation function calls should not contain PHP variables.
    Line 37: <div class='multiauthor-wrapper <?php esc_attr_e($ajax_class); ?>'>
  9. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  5. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  6. Use of includes : Use of include or requireThe theme appears to use include or require : bootstrap.php
    Line 9: require_once 'constant.php';
    Line 14: require_once 'autoload.php';
    Line 30: require_once($datasource);
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : StyleGenerator.php
    Line 259: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 278: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : VideoThumbnail.php
    Line 224: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : ModuleManager.php
    Line 188: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : ModuleOptionAbstract.php
    Line 96: include_once 'modules-container.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : ModuleVC.php
    Line 842: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : FooterBuilder.php
    Line 435: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

35
Critical alerts
  1. Customizer : Sanitization of Customizer settings Found a Customizer setting that did not have a sanitization callback function in file Customizer.php. Every call to the add_setting() method needs to have a sanitization callback function passed.
  2. Malware : Network operations curl_init was found in the file TwitterOAuth.php
    Line 545: $curlHandle = curl_init();
    curl_exec was found in the file TwitterOAuth.php
    Line 547: $response = curl_exec($curlHandle);
  3. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was jnews-demo-elementor.zip elementor.zip jnews-customizer-category.zip jnews-jsonld.zip jnews-social-login.zip jnews-essential.zip jnews-migration-newspaper.zip jnews-review.zip jnews-view-counter.zip jnews-migration-newsmag.zip jnews-weather.zip jnews-push-notification.zip jnews-food-recipe.zip jnews-gallery.zip revslider.zip jnews-migration-jmagz.zip jnews-breadcrumb.zip jnews-like.zip jnews-option-category.zip jnews-migration-sahifa.zip jnews-migration-publisher.zip vafpress-post-formats-ui-develop.zip jnews-migration-jannah.zip js_composer.zip jnews-instagram.zip jnews-split.zip jnews-social-share.zip jnews-auto-load-post.zip jnews-migration-soledad.zip waspthemes-yellow-pencil.zip jnews-front-translation.zip jnews-speed.zip jnews-frontend-submit.zip jnews-meta-header.zip jnews-amp.zip jnews-gutenberg.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in ModuleElementor.php. Themes must not deregister core scripts.
    Line 195: wp_deregister_script('elementor-editor');
  2. Text domain : Incorrect use of translation functions.Found a translation function that has an incorrect number of arguments. Function esc_attr_e, with the arguments 'position-sidebar', , 'sticky-sidebar' in file archive-sidebar.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'width-sidebar' in file archive-sidebar.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'Partial render must echo the content or return the content string (or array), but not both.' in file Customizer.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file multitag.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file singlecategory.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file multicategory.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments in file multiauthor.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'This feature disabled when you enabling <strong>JNews - Auto Load Next Post Plugin.</strong>' in file single_video_following.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are jnews, , helper, elementor, js_composer.
  3. Plugin territory : Plugin territory functionalitiesThe theme uses the register_post_type() function, which is plugin-territory functionality.
  4. Hidden admin bar : Hidden admin Bar in CSSThemes should not hide admin bar. Detected in file frontend.min.css.
  5. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  5. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  6. Use of includes : Use of include or requireThe theme appears to use include or require : bootstrap.php
    Line 9: require_once 'constant.php';
    Line 14: require_once 'autoload.php';
    Line 30: require_once($datasource);
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : StyleGenerator.php
    Line 259: require_once (ABSPATH . '/wp-admin/includes/file.php');
    Line 278: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : VideoThumbnail.php
    Line 224: require_once( ABSPATH . 'wp-admin/includes/image.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : ModuleManager.php
    Line 188: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : ModuleOptionAbstract.php
    Line 96: include_once 'modules-container.php';
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : ModuleVC.php
    Line 842: require_once (ABSPATH . '/wp-admin/includes/file.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : FooterBuilder.php
    Line 435: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes