0
Validation results

Shopme

Shopme

WordPress 4.9.6 theme
0
Critical alerts
  1. Security breaches : Use of base64_decode() Found base64_decode in file import-class.php.
    Line 12: $options = unserialize(base64_decode($options));
    Line 27: $widget_settings = unserialize(base64_decode($widget_settings));
    Line 36: $sidebar_settings = unserialize(base64_decode($sidebar_settings));
    Line 43: $meta_settings = unserialize(base64_decode($meta_settings));
    Found base64_decode in file functions-ajax.php.
    Line 90: $options = unserialize(base64_decode(file_get_contents( $file )));
  2. Security breaches : Use of base64_encode() Found base64_encode in file twitter-api-core.php.
     $this->args['oauth_signature'] = base64_encode( hash_hmac( 'sha1', $str, $key, true ) );
    Found base64_encode in file export-class.php.
     $export = base64_encode(serialize($export));
     $widget_settings = base64_encode(serialize($this->exportWidgets()));
     $sidebar_settings = base64_encode(serialize($this->exportSidebars()));
     $meta_settings = base64_encode(serialize($this->metaData()));
  3. Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site Found <iframe id="like_box_widget_'. self::$id_of_like_box .'" src="https://www.facebook.com/plugins/likebox.php?href='. $profile_id .'&amp;colorscheme='. $facebook_likebox_theme .'&amp;width='. $width .'&amp;height='. $height .'&amp;connections='. $connections .'&amp;stream=false&amp;show_border=false&amp;header='. $header .'&amp;" scrolling="no" frameborder="0" allowTransparency="true" style="width:'. $width .'px; height:'. $height .'px;"> in file widgets.php.
    Line 143: echo '<iframe id='like_box_widget_'. self::$id_of_like_box .'' src='https://www.f
    Found <iframe src="https://mapsengine.google.com/map/u/0/embed?mid=z4vjH8i214vQ.kj0Xiukzzle4" width="640" height="480"> in file vc_mad_gmaps.php.
    Line 13: 'link' => '<iframe src='https://mapsengine.google.com/map/u/0/embed?mid=z4vjH8i214vQ.k
    Found <iframe width="<?php echo $width ?>" height="<?php echo $height ?>" src="<?php echo $link ?> in file vc_mad_contact_info.php.
    Line 81: <iframe width='<?php echo $width ?>' height='<?php echo $height ?>' src='<?
    Found <iframe src="https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d193578.74109040972!2d-73.97968099999999!3d40.703312749999995!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x89c24fa5d33f083b%3A0xc80b8f06e177fe62!2z0J3RjNGOLdCZ0L7RgNC6LCDQodCo0JA!5e0!3m2!1sru!2sua!4v1424385645246" width="400" height="300" style="border:0"> in file register-theme-options.php.
    Line 2945: 'std' => '<iframe src='https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d193578.7
  4. Malware : Operations on file system fopen was found in the file functions-helper.php
    Line 8: $handle = @fopen( $file, 'w' );
    Line 15: $handle = fopen($file, 'r');
    Line 50: $handle = @fopen($index_file, 'w');
    fwrite was found in the file functions-helper.php
    Line 11: $create = fwrite( $handle, $content );
    Line 52: fwrite( $handle, '<?php\r\necho 'Browsing the directory is not allowed!';\r
    fclose was found in the file functions-helper.php
    Line 12: fclose( $handle );
    Line 18: fclose( $handle );
    Line 53: fclose( $handle );
    fopen was found in the file functions-helper.php
    Line 8: $handle = @fopen( $file, 'w' );
    Line 15: $handle = fopen($file, 'r');
    Line 50: $handle = @fopen($index_file, 'w');
    fread was found in the file functions-helper.php
    Line 16: $filecontent = fread($handle, filesize($file));
    fclose was found in the file functions-helper.php
    Line 12: fclose( $handle );
    Line 18: fclose( $handle );
    Line 53: fclose( $handle );
    fopen was found in the file functions-helper.php
    Line 8: $handle = @fopen( $file, 'w' );
    Line 15: $handle = fopen($file, 'r');
    Line 50: $handle = @fopen($index_file, 'w');
    fwrite was found in the file functions-helper.php
    Line 11: $create = fwrite( $handle, $content );
    Line 52: fwrite( $handle, '<?php\r\necho 'Browsing the directory is not allowed!';\r
    fclose was found in the file functions-helper.php
    Line 12: fclose( $handle );
    Line 18: fclose( $handle );
    Line 53: fclose( $handle );
    file_get_contents was found in the file functions-ajax.php
    Line 89: if ( function_exists( 'file_get_contents' ) && $file != '' ) {
    Line 90: $options = unserialize(base64_decode(file_get_contents( $file )));
  5. Admin menu : Themes should use add_theme_page() for adding admin pages. File admin.php :
    Line 129: //add_action( 'admin_menu', array( $this, 'add_menu_page' ) );
    Line 340: public function add_menu_page()
    Line 342: $page = add_menu_page(__('Envato Market', 'envato-market'), __('Envato Market', 'en
    File admin.php :
    Line 129: //add_action( 'admin_menu', array( $this, 'add_menu_page' ) );
    Line 340: public function add_menu_page()
    Line 342: $page = add_menu_page(__('Envato Market', 'envato-market'), __('Envato Market', 'en
    File adminpages.class.php :
    Line 42: $stm_admin_menu_page_creation_method = 'add_menu_page';
  6. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Line 866: $headers = wp_get_http( $url, $upload['file'] );
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in config.php. Themes must not deregister core scripts.
    Line 32: wp_deregister_script('yith_wcas_frontend');
  2. special URIs : Presence of bad theme tagsTheme URI and Author URI should not be the same.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'shopme' in file twitter-api-core.php.Found a translation function that is missing a text-domain. Function __, with the arguments '%1$s is deprecated. Use %2$s instead.' in file functions-template.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'asc' in file ordering.class.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'desc' in file ordering.class.php.Found a translation function that is missing a text-domain. Function _n, with the arguments '%d vote', '%d votes' in file vc_mad_blog_posts.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments '%s download remaining', '%s downloads remaining', downloads_remaining, 'shopme' in file my-downloads.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'shopme' in file cart-totals.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are shopme, twitter-api, post_type, woocommerce, tgmpa, envato-market, flatastic, downloads_remaining.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. Security breaches : Presence of Google advertising codeFound pub-1152642518017280 in file header.php.
    Line 26: google_ad_client: 'ca-pub-1152642518017280',
  6. Unwanted files : Windows thumbnail storethumbs.db was found.
  7. Custom elements : Presence of custom headerNo reference to custom header was found in the theme.
  8. Custom elements : Presence of custom backgroundNo reference to custom background was found in the theme.
  9. Editor style : Presence of editor styleNo reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
  10. I18N implementation : Proper use of _e(Possible variable $product_sort found in translation function in ordering.class.php. Translation function calls should not contain PHP variables.
    Line 196: <a title='<?php esc_attr_e($product_sort['asc']) ?>' class='order-param-asc'  href='<?php echo $thi
    Possible variable $product_sort found in translation function in ordering.class.php. Translation function calls should not contain PHP variables.
    Line 200: <a title='<?php esc_attr_e($product_sort['desc']) ?>' class='order-param-desc'  href='<?php echo $t
  11. I18N implementation : Proper use of ___all(Possible variable $err found in translation function in twitter-api-core.php. Translation function calls should not contain PHP variables.
    Line 306: $err['message'] = __( $err['message'], 'twitter-api' );
    Possible variable $text found in translation function in twitter-api-core.php. Translation function calls should not contain PHP variables.
    Line 529: return esc_html__( $text, 'shopme' );
  12. I18N implementation : Proper use of esc_attr_e(Possible variable $product_sort found in translation function in ordering.class.php. Translation function calls should not contain PHP variables.
    Line 196: <a title='<?php esc_attr_e($product_sort['asc']) ?>' class='order-param-asc'  href='<?php e
    Possible variable $product_sort found in translation function in ordering.class.php. Translation function calls should not contain PHP variables.
    Line 200: <a title='<?php esc_attr_e($product_sort['desc']) ?>' class='order-param-desc'  href='<?php
  13. I18N implementation : Proper use of esc_html___all(Possible variable $text found in translation function in twitter-api-core.php. Translation function calls should not contain PHP variables.
    Line 529: return esc_html__( $text, 'shopme' );
  14. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in functions-core.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file twitter-api-admin.php.
    Line 64: <a href='https://dev.twitter.com/apps'><?php echo esc_html__('your Twitter dashboard
    Possible hard-coded links were found in the file latest-tweets.php.
    Line 323: $links[] = '<a href='options-general.php?page=twitter-api-admin'><strong>'.esc_html__('Connect t
    Possible hard-coded links were found in the file map.php.
    Line 1597: 'description' => sprintf( wp_kses(__( 'Visit %s to create your map. 1) Find location 2) Click 'Share' and make sure map is public on the web 3) Click folder icon to reveal 'Embed on my site' link 4) Copy iframe code and paste it here.', 'shopme' ), array('a' => array('href' => array(), 'target' => array()))), '<a href='https://mapsengine.google.com/' target='_blank'>'. esc_html__('Google maps'
    Line 1702: 'description' => sprintf( wp_kses(__( 'Visit %s to create your map. 1) Find location 2) Click 'Share' and make sure map is public on the web 3) Click folder icon to reveal 'Embed on my site' link 4) Copy iframe code and paste it here.', 'shopme' ), array('a' => array('href' => array(), 'target' => array()))), '<a href='https://mapsengine.google.com/' target='_blank'>'. esc_html__('Google maps'
    Line 1597: 'description' => sprintf( wp_kses(__( 'Visit %s to create your map. 1) Find location 2) Click 'Share' and make sure map is public on the web 3) Click folder icon to reveal 'Embed on my site' link 4) Copy iframe code and paste it here.', 'shopme' ), array('a' => array('href' => array(), 'target' => array()))), '<a href='https://mapsengine.google.com/' target='_blank'>'. esc_html__('Google maps'
    Line 1702: 'description' => sprintf( wp_kses(__( 'Visit %s to create your map. 1) Find location 2) Click 'Share' and make sure map is public on the web 3) Click folder icon to reveal 'Embed on my site' link 4) Copy iframe code and paste it here.', 'shopme' ), array('a' => array('href' => array(), 'target' => array()))), '<a href='https://mapsengine.google.com/' target='_blank'>'. esc_html__('Google maps'
    Possible hard-coded links were found in the file intro.php.
    Line 18: <strong><?php printf(esc_html__('Development of this plugin is done on %sGitHub%s. Pull requests welcome.', 'envato-market'), '<a href='https://github.com/envato/wp-envato-market' target='_blank'>', '</a>'); ?><
    Possible hard-coded links were found in the file init.php.
    Line 386: <code style='font-size: 14px;'>((<strong>AV</strong> * <strong>R</strong>) + (<em>v</em> * <em>r</em>)) / (<strong>AV</strong> + <em>v</em>)</code> (<?php printf(wp_kses(__('from %s', 'shopme'), array('a' => array('href' => array(), 'target' => array()))), '<a href='https://gist.github.com/44522/' target='_blank'>thebroth</a>'); ?>)
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  6. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  7. Use of includes : Use of include or requireThe theme appears to use include or require : theme-helper.php
    Line 186: include(SHOPME_INCLUDES_PATH . 'widgets/templates/' . $view . '.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : widgets.php
    Line 268: include(SHOPME_POPWIDGET_ABSPATH . '/inc/widget.php');
    Line 274: include(SHOPME_POPWIDGET_ABSPATH . '/inc/form.php');
    Line 913: include(SHOPME_MAILCHIMP_ABSPATH . '/inc/widget.php');
    Line 925: include(SHOPME_MAILCHIMP_ABSPATH . '/inc/form.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : product.php
    Line 99: require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions-core.php
    Line 48: include( $located );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions-metadata.php
    Line 3: require_once( SHOPME_INCLUDES_PATH . 'metadata/meta_values.php' );
    Line 4: require_once( SHOPME_INCLUDES_PATH . 'metadata/functions-types.php' );
    Line 5: require_once( SHOPME_INCLUDES_PATH . 'metadata/product.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : config.php
    Line 38: require($this->paths['PLUGINS'] . 'ajax_search/config.php');
    Line 39: require($this->paths['PLUGINS'] . 'compare/config.php');
    Line 40: require($this->paths['PLUGINS'] . 'wishlist/config.php');
    Line 41: require($this->paths['PLUGINS'] . 'flashsale/config.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : config.php
    Line 38: require( self::$pathes['PLUGINS'] . 'compare/widgets/class.yith-woocompare-
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : config.php
    Line 40: include( $this->paths['PHP'] . 'functions-template.php' );
    Line 41: include( $this->paths['PHP'] . 'templates-hooks.php' );
    Line 42: include( $this->paths['PHP'] . 'ordering.class.php' );
    Line 43: include( $this->paths['PHP'] . 'new-badge.class.php' );
    Line 44: include( $this->paths['PHP'] . 'common-tab.class.php' );
    Line 46: include( $this->paths['PHP'] . 'dropdown-cart.class.php' );
    Line 47: include( $this->paths['PHP'] . 'quick-view.class.php' );
    Line 48: include( $this->paths['WIDGETS_DIR'] . 'class-wc-widget-products-specials.p
    Line 60: include( $this->paths['PHP'] . 'currency-switcher.class.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : config.php
    Line 54: require_once( $this->path('CONFIG_DIR', 'map.php') );
    Line 127: require_once($file);
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : map.php
    Line 287: 
    Line 288: 
    Line 289: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : register-dynamic-styles.php
    Line 57: include( SHOPME_FRAMEWORK::$path['configPath'] . 'register-color-schemes.ph
    Line 79: require( SHOPME_BASE_PATH . 'css/schemes/dynamic-global-css-{$color_scheme}
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : admin.php
    Line 959: include_once(ABSPATH . 'wp-admin/includes/class-wp-upgrader.php');
    Line 1158: require(envato_market()->get_plugin_path() . 'inc/admin/view/callback/admin
    Line 1168: require(envato_market()->get_plugin_path() . 'inc/admin/view/callback/secti
    Line 1178: require(envato_market()->get_plugin_path() . 'inc/admin/view/callback/secti
    Line 1188: require(envato_market()->get_plugin_path() . 'inc/admin/view/callback/setti
    Line 1198: require(envato_market()->get_plugin_path() . 'inc/admin/view/callback/setti
    Line 1208: require(envato_market()->get_plugin_path() . 'inc/admin/view/partials/intro
    Line 1218: require(envato_market()->get_plugin_path() . 'inc/admin/view/partials/tabs.
    Line 1228: require(envato_market()->get_plugin_path() . 'inc/admin/view/partials/setti
    Line 1238: require(envato_market()->get_plugin_path() . 'inc/admin/view/partials/theme
    Line 1248: require(envato_market()->get_plugin_path() . 'inc/admin/view/partials/plugi
    Line 1258: require(envato_market()->get_plugin_path() . 'inc/admin/view/notice/success
    Line 1268: require(envato_market()->get_plugin_path() . 'inc/admin/view/notice/success
    Line 1278: require(envato_market()->get_plugin_path() . 'inc/admin/view/notice/success
    Line 1288: require(envato_market()->get_plugin_path() . 'inc/admin/view/notice/error.p
    Line 1298: require(envato_market()->get_plugin_path() . 'inc/admin/view/notice/error-s
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : adminpages.class.php
    Line 16: require_once( get_template_directory() . '/admin/framework/php/envato-marke
    Line 130: require_once( get_template_directory() . '/admin/framework/admin-pages/welc
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : inc-importer.php
    Line 22: require_once($class_wp_importer);
    Line 31: require_once($class_wp_import);
    Line 42: include_once('import-class.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : import-class.php
    Line 9: if ($option_file) @include_once($option_file);
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : global-object.class.php
    Line 30: include( SHOPME_FRAMEWORK::$path['configPath'] . 'register-theme-options.ph
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions-ajax.php
    Line 70: require_once( SHOPME_FRAMEWORK::$path['frameworkPHP'] . 'config-import-expo
    Line 85: require_once( SHOPME_FRAMEWORK::$path['frameworkPHP'] . 'config-import-expo
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Line 30: require_once($this->paths['frameworkPHP'] . 'functions-helper.php');
    Line 31: require_once($this->paths['frameworkPHP'] . 'breadcrumb.class.php');
    Line 32: require_once($this->paths['frameworkPHP'] . 'sidebar-generator.class.php');
    Line 33: require_once($this->paths['frameworkPHP'] . 'global-object.class.php');
    Line 34: require_once($this->paths['frameworkPHP'] . 'adminpages.class.php');
    Line 35: require_once($this->paths['frameworkPHP'] . 'html-helper.class.php');
    Line 36: require_once($this->paths['frameworkPHP'] . 'functions-ajax.php');
    Line 37: require_once($this->paths['frameworkPHP'] . 'config-import-export/export-cl
    Line 38: require_once($this->paths['frameworkPHP'] . 'dynamic-style-creator.class.ph
    Line 39: require_once($this->paths['frameworkPHP'] . 'facebook-page-likebox.php');
    Line 40: require_once($this->paths['frameworkPHP'] . 'class-pinterest-widgets.php');
    Line 41: require_once($this->paths['frameworkPHP'] . 'admin-aside-panel.php');
    Line 42: require_once($this->paths['frameworkPHP'] . 'wp-sitemap-page.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : register-theme-options.php
    Line 4: include('register-google-webfonts.php');
    Line 7: include('register-color-schemes.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : plugins.php
    Line 8: require_once ( SHOPME_INC_PLUGINS_PATH . trailingslashit($inc) . 'init' . '
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.

This is a ThemeForest theme. Since Themeforest items are all checked by a human before they appear on their website, ThemeForest verification rules are more permissive than themecheck's and can give a better verification score ( Themeforest requirements ).

73
Critical alerts
  1. Deprecated functions : wp_get_http wp_get_http found in file wordpress-importer.php. Deprecated since version 4.4. Use WP_Http instead.
    Line 866: $headers = wp_get_http( $url, $upload['file'] );
Warning
  1. core scripts deregistered : Core scripts deregistrationFound wp_deregister_script in config.php. Themes must not deregister core scripts.
    Line 32: wp_deregister_script('yith_wcas_frontend');
  2. special URIs : Presence of bad theme tagsTheme URI and Author URI should not be the same.
  3. Text domain : Incorrect use of translation functions.Found a translation function that is missing a text-domain. Function esc_html__, with the arguments 'shopme' in file twitter-api-core.php.Found a translation function that is missing a text-domain. Function __, with the arguments '%1$s is deprecated. Use %2$s instead.' in file functions-template.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'asc' in file ordering.class.php.Found a translation function that is missing a text-domain. Function esc_attr_e, with the arguments 'desc' in file ordering.class.php.Found a translation function that is missing a text-domain. Function _n, with the arguments '%d vote', '%d votes' in file vc_mad_blog_posts.php.Found a translation function that has an incorrect number of arguments. Function _n, with the arguments '%s download remaining', '%s downloads remaining', downloads_remaining, 'shopme' in file my-downloads.php.Found a translation function that is missing a text-domain. Function __, with the arguments 'shopme' in file cart-totals.php.More than one text-domain is being used in this theme. This means the theme will not be compatible with WordPress.org language packs. The domains found are shopme, twitter-api, post_type, woocommerce, tgmpa, envato-market, flatastic, downloads_remaining.
  4. Plugin territory : Plugin territory functionalitiesThe theme uses the add_shortcode() function. Custom post-content shortcodes are plugin-territory functionality.
  5. Security breaches : Presence of Google advertising codeFound pub-1152642518017280 in file header.php.
    Line 26: google_ad_client: 'ca-pub-1152642518017280',
  6. Unwanted files : Windows thumbnail storethumbs.db was found.
  7. Screenshot : Screenshot fileScreenshot size is 880x660px. Screenshot size should be 1200x900, to account for HiDPI displays. Any 4:3 image size is acceptable, but 1200x900 is preferred.Bad screenshot file extension ! File screenshot.png is not an actual JPG file. Detected type was : "image/png".
Tip-off
  1. favicon presence : Favicon managementPossible Favicon found in functions-core.php. Favicons are handled by the Site Icon setting in the customizer since version 4.3.
  2. Static links : Presence of hard-coded linksPossible hard-coded links were found in the file twitter-api-admin.php.
    Line 64: <a href='https://dev.twitter.com/apps'><?php echo esc_html__('your Twitter dashboard
    Possible hard-coded links were found in the file latest-tweets.php.
    Line 323: $links[] = '<a href='options-general.php?page=twitter-api-admin'><strong>'.esc_html__('Connect t
    Possible hard-coded links were found in the file map.php.
    Line 1597: 'description' => sprintf( wp_kses(__( 'Visit %s to create your map. 1) Find location 2) Click 'Share' and make sure map is public on the web 3) Click folder icon to reveal 'Embed on my site' link 4) Copy iframe code and paste it here.', 'shopme' ), array('a' => array('href' => array(), 'target' => array()))), '<a href='https://mapsengine.google.com/' target='_blank'>'. esc_html__('Google maps'
    Line 1702: 'description' => sprintf( wp_kses(__( 'Visit %s to create your map. 1) Find location 2) Click 'Share' and make sure map is public on the web 3) Click folder icon to reveal 'Embed on my site' link 4) Copy iframe code and paste it here.', 'shopme' ), array('a' => array('href' => array(), 'target' => array()))), '<a href='https://mapsengine.google.com/' target='_blank'>'. esc_html__('Google maps'
    Line 1597: 'description' => sprintf( wp_kses(__( 'Visit %s to create your map. 1) Find location 2) Click 'Share' and make sure map is public on the web 3) Click folder icon to reveal 'Embed on my site' link 4) Copy iframe code and paste it here.', 'shopme' ), array('a' => array('href' => array(), 'target' => array()))), '<a href='https://mapsengine.google.com/' target='_blank'>'. esc_html__('Google maps'
    Line 1702: 'description' => sprintf( wp_kses(__( 'Visit %s to create your map. 1) Find location 2) Click 'Share' and make sure map is public on the web 3) Click folder icon to reveal 'Embed on my site' link 4) Copy iframe code and paste it here.', 'shopme' ), array('a' => array('href' => array(), 'target' => array()))), '<a href='https://mapsengine.google.com/' target='_blank'>'. esc_html__('Google maps'
    Possible hard-coded links were found in the file intro.php.
    Line 18: <strong><?php printf(esc_html__('Development of this plugin is done on %sGitHub%s. Pull requests welcome.', 'envato-market'), '<a href='https://github.com/envato/wp-envato-market' target='_blank'>', '</a>'); ?><
    Possible hard-coded links were found in the file init.php.
    Line 386: <code style='font-size: 14px;'>((<strong>AV</strong> * <strong>R</strong>) + (<em>v</em> * <em>r</em>)) / (<strong>AV</strong> + <em>v</em>)</code> (<?php printf(wp_kses(__('from %s', 'shopme'), array('a' => array('href' => array(), 'target' => array()))), '<a href='https://gist.github.com/44522/' target='_blank'>thebroth</a>'); ?>)
  3. Optional files : Presence of rtl stylesheet rtl.cssThis theme does not contain optional file rtl.php.
  4. Optional files : Presence of front page template file front-page.phpThis theme does not contain optional file front-page.php.
  5. Optional files : Presence of home template file home.phpThis theme does not contain optional file home.php.
  6. Optional files : Presence of attachment template file attachment.phpThis theme does not contain optional file attachment.php.
  7. Use of includes : Use of include or requireThe theme appears to use include or require : theme-helper.php
    Line 186: include(SHOPME_INCLUDES_PATH . 'widgets/templates/' . $view . '.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : widgets.php
    Line 268: include(SHOPME_POPWIDGET_ABSPATH . '/inc/widget.php');
    Line 274: include(SHOPME_POPWIDGET_ABSPATH . '/inc/form.php');
    Line 913: include(SHOPME_MAILCHIMP_ABSPATH . '/inc/widget.php');
    Line 925: include(SHOPME_MAILCHIMP_ABSPATH . '/inc/form.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : product.php
    Line 99: require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions-core.php
    Line 48: include( $located );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions-metadata.php
    Line 3: require_once( SHOPME_INCLUDES_PATH . 'metadata/meta_values.php' );
    Line 4: require_once( SHOPME_INCLUDES_PATH . 'metadata/functions-types.php' );
    Line 5: require_once( SHOPME_INCLUDES_PATH . 'metadata/product.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : config.php
    Line 38: require($this->paths['PLUGINS'] . 'ajax_search/config.php');
    Line 39: require($this->paths['PLUGINS'] . 'compare/config.php');
    Line 40: require($this->paths['PLUGINS'] . 'wishlist/config.php');
    Line 41: require($this->paths['PLUGINS'] . 'flashsale/config.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : config.php
    Line 38: require( self::$pathes['PLUGINS'] . 'compare/widgets/class.yith-woocompare-
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : config.php
    Line 40: include( $this->paths['PHP'] . 'functions-template.php' );
    Line 41: include( $this->paths['PHP'] . 'templates-hooks.php' );
    Line 42: include( $this->paths['PHP'] . 'ordering.class.php' );
    Line 43: include( $this->paths['PHP'] . 'new-badge.class.php' );
    Line 44: include( $this->paths['PHP'] . 'common-tab.class.php' );
    Line 46: include( $this->paths['PHP'] . 'dropdown-cart.class.php' );
    Line 47: include( $this->paths['PHP'] . 'quick-view.class.php' );
    Line 48: include( $this->paths['WIDGETS_DIR'] . 'class-wc-widget-products-specials.p
    Line 60: include( $this->paths['PHP'] . 'currency-switcher.class.php' );
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : config.php
    Line 54: require_once( $this->path('CONFIG_DIR', 'map.php') );
    Line 127: require_once($file);
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : map.php
    Line 287: 
    Line 288: 
    Line 289: 
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : register-dynamic-styles.php
    Line 57: include( SHOPME_FRAMEWORK::$path['configPath'] . 'register-color-schemes.ph
    Line 79: require( SHOPME_BASE_PATH . 'css/schemes/dynamic-global-css-{$color_scheme}
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : admin.php
    Line 959: include_once(ABSPATH . 'wp-admin/includes/class-wp-upgrader.php');
    Line 1158: require(envato_market()->get_plugin_path() . 'inc/admin/view/callback/admin
    Line 1168: require(envato_market()->get_plugin_path() . 'inc/admin/view/callback/secti
    Line 1178: require(envato_market()->get_plugin_path() . 'inc/admin/view/callback/secti
    Line 1188: require(envato_market()->get_plugin_path() . 'inc/admin/view/callback/setti
    Line 1198: require(envato_market()->get_plugin_path() . 'inc/admin/view/callback/setti
    Line 1208: require(envato_market()->get_plugin_path() . 'inc/admin/view/partials/intro
    Line 1218: require(envato_market()->get_plugin_path() . 'inc/admin/view/partials/tabs.
    Line 1228: require(envato_market()->get_plugin_path() . 'inc/admin/view/partials/setti
    Line 1238: require(envato_market()->get_plugin_path() . 'inc/admin/view/partials/theme
    Line 1248: require(envato_market()->get_plugin_path() . 'inc/admin/view/partials/plugi
    Line 1258: require(envato_market()->get_plugin_path() . 'inc/admin/view/notice/success
    Line 1268: require(envato_market()->get_plugin_path() . 'inc/admin/view/notice/success
    Line 1278: require(envato_market()->get_plugin_path() . 'inc/admin/view/notice/success
    Line 1288: require(envato_market()->get_plugin_path() . 'inc/admin/view/notice/error.p
    Line 1298: require(envato_market()->get_plugin_path() . 'inc/admin/view/notice/error-s
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : adminpages.class.php
    Line 16: require_once( get_template_directory() . '/admin/framework/php/envato-marke
    Line 130: require_once( get_template_directory() . '/admin/framework/admin-pages/welc
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : inc-importer.php
    Line 22: require_once($class_wp_importer);
    Line 31: require_once($class_wp_import);
    Line 42: include_once('import-class.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : import-class.php
    Line 9: if ($option_file) @include_once($option_file);
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : global-object.class.php
    Line 30: include( SHOPME_FRAMEWORK::$path['configPath'] . 'register-theme-options.ph
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : functions-ajax.php
    Line 70: require_once( SHOPME_FRAMEWORK::$path['frameworkPHP'] . 'config-import-expo
    Line 85: require_once( SHOPME_FRAMEWORK::$path['frameworkPHP'] . 'config-import-expo
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : framework.php
    Line 30: require_once($this->paths['frameworkPHP'] . 'functions-helper.php');
    Line 31: require_once($this->paths['frameworkPHP'] . 'breadcrumb.class.php');
    Line 32: require_once($this->paths['frameworkPHP'] . 'sidebar-generator.class.php');
    Line 33: require_once($this->paths['frameworkPHP'] . 'global-object.class.php');
    Line 34: require_once($this->paths['frameworkPHP'] . 'adminpages.class.php');
    Line 35: require_once($this->paths['frameworkPHP'] . 'html-helper.class.php');
    Line 36: require_once($this->paths['frameworkPHP'] . 'functions-ajax.php');
    Line 37: require_once($this->paths['frameworkPHP'] . 'config-import-export/export-cl
    Line 38: require_once($this->paths['frameworkPHP'] . 'dynamic-style-creator.class.ph
    Line 39: require_once($this->paths['frameworkPHP'] . 'facebook-page-likebox.php');
    Line 40: require_once($this->paths['frameworkPHP'] . 'class-pinterest-widgets.php');
    Line 41: require_once($this->paths['frameworkPHP'] . 'admin-aside-panel.php');
    Line 42: require_once($this->paths['frameworkPHP'] . 'wp-sitemap-page.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : register-theme-options.php
    Line 4: include('register-google-webfonts.php');
    Line 7: include('register-color-schemes.php');
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
    The theme appears to use include or require : plugins.php
    Line 8: require_once ( SHOPME_INC_PLUGINS_PATH . trailingslashit($inc) . 'init' . '
    If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
Other checked themes