Critical alerts
Security breaches : Modification of PHP server settings
Found ini_set in file index.php.
Line 2: ini_set('display_errors', 1);
Security breaches : Use of base64_encode()
Found base64_encode in file TwitterAPIExchange.php.
$oauth_signature = base64_encode(hash_hmac('sha1', $base_info, $composite_key, true));
Security breaches : Use of variable functions
Found $class in file Mailchimp.php.
Line 253: return new $class($result['error'], $result['code']);
Found $field_class in file enqueue.php.
Line 273: $theField = new $field_class( $field, $this->parent->options[ $field['id'] ], $this->parent
Found $field_class in file extension_customizer.php.
Line 598: $enqueue = new $field_class( '', '', $this );
Found $extension_class in file loader.php.
Line 21: $extension = new $extension_class( $ReduxFramework );
Found $fn in file scss.inc.php.
Line 940: $out = $this->$fn($op, $left, $right, $shouldEval);
Line 942: $out = $this->$fn($left, $right, $shouldEval);
Line 1978: $this->$fn(isset($color[$ii]) ? $color[$ii] : 0, $val, $i);
Line 1987: $hsl[$i - 3] = $this->$fn($hsl[$i - 3], $val, $i);
Line 3271: while ($this->$parseItem($value)) {
Line 4473: $css = '/* compiled by scssphp $v on $t (${elapsed}s) */\n\n' . $css;
Found $handler in file parsedown.php.
Line 985: $Span = $this->$handler($Excerpt);
Found $function in file framework.php.
Line 652: * @param mixed $default (null) The value to return if default not set
Line 676: * @param mixed $default (null) The value to return if option not set
Line 1241: $this->page = $function(
Line 1563: $enqueue = new $field_class( $field, $value, $this );
Line 2374: $this->extensions[ $folder ] = new $extension_class( $this );
Line 2802: $validation = new $validate( $this, $field, $before, $after );
Line 2824: $validation = new $validate( $this, $field, $pofi, $options[ $field['id'] ] );
Line 3606: $render = new $field_class( $field, $value, $this );
Found $extension_class in file loader.php.
Line 21: $extension = new $extension_class( $ReduxFramework );
Unwanted files : hidden file(s) or folder(s)
.gitignore .tx was found.
Presence of iframes : iframes are sometimes used to load unwanted adverts and malicious code on another site
Found <iframe width="'.$width.'" height="'.$height.'" src="'.$type.$id.'"> in file audio.php.
Line 10: <iframe width=''.$width.'' height=''.$height.'' src=''.$type.$id.''></ifram
Found <iframe width="'.$width.'" height="'.$height.'" src="'.$type.$id.'"> in file video.php.
Line 18: return '<div class='video_wrap'><iframe width=''.$width.'' height=''.$height.'' src=''.$type.$id.''></ifram
Found <iframe width="'.$width.'" height="'.$height.'" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="'.$src.'&output=embed"> in file misc.php.
Line 9: return '<div class='mom_map'><iframe width=''.$width.'' height=''.$height.'' frameborder='0' scrolling='
Found <iframe width="' . $atts['width'] . '" height="' . $atts['height'] . '" src="http://www.youtube.com/embed/' . $id . $autoplay . '" frameborder="0" allowfullscreen="true"> in file shortcodes.php.
Line 622: // $return[] = '<iframe width='' . $atts['width'] . '' height='' . $atts['height'] . '' src
Found <iframe width="<?php echo $vi_width; ?>" height="<?php echo $vi_height; ?>" src="//www.youtube.com/embed/<?php echo $video_id; ?> in file post-formats.php.
Line 49: <iframe width='<?php echo $vi_width; ?>' height='<?php echo $vi_height; ?>'
Found <iframe width="100%" height="227" src="http://www.youtube.com/embed/<?php echo $id; ?> in file video-widget.php.
Line 36: <iframe width='100%' height='227' src='http://www.youtube.com/embed/<?php e
Found <iframe width="100%" height="166" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=<?php echo $url ; ?> in file soundcloud.php.
Line 31: <iframe width='100%' height='166' scrolling='no' frameborder='no' src='http
Found <iframe width="100%" height="<?php echo $height; ?>" src="//www.mixcloud.com/widget/iframe/?feed=<?php echo $url; ?> in file mix-cloud.php.
Line 31: <iframe width='100%' height='<?php echo $height; ?>' src='//www.mixcloud.co
Found <iframe src="//www.facebook.com/plugins/likebox.php?href=<?php echo $page ; ?> in file fb_likebox.php.
Line 38: <iframe src='//www.facebook.com/plugins/likebox.php?href=<?php echo $page ;
Malware : Operations on file system
file_get_contents was found in the file tools.php
Line 769: $code = file_get_contents( sanitize_text_field( $_REQUEST['code'] ) );
fopen was found in the file Mailchimp.php
Line 206: $curl_buffer = fopen('php://memory', 'w+');
fclose was found in the file Mailchimp.php
Line 217: fclose($curl_buffer);
file_get_contents was found in the file Mailchimp.php
Line 238: $apikey = trim(file_get_contents($path));
file_get_contents was found in the file function.php
Line 137: $hash = unserialize(file_get_contents('http://vimeo.com/api/v2/video/$vId.php'));
file_put_contents was found in the file class.redux_filesystem.php
Line 137: $res = file_put_contents( $file, $content );
file_get_contents was found in the file class.redux_filesystem.php
Line 146: $res = file_get_contents( $file );
fwrite was found in the file scss.inc.php
Line 830: fwrite(STDERR, 'Line $line DEBUG: $value\n');
file_get_contents was found in the file scss.inc.php
Line 1652: $code = file_get_contents($path);
Line 4430: $imports = unserialize(file_get_contents($icache));
Line 4468: $css = $this->scss->compile(file_get_contents($in), $in);
Line 4529: echo file_get_contents($output);
file_get_contents was found in the file scss.inc.php
Line 1652: $code = file_get_contents($path);
Line 4430: $imports = unserialize(file_get_contents($icache));
Line 4468: $css = $this->scss->compile(file_get_contents($in), $in);
Line 4529: echo file_get_contents($output);
file_get_contents was found in the file scss.inc.php
Line 1652: $code = file_get_contents($path);
Line 4430: $imports = unserialize(file_get_contents($icache));
Line 4468: $css = $this->scss->compile(file_get_contents($in), $in);
Line 4529: echo file_get_contents($output);
file_put_contents was found in the file scss.inc.php
Line 4475: file_put_contents($out, $css);
Line 4476: file_put_contents($this->importsCacheName($out),
file_put_contents was found in the file scss.inc.php
Line 4475: file_put_contents($out, $css);
Line 4476: file_put_contents($this->importsCacheName($out),
file_get_contents was found in the file scss.inc.php
Line 1652: $code = file_get_contents($path);
Line 4430: $imports = unserialize(file_get_contents($icache));
Line 4468: $css = $this->scss->compile(file_get_contents($in), $in);
Line 4529: echo file_get_contents($output);
fopen was found in the file class.csstidy.php
Line 473: $handle = fopen('temp/' . $filename, 'w');
fwrite was found in the file class.csstidy.php
Line 476: fwrite($handle, $this->print->plain());
Line 478: fwrite($handle, $this->print->formatted_page($doctype, $externalcss, $title
fwrite was found in the file class.csstidy.php
Line 476: fwrite($handle, $this->print->plain());
Line 478: fwrite($handle, $this->print->formatted_page($doctype, $externalcss, $title
fclose was found in the file class.csstidy.php
Line 481: fclose($handle);
file_get_contents was found in the file class.csstidy.php
Line 501: $content = strip_tags(file_get_contents($content), '<span>');
Line 518: return $this->parse(@file_get_contents($url));
file_get_contents was found in the file class.csstidy.php
Line 501: $content = strip_tags(file_get_contents($content), '<span>');
Line 518: return $this->parse(@file_get_contents($url));
file_get_contents was found in the file class.csstidy_print.php
Line 145: $cssparsed = file_get_contents('cssparsed.css');
file_get_contents was found in the file class.redux_sass.php
Line 52: $ids = file_get_contents(self::$matrix_file);
file_put_contents was found in the file class.redux_sass.php
Line 59: $ret = @file_put_contents(self::$matrix_file, $ids);
Line 166: $ret = @file_put_contents($css_file, $new_css);
Line 206: $ret = @file_put_contents($scss_path . '/' . $filename . '.css', $new_css);
file_put_contents was found in the file class.redux_sass.php
Line 59: $ret = @file_put_contents(self::$matrix_file, $ids);
Line 166: $ret = @file_put_contents($css_file, $new_css);
Line 206: $ret = @file_put_contents($scss_path . '/' . $filename . '.css', $new_css);
file_put_contents was found in the file class.redux_sass.php
Line 59: $ret = @file_put_contents(self::$matrix_file, $ids);
Line 166: $ret = @file_put_contents($css_file, $new_css);
Line 206: $ret = @file_put_contents($scss_path . '/' . $filename . '.css', $new_css);
file_get_contents was found in the file sample-config.php
Line 1373: 'content' => file_get_contents( dirname( __FILE__ ) . '/../README.md' )
Line 1625: 'content' => nl2br( file_get_contents( trailingslashit( dirname( __FILE__ ) ) . 'README.html' )
file_get_contents was found in the file sample-config.php
Line 1373: 'content' => file_get_contents( dirname( __FILE__ ) . '/../README.md' )
Line 1625: 'content' => nl2br( file_get_contents( trailingslashit( dirname( __FILE__ ) ) . 'README.html' )
Malware : Network operations
curl_init was found in the file TwitterAPIExchange.php
Line 212: $feed = curl_init();
curl_exec was found in the file TwitterAPIExchange.php
Line 214: $json = curl_exec($feed);
curl_init was found in the file Mailchimp.php
Line 156: $this->ch = curl_init();
curl_exec was found in the file Mailchimp.php
Line 210: $response_body = curl_exec($ch);
curl_init was found in the file p.php
Line 185: $ch = curl_init( $url );
curl_exec was found in the file p.php
Line 211: list( $header, $contents ) = array_merge( array( '', '' ), preg_split( '/([\r\n][\r\n])\1/', curl_exec( $ch ), 2 ) );
Admin menu : Themes that support admin pages should use add_theme_page() instead of other functions (add_admin_page, add_submenu_page...)
File sunrise.php :
Line 74: add_menu_page( $menu['page_title'], $menu['menu_title'], $menu['capability'
File class-tgm-plugin-activation.php :
Line 329: add_submenu_page(
File debug.php :
Line 74: add_submenu_page(
File welcome.php :
Line 39: add_dashboard_page(
Line 47: add_dashboard_page(
Line 55: add_dashboard_page(
Line 63: add_dashboard_page(
File import_export.php :
Line 147: add_submenu_page(
File framework.php :
Line 1246: // wrappers and need to be appened to using add_submenu_page.
Line 1297: $this->page = add_submenu_page(
Line 1358: add_submenu_page(
Line 1382: add_submenu_page(
Deprecated functions : wp_specialchars
wp_specialchars found in file attachment.php. Deprecated since version 2.8. Use esc_html() instead.
Line 19: <a href='<?php echo wp_get_attachment_url($post->ID) ?>' title='<?php echo wp_specialchars( get_the_title($post->ID), 1 ) ?>' rel='attachment'><?php e
Warnings
Unwanted directories : GIT revision control directory
GIT revision control directory
.git was found.
Unwanted files : Windows thumbnail store
thumbs.db was found.
PHP short tags : Presence of PHP short tags
PHP short tags were found in file category-slider.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.
Line 216: <?PHP $rndn = rand(0,100); $timeout = mom_option('cat_slider_timeout'); ?>
PHP short tags were found in file parsedown.php. "This practice is discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option" (php.net), which is not the case on many servers.
Line 838: if (preg_match('/^\[(.+?)\]:[ ]*<?(\S+?)>?(?:[ ]+['\'(](.+)['\')])?[ ]*$/', $Line['text'], $matches))
Inapropriate constants : Use of STYLESHEETPATH
Constant STYLESHEETPATH was found in the file shortcodes.php. Use get_stylesheet_directory() instead.
Line 1311: // if ( file_exists( STYLESHEETPATH . '/' . $atts['template'] ) ) load_template( STYLESHEETPATH
Inapropriate constants : Use of TEMPLATEPATH
Constant TEMPLATEPATH was found in the file shortcodes.php. Use get_template_directory() instead.
Line 1313: // elseif ( file_exists( TEMPLATEPATH . '/' . $atts['template'] ) ) load_template( TEMPLATEPATH . '/
Custom elements : Presence of custom header
No reference to custom header was found in the theme.
Custom elements : Presence of custom background
No reference to custom background was found in the theme.
Deprecated functions : wp_load_image
wp_load_image found in file tools.php. Deprecated since version 3.5. Use wp_get_image_editor() instead.
Line 432: $image = wp_load_image( $file_path );
Deprecated functions : screen_icon
screen_icon found in file class-tgm-plugin-activation.php. Deprecated since version 3.8. Use none instead.
Line 365: <?php screen_icon( apply_filters( 'tgmpa_default_screen_icon', 'themes' ) ); ?>
Line 1490: screen_icon( apply_filters( 'tgmpa_default_screen_icon', 'themes' ) );
Editor style : Presence of editor style
No reference to add_editor_style() was found in the theme. It is recommended that the theme implements editor styling, so as to make the editor content match the resulting post output in the theme, for a better user experience.
I18N implementation : Proper use of _e(
Possible variable $this->message found in translation function in class-tgm-plugin-activation.php. Translation function calls should not contain PHP variables.
Line 369: <?php if ( isset( $this->message ) ) _e( wp_kses_post( $this->message ), 'framework' ); ?>
I18N implementation : Proper use of ___all(
Possible variable $cvalue found in translation function in shipping-calculator.php. Translation function calls should not contain PHP variables.
Line 55: echo '<option value='' . esc_attr( $ckey ) . '' ' . selected( $current_r, $ckey, false ) . '>' . __( esc_html( $cvalue ), 'woocommerce' ) .'</option>';
Date and time implementation : Use of the_time()
At least one hard coded date was found in the file media.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file magazine.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file search.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file archive.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file news-tabs.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file news-boxes.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file feature-slider.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file scroller.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file ajax-full.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file media-tabs.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file nb-sm.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file nb-tabs.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file post-related.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file category-slider.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file post-head.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file blog.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file multinews.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file review-system.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file related-posts-widget.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file posts-widget.php. Function get_option( 'date_format' ) should be used instead.
At least one hard coded date was found in the file postsList-widget.php. Function get_option( 'date_format' ) should be used instead.
Info
Optional files : Presence of rtl stylesheet rtl.css
This theme does not contain optional file rtl.php.
Optional files : Presence of front page template file front-page.php
This theme does not contain optional file front-page.php.
Optional files : Presence of tag template file tag.php
This theme does not contain optional file tag.php.
Use of includes : Use of include or require
The theme appears to use include or require : ajax-full.php
Line 1411: require(MOM_FW . '/inc/mailchimp/Mailchimp.php');
If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
The theme appears to use include or require : class.csstidy.php
Line 44: require( dirname( __FILE__ ) . '/data.inc.php' );
Line 51: require( dirname( __FILE__ ) . '/class.csstidy_print.php' );
Line 58: require( dirname( __FILE__ ) . '/class.csstidy_optimise.php' );
If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
The theme appears to use include or require : field_button_set.php
Line 46: * ['format'] string Formatting options for paginate fields. Options include ('currency','nice','niceShort','timeAgoInWords' or a valid Date() f
If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
The theme appears to use include or require : class.redux_sass.php
Line 140: require( 'scssphp/scss.inc.php' );
Line 191: require( 'scssphp/scss.inc.php' );
If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.
The theme appears to use include or require : framework.php
Line 1925: include( ABSPATH . 'wp-includes/pluggable.php' );
If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Otherwise, use include_once or require_once instead.