Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #18936


    due to some security issues at my WP installation I have made beside other things a theme check with this plugin:

    And there are obviously a lot of issues with CORONA; I’m mostly concerned about the red “warnings” like

    ... base64_encode ...

    in avia-export-class.php for example, fopen, fclose, and why is there a hidden file/folder “.ds_store”??

    It is in the original CORONA files, freshly downloaded at Themeforest.

    What is there to do with all these issues concerning the security?

    (my WP has been hacked by the “pharma hack” –>

    And this although I have installed Antivirus, Limit Login Attempts-plugin, several WP security plugins, using strong passwords, having no “admin” user, protecting wp-admin and wp-config.php with .htaccess and having the wp-config.php moved above the WP installation folder etc.

    So I’m currently checking all security vulnerabilities in my network – and therefor I’m worried about the “theme check” of CORONA.

    Any suggestions for this?

    Thanks a lot!


    Here is a PDF (600 kB) made with Fireshot of this theme check:


    Hi colorit2,

    The dst_store is a file created by apple. Since Kriesi compiles and works on a Mac it gets added in. See:

    There was a security fix in the most recent version of corona (1.4) so you should definitely download it and update. You can do so by re-downloading the theme from themeforest and then installing the theme in the same way you first installed it.



Viewing 3 posts - 1 through 3 (of 3 total)

The topic ‘Serious issues in original CORONA theme files – hacked WP installation’ is closed to new replies.