This theme is prone to a file disclosure vulnerability via “download.php” file.
Update the theme.
packetstormsecurity.com/files/130108/