WP-Safety

Advanced Import: One-Click Demo Import for WordPress Security & Risk Analysis

wordpress.org/plugins/advanced-import

Advanced Import simplifies importing demo data for WordPress sites, enabling users to import posts, pages, media, widgets, customizer settings, and Gu …

90K active installs v1.4.5 PHP 5.6.20+ WP 5.0+ Updated Jan 14, 2025
customizer-importdemo-importgutenberg-importtheme-importwidget-import
91
A · Safe
CVEs total1
Unpatched0
Last CVENov 14, 2022
Plugin page Download
Safety Verdict

Is Advanced Import: One-Click Demo Import for WordPress Safe to Use in 2026?

Generally Safe

Score 91/100

Advanced Import: One-Click Demo Import for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 14, 2022Updated 1yr ago
Risk Assessment

The 'advanced-import' plugin v1.4.5 exhibits a mixed security posture. While it demonstrates strengths in areas like a high percentage of properly escaped output and a good rate of prepared SQL statements, significant concerns arise from its attack surface. All identified AJAX handlers lack authentication checks, presenting a substantial risk of unauthorized actions. The absence of permission callbacks for its entry points further exacerbates this, allowing any authenticated user to potentially trigger these functionalities. The plugin's vulnerability history, featuring a past high-severity CSRF vulnerability, suggests a prior lack of robust security measures, even though it is currently patched. The taint analysis did not reveal any high-severity issues, which is a positive sign. However, the broad exposure of AJAX handlers without any form of access control is the most pressing security concern, potentially overshadowing its other positive attributes.

Key Concerns

  • Unprotected AJAX handlers
  • High number of AJAX handlers
  • One High severity CVE history
Vulnerabilities
1

Advanced Import: One-Click Demo Import for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2022-3677high · 8.8Cross-Site Request Forgery (CSRF)

Advanced Import <= 1.3.7 - Cross-Site Request Forgery

Nov 14, 2022 Patched in 1.3.8 (435d)
Code Analysis
Analyzed Mar 16, 2026

Advanced Import: One-Click Demo Import for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
3 prepared
Unescaped Output
11
117 escaped
Nonce Checks
13
Capability Checks
15
File Operations
15
External Requests
7
Bundled Libraries
0

SQL Query Safety

75% prepared4 total queries

Output Escaping

91% escaped128 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
demo_download_and_unzip (admin\class-advanced-import-admin.php:548)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Advanced Import: One-Click Demo Import for WordPress Attack Surface

Entry Points8
Unprotected8

AJAX Handlers 8

authwp_ajax_advanced_import_ajax_setupincludes\class-advanced-import.php:277
authwp_ajax_demo_download_and_unzipincludes\class-advanced-import.php:278
authwp_ajax_plugin_screenincludes\class-advanced-import.php:279
authwp_ajax_install_pluginincludes\class-advanced-import.php:280
authwp_ajax_content_screenincludes\class-advanced-import.php:281
authwp_ajax_import_contentincludes\class-advanced-import.php:282
authwp_ajax_complete_screenincludes\class-advanced-import.php:283
authwp_ajax_advanced_import_before_resetincludes\class-advanced-import.php:289
WordPress Hooks 19
actioninitadmin\class-advanced-import-tracking.php:72
actionadmin_initadmin\class-advanced-import-tracking.php:73
actionadmin_initadmin\class-advanced-import-tracking.php:74
actionadmin_noticesadmin\class-advanced-import-tracking.php:75
actionadvanced_import_weekly_scheduled_eventsadmin\class-advanced-import-tracking.php:374
filteradvanced_import_demo_listsexample.php:84
filtercron_schedulesincludes\class-advanced-import-cron.php:31
actionwpincludes\class-advanced-import-cron.php:32
actionplugins_loadedincludes\class-advanced-import.php:251
actionadmin_enqueue_scriptsincludes\class-advanced-import.php:265
actionadmin_enqueue_scriptsincludes\class-advanced-import.php:266
actionmime_typesincludes\class-advanced-import.php:269
actionadmin_menuincludes\class-advanced-import.php:272
filterplugin_action_links_advanced-import/advanced-import.phpincludes\class-advanced-import.php:273
actioncurrent_screenincludes\class-advanced-import.php:274
actionwp_loadedincludes\class-advanced-import.php:286
actionadmin_initincludes\class-advanced-import.php:287
actionadmin_noticesincludes\class-advanced-import.php:288
filteradvanced_import_demo_listsincludes\class-theme-template-library-base.php:28

Scheduled Events 2

advanced_import_weekly_scheduled_events
advanced_import_daily_scheduled_events
Maintenance & Trust

Advanced Import: One-Click Demo Import for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 14, 2025
PHP min version5.6.20
Downloads1.7M

Community Trust

Rating88/100
Number of ratings7
Active installs90K
Alternatives

Advanced Import: One-Click Demo Import for WordPress Alternatives

UnfoldWP Import Companion

UnfoldWP Import Companion

unfoldwp-import-companion

A
92

UnfoldWP Import Companion eases the process of one click importing starter templates for UnfoldWP themes. Needs One Click Demo Import to work.

900 No CVEs
ThemeinWP Import Companion

ThemeinWP Import Companion

themeinwp-import-companion

A
85

The plugin simply store data to import.

4K No CVEs
Demo Importer Companion

Demo Importer Companion

demo-importer-companion

A
85

A powerful tool designed to streamline and enhance the process of importing and setting up demo content for your WordPress website.

200 No CVEs
Customizer Export/Import

Customizer Export/Import

customizer-export-import

A
96

Easily export or import your WordPress customizer settings!

100K 3 CVEs
Keon Toolset

Keon Toolset

keon-toolset

A
100

Import dummy data for themes developed by Keon Themes.

30K No CVEs
Developer Profile

Advanced Import: One-Click Demo Import for WordPress Developer Profile

AddonsPress

5 plugins · 92K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
221 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Import: One-Click Demo Import for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-import/css/advanced-import-admin.css/wp-content/plugins/advanced-import/js/advanced-import-admin.js/wp-content/plugins/advanced-import/css/advanced-import-public.css/wp-content/plugins/advanced-import/js/advanced-import-public.js
Script Paths
/wp-content/plugins/advanced-import/js/advanced-import-admin.js/wp-content/plugins/advanced-import/js/advanced-import-public.js
Version Parameters
advanced-import/css/advanced-import-admin.css?ver=advanced-import/js/advanced-import-admin.js?ver=advanced-import/css/advanced-import-public.css?ver=advanced-import/js/advanced-import-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
advanced-import-wrapadvanced_import_settingsadvanced-import-loader-containerai-demo-list-item
HTML Comments
Advanced Import Page WrapperAdvanced Import LoaderAdvanced Import ErrorAdvanced Import Success
Data Attributes
data-plugin-name="advanced-import"data-plugin-version="1.4.5"
JS Globals
advanced_import_admin_paramsadvanced_import_public_paramsadvanced_import_vars
REST Endpoints
/wp-json/advanced-import/v1/import-data/wp-json/advanced-import/v1/get-demo-list/wp-json/advanced-import/v1/process-import
Shortcode Output
[advanced_import_demo_list]
FAQ

Frequently Asked Questions about Advanced Import: One-Click Demo Import for WordPress