WP-Safety

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress Security & Risk Analysis

wordpress.org/plugins/af-companion

Quickly import live demo content, widgets and settings with one click

10K active installs v1.2.14 PHP + WP 4.0+ Updated Dec 10, 2025
contentdemoimportone-clickwidgets
100
A · Safe
CVEs total1
Unpatched0
Last CVEDec 27, 2021
Plugin page Download
Safety Verdict

Is AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 27, 2021Updated 3mo ago
Risk Assessment

The 'af-companion' plugin v1.2.14 exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of SQL queries using prepared statements and nearly all output being properly escaped, indicating efforts to prevent common web vulnerabilities. The presence of nonce and capability checks on most entry points further strengthens its defenses. However, there are notable areas of concern. The plugin has one unprotected AJAX handler, which represents a direct attack vector that could be exploited if proper input validation and authorization are not implemented within that handler. The use of the `unserialize` function, while only one instance, is a known security risk and can lead to Remote Code Execution if untrusted data is processed. The vulnerability history shows a single medium-severity CVE in the past, specifically related to CSRF, which is concerning as it suggests a historical weakness in handling user actions securely. While there are no currently unpatched vulnerabilities, this past incident and the presence of a dangerous function warrant vigilance. Overall, the plugin has some strong security fundamentals but requires immediate attention to address the unprotected AJAX endpoint and the potential risks associated with unserialize.

Key Concerns

  • Unprotected AJAX handler
  • Dangerous function unserialize detected
  • Past medium CVE (CSRF)
Vulnerabilities
1

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-ea5215b3-fd25-4ca5-b651-18c935aa2ca0-af-companionmedium · 5.4Cross-Site Request Forgery (CSRF)

AF Companion <= 1.1.2 - Cross-Site Request Forgery

Dec 27, 2021 Patched in 1.2.0 (757d)
Code Analysis
Analyzed Mar 16, 2026

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
5 prepared
Unescaped Output
1
72 escaped
Nonce Checks
3
Capability Checks
6
File Operations
6
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$data = unserialize( $raw );inc\class-aftc-customizer-importer.php:51

Bundled Libraries

Freemius1.0

SQL Query Safety

71% prepared7 total queries

Output Escaping

99% escaped73 total outputs
Attack Surface
1 unprotected

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_AFTC_import_demo_datainc\class-aftc-main.php:63
authwp_ajax_aftc_install_activate_pluginsinc\import-packages\import-packages.php:3
noprivwp_ajax_aftc_install_activate_pluginsinc\import-packages\import-packages.php:4
WordPress Hooks 15
actionadmin_noticesaf-companion.php:33
actionadmin_menuinc\class-aftc-main.php:61
actionadmin_enqueue_scriptsinc\class-aftc-main.php:62
actionafter_setup_themeinc\class-aftc-main.php:64
actionplugins_loadedinc\class-aftc-main.php:65
filterwxr_importer.pre_process.userinc\class-aftc-main.php:781
filterwxr_importer.pre_process.postinc\class-aftc-main.php:784
filterintermediate_image_sizes_advancedinc\class-aftc-main.php:788
filteraf-companion/import_filesinc\demo-importer.php:2
actionaf-companion/after_importinc\demo-importer.php:203
filterimport_post_meta_keyinc\importer\class-wxr-importer.php:324
filterhttp_request_timeoutinc\importer\class-wxr-importer.php:325
actionadmin_noticesinc\notice-upgrade.php:39
filteraftc_upgrade_notice_dismissinc\notice-upgrade.php:160
filteraftc_upgrade_notice_dismissinc\notice-upgrade.php:162
Maintenance & Trust

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version
Downloads381K

Community Trust

Rating96/100
Number of ratings30
Active installs10K
Alternatives

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress Alternatives

Rara One Click Demo Import

Rara One Click Demo Import

rara-one-click-demo-import

A
91

Make your website look like the live demo of the theme with a click!

20K 1 CVE
Blaze Demo Importer

Blaze Demo Importer

blaze-demo-importer

A
96

Blaze Demo Importer can be used in all the official themes developed by BlazeThemes.

8K 2 CVEs
Kits, Templates and Patterns

Kits, Templates and Patterns

kits-templates-and-patterns

A
100

Import Kits, Templates and Patterns with just one click.

5K No CVEs
SKT Themes Demo Import

SKT Themes Demo Import

skt-themes-demo-importer

A
100

Live demo content can be imported quickly in just one click including all widgets and settings.

5K No CVEs
Theme Demo Import

Theme Demo Import

theme-demo-import

D
49

Quickly import demo content, widgets and settings in one click. Made for theme authors to simplify importing demo content for their users.

5K 2 unpatched
Developer Profile

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress Developer Profile

AF themes

64 plugins · 96K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
160 days
View full developer profile
Detection Fingerprints

How We Detect AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/af-companion/css/bootstrap.min.css/wp-content/plugins/af-companion/css/main.css/wp-content/plugins/af-companion/css/toast.css/wp-content/plugins/af-companion/inc/demo-importer/assets/css/demo-importer.css/wp-content/plugins/af-companion/inc/demo-importer/assets/js/demo-importer.js/wp-content/plugins/af-companion/inc/demo-importer/assets/js/jquery.tabledit.min.js/wp-content/plugins/af-companion/inc/demo-importer/assets/js/main.js/wp-content/plugins/af-companion/inc/demo-importer/assets/js/toast.js+5 more
Script Paths
/wp-content/plugins/af-companion/inc/demo-importer/assets/js/demo-importer.js/wp-content/plugins/af-companion/inc/demo-importer/assets/js/jquery.tabledit.min.js/wp-content/plugins/af-companion/inc/demo-importer/assets/js/main.js/wp-content/plugins/af-companion/inc/demo-importer/assets/js/toast.js/wp-content/plugins/af-companion/inc/import-packages/assets/js/import-packages.js/wp-content/plugins/af-companion/inc/import-packages/assets/js/jquery.magnific-popup.min.js+2 more
Version Parameters
af-companion/css/bootstrap.min.css?ver=af-companion/css/main.css?ver=af-companion/css/toast.css?ver=af-companion/inc/demo-importer/assets/css/demo-importer.css?ver=af-companion/inc/demo-importer/assets/js/demo-importer.js?ver=af-companion/inc/demo-importer/assets/js/jquery.tabledit.min.js?ver=af-companion/inc/demo-importer/assets/js/main.js?ver=af-companion/inc/demo-importer/assets/js/toast.js?ver=af-companion/inc/import-packages/assets/css/import-packages.css?ver=af-companion/inc/import-packages/assets/js/import-packages.js?ver=af-companion/inc/import-packages/assets/js/jquery.magnific-popup.min.js?ver=af-companion/inc/import-packages/assets/js/jquery.waypoints.min.js?ver=af-companion/inc/import-packages/assets/js/owl.carousel.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
af-companion-wrapaftc-admin-page-wrapperaftc-btn-importaftc-demo-import-contentaftc-import-package-itemaftc-import-packages-wrapaftc-loader-wrapaftc-site-content+4 more
Data Attributes
data-aftc-tabdata-import-id
JS Globals
aftc_demo_dataAFTC_importer_data
FAQ

Frequently Asked Questions about AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress