[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-xlg4k-neJAwmeMInHWl1SsU7EN_ECTMd3YpPJ7T1iw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":57,"analysis":151,"fingerprints":216},"astra-import-export","Import \u002F Export Customizer Settings","1.1.0","Brainstorm Force","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrainstormforce\u002F","\u003Cp>Astra theme customizer offers several settings for header\u002Ffooter layout, sidebar and blog designs, colors, backgrounds, typography and much more. You need to tweak the number of settings to make your site look flawless. These settings can be moved to other Astra sites easily with Import \u002F Export Customizer Settings plugin. It will save repetitive work to arrange all customizer settings for each new Astra site or while moving the site from local to live.\u003C\u002Fp>\n\u003Cp>It is an easy-to-use plugin for the Astra theme that lets you import-export customizer settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This Import\u002FExport plugin is created only for the \u003Ca href=\"https:\u002F\u002Fwpastra.com\u002F?utm_source=wp-repo&utm_campaign=home-page-banner-for-astra-theme&utm_medium=description\" rel=\"nofollow ugc\">Astra theme\u003C\u002Fa>. You should have the Astra theme installed and activated on your website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbsf.io\u002Fastra-import-export-demo\" rel=\"nofollow ugc\">Try it out on a free dummy site\u003C\u002Fa>\u003C\u002Fp>\n","Astra theme customizer offers several settings for header\u002Ffooter layout, sidebar and blog designs, colors, backgrounds, typography and much more.",50000,1008491,94,6,"2025-12-01T09:46:00.000Z","6.9.4","4.4","5.4",[20,21,22,23,24],"astra-addons-export","customizer-settings","import","settings","theme-settings","https:\u002F\u002Fwpastra.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fastra-import-export.1.1.0.zip",100,1,0,"2020-09-16 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2020-36737","import-export-customizer-settings-cross-site-request-forgery-bypass","Import \u002F Export Customizer Settings \u003C= 1.0.3 - Cross-Site Request Forgery Bypass","The Import \u002F Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C1.0.4","1.0.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F194face3-36ac-4137-af9a-0b98f60e3afb?source=api-prod",1224,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":54,"trust_score":55,"computed_at":56},"brainstormforce",32,8627510,98,196,78,"2026-04-03T18:39:45.481Z",[58,83,102,120,132],{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":29,"last_vuln_date":82,"fetched_at":31},"one-click-demo-import","One Click Demo Import","3.4.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>The best feature of this plugin is, that theme authors can define import files in their themes and so all you (the user of the theme) have to do is click on the “Import Demo Data” button.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Are you a theme author?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Setup One Click Demo Imports for your theme and your users will thank you for it!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fquick-integration-guide\u002F\" rel=\"nofollow ugc\">Follow this easy guide on how to setup this plugin for your themes!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Are you a theme user?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contact the author of your theme and \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F\" rel=\"nofollow ugc\">let them know about this plugin\u003C\u002Fa>. Theme authors can make any theme compatible with this plugin in 15 minutes and make it much more user-friendly.\u003C\u002Fp>\n\u003Cp>“\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F#how-can-you-contact-your-theme-author\" rel=\"nofollow ugc\">Where can I find the theme author contact?\u003C\u002Fa>“\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Please take a look at our \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fuser-guide\u002F\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa> for more information on how to import your demo content.\u003C\u002Fp>\n\u003Cp>This plugin is using the modified version of the improved WP import 2.0 that is still in development and can be found here: https:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer.\u003C\u002Fp>\n\u003Cp>NOTE: There is no setting to “connect” authors from the demo import file to the existing users in your WP site (like there is in the original WP Importer plugin). All demo content will be imported under the current user.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Do you want to contribute?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please refer to our official \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fawesomemotive\u002Fone-click-demo-import\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.",1000000,19902961,86,79,"2025-09-11T09:36:00.000Z","6.8.5","5.5","7.4",[75,22,23,76,77],"content","theme-options","widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fone-click-demo-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-click-demo-import.3.4.0.zip",97,2,"2024-05-07 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":28,"last_updated":94,"tested_up_to":16,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":99,"download_link":100,"security_score":53,"vuln_count":81,"unpatched_count":29,"last_vuln_date":101,"fetched_at":31},"catch-themes-demo-import","Catch Themes Demo Import","2.2","Catch Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcatchplugins\u002F","\u003Cp>Catch Themes Demo Import is a free demo importer WordPress plugin that lets you import the demo you desire in just a single click. The plugin works out of the box; all you have to do is install and activate the plugin and all the demos available on your currently used theme will be on your fingertips (visit \u003Cstrong>Appearance=> Import Demo Data\u003C\u002Fstrong>). If the theme doesn’t have any predefined import files, you’ll have to upload three files – a demo content XML file for content import, a WIE\u002FJSON file for widget import, and a DAT file for customizer import. With the plugin activated, whether you have predefined demo files available or not, you’ll be able to import demos on your website without any hesitancy. Download Catch Themes Demo Import today and start importing theme demos to your website without affecting your wallet!\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Are you a theme author?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Setup Catch Themes Demo Import for your theme and your users will thank you for it!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin will create a submenu page under Appearance with the title \u003Cstrong>Import demo data\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>If the theme you are using does not have any predefined import files, then you will be presented with three file upload inputs. First one is required and you will have to upload a demo content XML file, for the actual demo import. The second one is optional and will ask you for a WIE or JSON file for widgets import. You create that file using the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwidget-importer-exporter\u002F\" rel=\"ugc\">Widget Importer & Exporter\u003C\u002Fa> plugin. The third one is also optional and will import the customizer settings, select the DAT file which you can generate from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcatch-import-export\u002F\" rel=\"ugc\">Catch Import Export\u003C\u002Fa> plugin (the customizer settings will be imported only if the export file was created from the same theme). The final one is optional as well and will import your Redux framework settings. You can generate the export json file with the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fredux-framework\u002F\" rel=\"ugc\">Redux framework\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>This plugin is using the improved WP import 2.0 that is still in development and can be found here: https:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer.\u003C\u002Fp>\n\u003Cp>All progress of this plugin’s work is logged in a log file in the default WP upload directory, together with the demo import files used in the importing process.\u003C\u002Fp>\n\u003Cp>NOTE: There is no setting to “connect” authors from the demo import file to the existing users in your WP site (like there is in the original WP Importer plugin). All demo content will be imported under the current user.\u003C\u002Fp>\n","Catch Themes Demo Import is a simple and easy-to-use demo importer WordPress plugin that allows you to import the theme demo data Based on One Click D …",6000,248018,20,"2026-02-25T07:53:00.000Z","5.9","",[75,98,22,23,76],"demo","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcatch-themes-demo-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcatch-themes-demo-import.2.2.zip","2022-02-07 00:00:00",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":27,"downloaded":110,"rating":29,"num_ratings":29,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":117,"download_link":118,"security_score":119,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"xolo-websites","Xolo Websites","1.6","Xolo Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fxolosoftware\u002F","\u003Ch4>FREE TEMPLATES FOR ELEMENTOR PAGE BUILDER\u003C\u002Fh4>\n\u003Cp>Create the professional designed pixel perfect websites for every business such as a blog, portfolio, agency, landing page, application page, freelancer’s, magazine, and more.\u003C\u002Fp>\n\u003Cp>This plugin gives you access to 10+ pre-made full website templates for your favorite page builder such as Elementor.\u003C\u002Fp>\n\u003Ch4>GET A WEBSITE LIVE IN 3 CLICKS!\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate Xolo Websites Plugin\u003C\u002Fli>\n\u003Cli>Pick a website that suits your needs\u003C\u002Fli>\n\u003Cli>Import the website\u003C\u002Fli>\n\u003Cli>Done!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Use this Prebuilt templates as a base for your project and don’t waste time starting from scratch!\u003C\u002Fp>\n\u003Cp>\u003Cem>\u003Ca href=\"https:\u002F\u002Fwpxolo.com\u002Fready-website\u002F\" rel=\"nofollow ugc\">See list of all available templates to import »\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>Xolo Websites WordPress Plugin\u003Cbr \u002F>\nXolo Websites is distributed under the terms of the GNU GPL\u003C\u002Fp>\n\u003Ch3>Xolo Websites bundles the following third-party resources:\u003C\u002Fh3>\n\u003Cp>One Click Demo Import v2.5.2, Copyright 2019\u003Cbr \u002F>\nLicense: GPLv3 or later\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002FAwesomeMotive\u002Fone-click-demo-import\u003C\u002Fp>\n","FREE TEMPLATES FOR ELEMENTOR PAGE BUILDER",13765,"2023-03-21T12:04:00.000Z","6.1.10","5.0","5.6",[98,116,22,23,103],"elementor","https:\u002F\u002Fxolowebsites.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxolo-websites.1.6.zip",85,{"slug":121,"name":122,"version":123,"author":106,"author_profile":107,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":29,"num_ratings":29,"last_updated":128,"tested_up_to":129,"requires_at_least":113,"requires_php":114,"tags":130,"homepage":96,"download_link":131,"security_score":119,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"xolo-addon","Xolo Addon","1.5","\u003Cp>Xolo Addon gives you attractive Elementor widget to your websites. Its perfect test for \u003Ca href=\"https:\u002F\u002Fxolotheme.com\u002Fthemes\u002F\" rel=\"nofollow ugc\">Xolo Theme\u003C\u002Fa>, But You can use for another theme also Astra, Sinatra and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Available Widgets:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>✅ Slider Widget\u003Cbr \u002F>\n✅ Features Widget\u003Cbr \u002F>\n✅ About Widget\u003Cbr \u002F>\n✅ CEO Box Widget\u003Cbr \u002F>\n✅ Funfact Widget\u003Cbr \u002F>\n✅ Info Widget\u003Cbr \u002F>\n✅ Service Widget\u003Cbr \u002F>\n✅ Section Title Widget\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Xolo Addon WordPress plugin, Copyright (C) 2024 Specia Theme\u003Cbr \u002F>\nXolo Addon WordPress plugin is licensed under the GPLv3 (http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.html).\u003C\u002Fp>\n","Xolo Addon gives you attractive Elementor widget to your websites. Its perfect test for Xolo Theme, But You can use for another theme also Astra, Sina …",40,2237,"2024-01-02T11:46:00.000Z","6.4.8",[98,116,22,23,121],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxolo-addon.1.5.zip",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":140,"downloaded":141,"rating":27,"num_ratings":81,"last_updated":142,"tested_up_to":143,"requires_at_least":144,"requires_php":96,"tags":145,"homepage":149,"download_link":150,"security_score":119,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"buddypress-groups-import","BuddyPress Groups Import","0.3","Turker YILDIRIM","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrkr\u002F","\u003Cp>This plugin imports BuddyPress groups with their settings from a CSV file. It also supports \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp-group-hierarchy\u002F\" rel=\"ugc\">BP Group Hierarchy\u003C\u002Fa> plugin.\u003Cbr \u002F>\nPreapare CSV file, select bulk settings if needed and then click import. That’s all, enjoy.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Possible to enable group forum\u003C\u002Fli>\n\u003Cli>Possible to select group status\u003C\u002Fli>\n\u003Cli>Possible to select group invite status\u003C\u002Fli>\n\u003Cli>Possible to override CSV settings from admin page\u003C\u002Fli>\n\u003Cli>BP Group Hierarchy plugin support\u003C\u002Fli>\n\u003Cli>Possible to select parent group\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Released under the terms of the GNU General Public License.\u003C\u002Fp>\n","Import groups from CSV file into BuddyPress.",10,3675,"2016-05-12T11:01:00.000Z","4.5.33","4.3",[146,147,148,22,23],"buddypress","csv","group","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress-groups-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-groups-import.0.3.zip",{"attackSurface":152,"codeSignals":194,"taintFlows":206,"riskAssessment":207,"analyzedAt":215},{"hooks":153,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":29,"unprotectedCount":29},[154,160,166,171,175,179,181,185],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","plugins_loaded","astra_import_export_setup","astra-import-export.php",37,{"type":161,"name":162,"callback":163,"file":164,"line":165},"filter","astra_collect_customizer_builder_data","__return_true","inc\\classes\\class-astra-import-export-loader.php",54,{"type":155,"name":167,"callback":168,"priority":169,"file":164,"line":170},"after_setup_theme","init_admin_settings",99,55,{"type":155,"name":172,"callback":173,"file":164,"line":174},"admin_enqueue_scripts","enqueue_scripts",56,{"type":155,"name":176,"callback":177,"file":164,"line":178},"admin_init","export",57,{"type":155,"name":176,"callback":22,"file":164,"line":180},58,{"type":155,"name":182,"callback":183,"file":164,"line":184},"admin_notices","astra_admin_errors",59,{"type":155,"name":186,"callback":187,"priority":188,"file":164,"line":189},"astra_welcome_page_right_sidebar_content","astra_import_export_section",50,70,[],[],[],[],{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":198,"fileOperations":29,"externalRequests":29,"nonceChecks":204,"capabilityChecks":81,"bundledLibraries":205},[],{"prepared":29,"raw":29,"locations":197},[],{"escaped":199,"rawEcho":28,"locations":200},4,[201],{"file":164,"line":202,"context":203},334,"raw output",3,[],[],{"summary":208,"deductions":209},"The astra-import-export plugin version 1.1.0 demonstrates a strong security posture in its code analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength, minimizing the potential attack surface. Furthermore, the code adheres to good security practices by exclusively using prepared statements for SQL queries and implementing nonce checks and capability checks, indicating an effort to prevent common web vulnerabilities.  The high percentage of properly escaped output also contributes positively to its security.  However, the plugin's vulnerability history is a cause for concern. While there are no currently unpatched vulnerabilities, the single known CVE, a Cross-Site Request Forgery (CSRF) issue patched in 2020, suggests that the plugin has had security flaws in the past. This historical pattern, even with a single instance, warrants vigilance.  The lack of taint analysis results and file operations suggests no obvious pathways for code injection or file manipulation were detected in this analysis, but the absence of data here doesn't guarantee complete security.\n\nIn conclusion, astra-import-export v1.1.0 shows promising code-level security, particularly in its minimal attack surface and use of prepared statements and authentication checks. The primary weakness lies in its past vulnerability, specifically a CSRF issue. While currently no vulnerabilities are unpatched, users should remain aware of the plugin's history and ensure it is kept up-to-date to benefit from any future security patches. The lack of taint analysis data could be a limitation, as it may not cover all potential complex attack vectors.",[210,213],{"reason":211,"points":212},"Known CVE in history (CSRF)",5,{"reason":214,"points":81},"Minor unescaped output detected","2026-03-16T17:17:43.148Z",{"wat":217,"direct":228},{"assetPaths":218,"generatorPatterns":222,"scriptPaths":223,"versionParams":224},[219,220,221],"\u002Fwp-content\u002Fplugins\u002Fastra-import-export\u002Finc\u002Fassets\u002Fcss\u002Fmodern-admin-style.css","\u002Fwp-content\u002Fplugins\u002Fastra-import-export\u002Finc\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fastra-import-export\u002Fadmin\u002Fassets\u002Fbuild\u002Fdashboard-app.js",[],[221],[225,226,227],"astra-import-export\u002Finc\u002Fassets\u002Fcss\u002Fmodern-admin-style.css?ver=","astra-import-export\u002Finc\u002Fassets\u002Fcss\u002Fstyle.css?ver=","astra-import-export\u002Fadmin\u002Fassets\u002Fbuild\u002Fdashboard-app.js?ver=",{"cssClasses":229,"htmlComments":231,"htmlAttributes":232,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":236},[230],"astra-ie",[],[],[],[235],"ast_import_export_admin",[]]