[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fH31iv8N5YivpOA49i824q_ax8ysADP2Mf-tya17qY6w":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":56,"analysis":146,"fingerprints":608},"athemes-starter-sites","aThemes Starter Sites","1.1.7","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>We’ve got a full and ever-growing library stocked with ready-made templates for any kind of business.\u003C\u002Fp>\n\u003Ch3>ATHEMES STARTER SITES\u003C\u002Fh3>\n\u003Cp>Business owners, freelancers, Online Store Owners, and creatives: get ready to build and launch an awesome website in no-time, all by yourself! With our aThemes Starter Sites plugin, you can take your pick from plenty of starter sites, such as business, portfolio, and e-commerce. Then get creative and customize it to match your branding, all without writing a single line of code. Select the demo that suits your needs, import, tweak, and go live!\u003C\u002Fp>\n\u003Ch4>Pick your website template\u003C\u002Fh4>\n\u003Cp>We’ve got a full and ever-growing library stocked with ready-made templates for any kind of business.\u003C\u002Fp>\n\u003Ch4>Add your own awesome content\u003C\u002Fh4>\n\u003Cp>Add your own text, photos, videos, vector art, and more is a breeze by Gutenberg, Elementor, and different website builders.\u003C\u002Fp>\n\u003Ch4>Customize your site\u003C\u002Fh4>\n\u003Cp>Make your starter site really yours. Tweak your site with different fonts, color palettes, and more to fit your style.\u003C\u002Fp>\n\u003Ch4>Let’s go live\u003C\u002Fh4>\n\u003Cp>Ready to grow your business with a website that stands out from the crowd? Publish your page in just a few clicks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Happy Building!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>LIST OF STARTER SITES TO IMPORT\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fathemes.com\u002Fsydney-demos\u002F\" rel=\"nofollow ugc\">Sydney Starters Sites\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fathemes.com\u002Fairi-demos\u002F\" rel=\"nofollow ugc\">Airi Starters Sites\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fathemes.com\u002Ftheme\u002Fbotiga\u002F\" rel=\"nofollow ugc\">Botiga\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","We've got a full and ever-growing library stocked with ready-made templates for any kind of business.",40000,1885371,40,2,"2026-03-03T16:41:00.000Z","6.8.5","4.0","5.4",[20,21,22,23,24],"athemes","demos","elementor","import","sites","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fathemes-starter-sites.1.1.7.zip",99,1,0,"2024-07-26 21:43:39","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":28},"CVE-2024-6897","athemes-starter-sites-authenticated-author-stored-cross-site-scripting-via-svg-file-upload","aThemes Starter Sites \u003C= 1.0.53 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload","The aThemes Starter Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",null,"\u003C=1.0.53","1.0.54","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-07-27 11:13:39",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc0d06c02-fad7-4d2f-a230-03723ba828b3?source=api-prod",{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"smub",94,23510130,91,795,73,"2026-04-03T17:39:35.263Z",[57,74,95,113,129],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":29,"num_ratings":29,"last_updated":25,"tested_up_to":67,"requires_at_least":17,"requires_php":68,"tags":69,"homepage":25,"download_link":71,"security_score":72,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":73},"emoza-starter-sites","Emoza Starter Sites","1.0.0","Emoza","https:\u002F\u002Fprofiles.wordpress.org\u002Femoza\u002F","\u003Cp>Quickly import demo content for the Emoza theme and launch your site with a professional look in minutes!\u003C\u002Fp>\n\u003Ch3>EMOZA STARTER SITES\u003C\u002Fh3>\n\u003Cp>Effortlessly set up your site with the Emoza Starter Site Demo Import plugin! Designed for the Emoza theme, this plugin lets you quickly import complete demo content, layouts, and settings—giving your website a professional, ready-to-use look in minutes. Perfect for getting your site up and running with ease!\u003C\u002Fp>\n","Quickly import demo content for the Emoza theme and launch your site with a professional look in minutes!",80,542,"6.7.5","7.4",[21,22,70,23,24],"emoza","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femoza-starter-sites.1.0.0.zip",100,"2026-03-15T10:48:56.248Z",{"slug":75,"name":76,"version":6,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":29,"num_ratings":29,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":92,"download_link":93,"security_score":94,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"aarambha-demo-sites","Aarambha Demo Sites","aarambhathemes","https:\u002F\u002Fprofiles.wordpress.org\u002Faarambhathemes\u002F","\u003Cp>Aarambha Demo Sites – it is the perfect plugin to import already inbuilt theme’s demos into your business websites within a click. It shows predefined features like demo content, widgets, and theme settings within a single click. If you are having problems implementing various features available in the theme, here it will reinforce you to get all with just one tap.\u003Cbr \u002F>\nOnce you install and activate any of the themes from Aarambha Themes, you can download or manually install this plugin. It is compatible with WordPress 5.0 or higher version and only supports PHP 7.0 or later.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=BTcMS1mvN-w\" rel=\"nofollow ugc\">Video\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or Higher.\u003C\u002Fli>\n\u003Cli>This plugin doesn’t work with any other themes besides our official themes available @ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fauthor\u002Faarambhathemes\u002F\" rel=\"ugc\">AarambhaThemes Official Themes\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Notice\u003C\u002Fh4>\n\u003Cp>Aarambha Demo Sites uses third party service (API) at (https:\u002F\u002Fdemo.aarambhathemes.com) to query the demo listings, download & install the demos. In order to perform this action, the plugin only sends theme slug to our server and not any of your other details. Please check our \u003Ca href=\"https:\u002F\u002Faarambhathemes.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> for further information. If you are not OK with this, you may uninstall this plugin and contact us through our forum to get further assistance.\u003C\u002Fp>\n","Import Aarambha Themes inbuilt themes demo content, widgets and its all settings with one click.",200,16736,"2023-11-22T03:31:00.000Z","6.4.8","5.9","7.0",[77,88,89,90,91],"demo-templates","importer","one-click-import","theme-demos","https:\u002F\u002Faarambhathemes.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faarambha-demo-sites.1.1.7.zip",85,{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":72,"downloaded":103,"rating":29,"num_ratings":29,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":111,"download_link":112,"security_score":94,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"xolo-websites","Xolo Websites","1.6","Xolo Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fxolosoftware\u002F","\u003Ch4>FREE TEMPLATES FOR ELEMENTOR PAGE BUILDER\u003C\u002Fh4>\n\u003Cp>Create the professional designed pixel perfect websites for every business such as a blog, portfolio, agency, landing page, application page, freelancer’s, magazine, and more.\u003C\u002Fp>\n\u003Cp>This plugin gives you access to 10+ pre-made full website templates for your favorite page builder such as Elementor.\u003C\u002Fp>\n\u003Ch4>GET A WEBSITE LIVE IN 3 CLICKS!\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate Xolo Websites Plugin\u003C\u002Fli>\n\u003Cli>Pick a website that suits your needs\u003C\u002Fli>\n\u003Cli>Import the website\u003C\u002Fli>\n\u003Cli>Done!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Use this Prebuilt templates as a base for your project and don’t waste time starting from scratch!\u003C\u002Fp>\n\u003Cp>\u003Cem>\u003Ca href=\"https:\u002F\u002Fwpxolo.com\u002Fready-website\u002F\" rel=\"nofollow ugc\">See list of all available templates to import »\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>Xolo Websites WordPress Plugin\u003Cbr \u002F>\nXolo Websites is distributed under the terms of the GNU GPL\u003C\u002Fp>\n\u003Ch3>Xolo Websites bundles the following third-party resources:\u003C\u002Fh3>\n\u003Cp>One Click Demo Import v2.5.2, Copyright 2019\u003Cbr \u002F>\nLicense: GPLv3 or later\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002FAwesomeMotive\u002Fone-click-demo-import\u003C\u002Fp>\n","FREE TEMPLATES FOR ELEMENTOR PAGE BUILDER",13765,"2023-03-21T12:04:00.000Z","6.1.10","5.0","5.6",[109,22,23,110,96],"demo","settings","https:\u002F\u002Fxolowebsites.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxolo-websites.1.6.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":29,"num_ratings":29,"last_updated":123,"tested_up_to":124,"requires_at_least":18,"requires_php":107,"tags":125,"homepage":25,"download_link":128,"security_score":94,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"yala-themes-toolkit","YalaThemes ToolKit","1.0.1","YalaThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fyalathemes\u002F","\u003Cp>Import \u003Ca href=\"https:\u002F\u002Fwww.yalathemes.com\u002F\" rel=\"nofollow ugc\">Yala Themes\u003C\u002Fa> official Themes Demo content, widgets and theme settings with just one click using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-import\u002F\" rel=\"ugc\">Advanced Import\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n","Import YalaThemes Official Themes Demo Content, Widgets and Theme settings with just one click.",60,3295,"2020-09-27T20:07:00.000Z","5.6.17",[126,109,89,91,127],"advanced-import","yalathemes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyala-themes-toolkit.zip",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":29,"downloaded":137,"rating":29,"num_ratings":29,"last_updated":138,"tested_up_to":139,"requires_at_least":107,"requires_php":68,"tags":140,"homepage":144,"download_link":145,"security_score":72,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"novex-demo-importer","Novex Demo Importer","0.0.2","novexthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fnovexthemes\u002F","\u003Cp>\u003Cstrong>Novex Demo Importer\u003C\u002Fstrong> is the easiest way to instantly set up a stunning WordPress website with just one click. Whether you are using a free or premium Novex theme, this plugin gives you access to beautiful, ready-made \u003Cstrong>Elementor sites\u003C\u002Fstrong> that can be imported in minutes — no coding or manual setup required.\u003C\u002Fp>\n\u003Cp>With \u003Cstrong>one click demo import\u003C\u002Fstrong>, you can transform a blank WordPress install into a fully designed, content-rich Elementor site that looks exactly like the live demo. Stop spending hours building pages from scratch and launch your site faster than ever.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What Novex Demo Importer Offers:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>One Click Demo Import\u003C\u002Fstrong> — Import complete Elementor sites instantly with a single click, including pages, posts, images, menus, and settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free Template Import\u003C\u002Fstrong> — Access a growing library of professionally designed free Elementor sites compatible with popular Novex free themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Template Import\u003C\u002Fstrong> — Unlock exclusive premium Elementor sites with a valid license, giving your site a high-end, professional appearance right out of the box.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stunning Elementor Sites\u003C\u002Fstrong> — All demos are fully built Elementor sites, so you get pixel-perfect layouts with full drag-and-drop editing power.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Complete Site Setup\u003C\u002Fstrong> — Every import brings in not just content but also widgets, theme settings, homepage assignments, and global design styles — everything you need for a complete website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free & Pro Support\u003C\u002Fstrong> — Works seamlessly with both free and premium Novex themes, giving all users access to beautiful ready-made Elementor sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Who Is It For?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Novex Demo Importer is perfect for freelancers, agencies, bloggers, business owners, and anyone who wants a professionally designed Elementor site without the hassle. Simply install, import your favorite demo, and start customizing.\u003C\u002Fp>\n\u003Cp>Stop building from scratch. Start with a stunning Elementor site today.\u003C\u002Fp>\n","One click demo import for Novex themes — instantly import free & premium Elementor sites to launch a fully designed WordPress site in seconds.",161,"2026-02-25T11:07:00.000Z","6.9.4",[141,142,22,90,143],"demo-content","demo-importer","starter-sites","https:\u002F\u002Fnovexthemes.com\u002Fnovex-demo-importer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnovex-demo-importer.zip",{"attackSurface":147,"codeSignals":469,"taintFlows":493,"riskAssessment":600,"analyzedAt":607},{"hooks":148,"ajaxHandlers":389,"restRoutes":464,"shortcodes":465,"cronEvents":466,"entryPointCount":467,"unprotectedCount":468},[149,155,159,163,166,171,174,177,181,184,187,190,193,197,201,207,211,215,220,224,228,231,233,238,242,246,249,252,256,259,262,264,268,270,273,276,278,280,283,286,289,291,293,295,297,298,300,302,305,309,313,317,321,323,327,331,334,338,343,346,349,353,358,362,365,368,370,373,376,379,381,385],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","atss_plugin_activation","activation","core\\class-core.php",81,{"type":150,"name":156,"callback":157,"file":153,"line":158},"plugins_loaded","check_version",82,{"type":150,"name":160,"callback":160,"priority":161,"file":153,"line":162},"admin_enqueue_scripts",5,83,{"type":150,"name":156,"callback":164,"file":153,"line":165},"theme_configs",84,{"type":150,"name":167,"callback":168,"file":169,"line":170},"init","set_demos","core\\class-demos-page.php",62,{"type":150,"name":167,"callback":172,"file":169,"line":173},"set_settings",63,{"type":150,"name":167,"callback":175,"file":169,"line":176},"closure",65,{"type":150,"name":178,"callback":179,"file":169,"line":180},"admin_menu","add_menu_page",66,{"type":150,"name":160,"callback":182,"file":169,"line":183},"enqueue_scripts",72,{"type":150,"name":185,"callback":186,"file":169,"line":54},"admin_notices","display_notice",{"type":150,"name":151,"callback":188,"file":169,"line":189},"reset_notices",76,{"type":150,"name":191,"callback":188,"file":169,"line":192},"atss_plugin_deactivation",77,{"type":150,"name":194,"callback":167,"file":195,"line":196},"after_setup_theme","import\\class-import.php",51,{"type":150,"name":198,"callback":199,"file":195,"line":200},"upload_mimes","add_custom_mimes",58,{"type":202,"name":203,"callback":204,"priority":205,"file":195,"line":206},"filter","wp_check_filetype_and_ext","real_mime_type_for_xml",10,59,{"type":202,"name":208,"callback":209,"file":195,"line":210},"wxr_importer.pre_process.user","__return_null",379,{"type":202,"name":212,"callback":213,"file":195,"line":214},"wxr_importer.pre_process.post","ajax_request_maybe",382,{"type":202,"name":216,"callback":217,"priority":205,"file":218,"line":219},"wxr_importer.pre_process.term","woocommerce_product_attributes_registration","import\\wp-content-importer-v2\\WXRImporter.php",106,{"type":202,"name":221,"callback":222,"file":218,"line":223},"import_post_meta_key","is_valid_meta_key",330,{"type":202,"name":225,"callback":226,"file":218,"line":227},"http_request_timeout","bump_request_timeout",331,{"type":150,"name":160,"callback":182,"file":229,"line":230},"inc\\class-notice.php",13,{"type":150,"name":185,"callback":186,"file":229,"line":232},14,{"type":202,"name":234,"callback":235,"file":236,"line":237},"atss_register_demos_list","airi_demos_list","themes\\airi.php",297,{"type":150,"name":239,"callback":240,"file":236,"line":241},"atss_finish_import","airi_setup_after_import",415,{"type":202,"name":234,"callback":243,"file":244,"line":245},"botiga_demos_list","themes\\botiga.php",160,{"type":150,"name":239,"callback":247,"file":244,"line":248},"botiga_setup_after_import",281,{"type":202,"name":250,"callback":175,"file":244,"line":251},"woocommerce_create_pages",287,{"type":202,"name":234,"callback":253,"file":254,"line":255},"sydney_atss_demos_list","themes\\sydney-pro.php",705,{"type":150,"name":239,"callback":257,"file":254,"line":258},"sydney_atss_setup_after_import",778,{"type":202,"name":234,"callback":253,"file":260,"line":261},"themes\\sydney.php",521,{"type":150,"name":239,"callback":257,"file":260,"line":263},556,{"type":150,"name":167,"callback":265,"file":266,"line":267},"maybe_init_onboarding_wizard","v2\\classes\\class-core.php",49,{"type":150,"name":156,"callback":164,"file":266,"line":269},52,{"type":150,"name":160,"callback":160,"priority":271,"file":266,"line":272},15,53,{"type":150,"name":167,"callback":168,"file":274,"line":275},"v2\\classes\\class-demos.php",56,{"type":150,"name":167,"callback":172,"file":274,"line":277},57,{"type":150,"name":185,"callback":279,"file":274,"line":206},"html_notice",{"type":150,"name":281,"callback":282,"file":274,"line":121},"admin_footer","preview_template",{"type":150,"name":281,"callback":284,"file":274,"line":285},"import_template",61,{"type":150,"name":287,"callback":288,"file":274,"line":173},"atss_starter_sites","html_demos",{"type":150,"name":151,"callback":188,"file":274,"line":290},69,{"type":150,"name":191,"callback":188,"file":274,"line":292},70,{"type":150,"name":194,"callback":167,"file":294,"line":170},"v2\\classes\\class-importer.php",{"type":150,"name":198,"callback":199,"file":294,"line":296},93,{"type":202,"name":203,"callback":204,"priority":205,"file":294,"line":50},{"type":202,"name":208,"callback":209,"file":294,"line":299},626,{"type":202,"name":212,"callback":213,"file":294,"line":301},629,{"type":202,"name":212,"callback":303,"file":294,"line":304},"post_content_replace_attachment_urls",632,{"type":202,"name":306,"callback":307,"priority":205,"file":294,"line":308},"wxr_importer.pre_process.post_meta","post_meta_replace_attachment_urls",635,{"type":202,"name":310,"callback":311,"file":294,"line":312},"wxr_importer.processed.post","track_imported_post",638,{"type":202,"name":314,"callback":315,"file":294,"line":316},"wxr_importer.processed.term","track_imported_term",641,{"type":202,"name":318,"callback":319,"file":294,"line":320},"atss_importer.processed.attachment","convert_attachment_to_placeholder",645,{"type":202,"name":216,"callback":217,"file":294,"line":322},650,{"type":202,"name":324,"callback":325,"priority":205,"file":294,"line":326},"add_term_metadata","woocommerce_product_attributes_filter",651,{"type":150,"name":178,"callback":328,"file":329,"line":330},"register_page","v2\\onboarding\\class-onboarding-wizard.php",132,{"type":150,"name":160,"callback":332,"file":329,"line":333},"enqueue",133,{"type":150,"name":335,"callback":336,"file":329,"line":337},"atss_import_start","init_page_filter",144,{"type":202,"name":212,"callback":339,"priority":340,"file":341,"line":342},"replace_in_post_data",999,"v2\\onboarding\\includes\\class-contact-replacer.php",47,{"type":202,"name":306,"callback":344,"priority":340,"file":341,"line":345},"replace_in_post_meta",48,{"type":202,"name":347,"callback":348,"priority":340,"file":341,"line":267},"atss_before_widgets_import_data","replace_in_widgets_data",{"type":150,"name":350,"callback":351,"priority":340,"file":341,"line":352},"atss_import_customizer","replace_in_customizer_data",50,{"type":202,"name":354,"callback":355,"priority":205,"file":356,"line":357},"wp_resource_hints","add_preconnect_hints","v2\\onboarding\\includes\\class-enqueue-assets.php",88,{"type":202,"name":212,"callback":359,"priority":205,"file":360,"line":361},"maybe_skip_page","v2\\onboarding\\includes\\class-page-filter.php",32,{"type":202,"name":234,"callback":243,"file":363,"line":364},"v2\\themes\\botiga.php",448,{"type":150,"name":335,"callback":366,"priority":205,"file":363,"line":367},"botiga_setup_before_import",535,{"type":150,"name":239,"callback":247,"file":363,"line":369},743,{"type":202,"name":250,"callback":371,"file":363,"line":372},"__return_empty_array",769,{"type":202,"name":234,"callback":253,"file":374,"line":375},"v2\\themes\\sydney.php",908,{"type":150,"name":335,"callback":377,"priority":205,"file":374,"line":378},"sydney_atss_setup_before_import",929,{"type":150,"name":239,"callback":257,"file":374,"line":380},1092,{"type":202,"name":382,"callback":383,"file":374,"line":384},"atss_register_customize_tooltips","sydney_atss_color_scheme_tooltips",1112,{"type":202,"name":386,"callback":387,"priority":205,"file":374,"line":388},"atss_customizer_import_theme_match","sydney_atss_customizer_import_theme_match",1136,[390,395,396,400,403,406,408,412,415,418,420,423,424,427,429,432,434,435,436,438,440,444,448,452,456,460],{"action":391,"nopriv":392,"callback":393,"hasNonce":394,"hasCapCheck":392,"file":169,"line":290},"atss_html_import_data",false,"html_import_data",true,{"action":391,"nopriv":394,"callback":393,"hasNonce":394,"hasCapCheck":392,"file":169,"line":292},{"action":397,"nopriv":392,"callback":398,"hasNonce":394,"hasCapCheck":392,"file":169,"line":399},"atss_dismissed_handler","dismissed_handler",74,{"action":401,"nopriv":392,"callback":402,"hasNonce":394,"hasCapCheck":394,"file":195,"line":285},"atss_import_plugin","ajax_import_plugin",{"action":404,"nopriv":392,"callback":405,"hasNonce":394,"hasCapCheck":394,"file":195,"line":170},"atss_import_contents","ajax_import_contents",{"action":350,"nopriv":392,"callback":407,"hasNonce":394,"hasCapCheck":394,"file":195,"line":173},"ajax_import_customizer",{"action":409,"nopriv":392,"callback":410,"hasNonce":394,"hasCapCheck":394,"file":195,"line":411},"atss_import_widgets","ajax_import_widgets",64,{"action":413,"nopriv":392,"callback":414,"hasNonce":394,"hasCapCheck":394,"file":195,"line":176},"atss_import_options","ajax_import_options",{"action":416,"nopriv":392,"callback":417,"hasNonce":392,"hasCapCheck":392,"file":195,"line":180},"atss_import_finish","ajax_import_finish",{"action":419,"nopriv":392,"callback":398,"hasNonce":394,"hasCapCheck":392,"file":229,"line":271},"atss_notice_dismissed_handler",{"action":421,"nopriv":392,"callback":422,"hasNonce":394,"hasCapCheck":392,"file":274,"line":176},"atss_import_data","import_data",{"action":391,"nopriv":392,"callback":393,"hasNonce":392,"hasCapCheck":392,"file":274,"line":180},{"action":397,"nopriv":392,"callback":425,"hasNonce":394,"hasCapCheck":392,"file":274,"line":426},"ajax_dismissed_handler",67,{"action":335,"nopriv":392,"callback":335,"hasNonce":392,"hasCapCheck":394,"file":294,"line":428},96,{"action":430,"nopriv":392,"callback":430,"hasNonce":392,"hasCapCheck":394,"file":294,"line":431},"atss_import_clean",97,{"action":401,"nopriv":392,"callback":402,"hasNonce":392,"hasCapCheck":394,"file":294,"line":433},98,{"action":404,"nopriv":392,"callback":405,"hasNonce":392,"hasCapCheck":394,"file":294,"line":27},{"action":409,"nopriv":392,"callback":410,"hasNonce":392,"hasCapCheck":394,"file":294,"line":72},{"action":350,"nopriv":392,"callback":407,"hasNonce":392,"hasCapCheck":394,"file":294,"line":437},101,{"action":416,"nopriv":392,"callback":417,"hasNonce":392,"hasCapCheck":392,"file":294,"line":439},102,{"action":441,"nopriv":392,"callback":442,"hasNonce":392,"hasCapCheck":392,"file":329,"line":443},"atss_get_wizard_state","ajax_get_wizard_state",136,{"action":445,"nopriv":392,"callback":446,"hasNonce":392,"hasCapCheck":392,"file":329,"line":447},"atss_save_wizard_state","ajax_save_wizard_state",137,{"action":449,"nopriv":392,"callback":450,"hasNonce":392,"hasCapCheck":392,"file":329,"line":451},"atss_delete_wizard_state","ajax_delete_wizard_state",138,{"action":453,"nopriv":392,"callback":454,"hasNonce":392,"hasCapCheck":392,"file":329,"line":455},"atss_get_demo_pages","ajax_get_demo_pages",139,{"action":457,"nopriv":392,"callback":458,"hasNonce":392,"hasCapCheck":392,"file":329,"line":459},"atss_apply_wizard_customizations","ajax_apply_customizations",140,{"action":461,"nopriv":392,"callback":462,"hasNonce":394,"hasCapCheck":394,"file":329,"line":463},"atss_init_wizard_from_legacy","ajax_init_wizard_from_legacy",141,[],[],[],26,8,{"dangerousFunctions":470,"sqlUsage":471,"outputEscaping":479,"fileOperations":487,"externalRequests":472,"nonceChecks":271,"capabilityChecks":488,"bundledLibraries":489},[],{"prepared":472,"raw":14,"locations":473},11,[474,477],{"file":218,"line":475,"context":476},2406,"$wpdb->get_results() with variable interpolation",{"file":218,"line":478,"context":476},2459,{"escaped":81,"rawEcho":480,"locations":481},4,[482,484,485,486],{"file":229,"line":196,"context":483},"raw output",{"file":229,"line":269,"context":483},{"file":229,"line":269,"context":483},{"file":229,"line":269,"context":483},7,30,[490],{"name":491,"version":38,"knownCves":492},"Select2",[],[494,512,521,534,544,554,563,573,590],{"entryPoint":495,"graph":496,"unsanitizedCount":29,"severity":511},"html_import_data (core\\class-demos-page.php:113)",{"nodes":497,"edges":509},[498,503],{"id":499,"type":500,"label":501,"file":169,"line":502},"n0","source","$_POST (x4)",116,{"id":504,"type":505,"label":506,"file":169,"line":507,"wp_function":508},"n1","sink","echo() [XSS]",168,"echo",[510],{"from":499,"to":504,"sanitized":394},"low",{"entryPoint":513,"graph":514,"unsanitizedCount":29,"severity":511},"\u003Cclass-demos-page> (core\\class-demos-page.php:0)",{"nodes":515,"edges":519},[516,518],{"id":499,"type":500,"label":517,"file":169,"line":502},"$_POST (x6)",{"id":504,"type":505,"label":506,"file":169,"line":507,"wp_function":508},[520],{"from":499,"to":504,"sanitized":394},{"entryPoint":522,"graph":523,"unsanitizedCount":29,"severity":511},"ajax_import_customizer (import\\class-import.php:463)",{"nodes":524,"edges":532},[525,528],{"id":499,"type":500,"label":526,"file":195,"line":527},"$_POST",474,{"id":504,"type":505,"label":529,"file":195,"line":530,"wp_function":531},"wp_remote_get() [SSRF]",491,"wp_remote_get",[533],{"from":499,"to":504,"sanitized":394},{"entryPoint":535,"graph":536,"unsanitizedCount":29,"severity":511},"ajax_import_widgets (import\\class-import.php:530)",{"nodes":537,"edges":542},[538,540],{"id":499,"type":500,"label":526,"file":195,"line":539},541,{"id":504,"type":505,"label":529,"file":195,"line":541,"wp_function":531},558,[543],{"from":499,"to":504,"sanitized":394},{"entryPoint":545,"graph":546,"unsanitizedCount":29,"severity":511},"ajax_import_options (import\\class-import.php:609)",{"nodes":547,"edges":552},[548,550],{"id":499,"type":500,"label":526,"file":195,"line":549},617,{"id":504,"type":505,"label":529,"file":195,"line":551,"wp_function":531},634,[553],{"from":499,"to":504,"sanitized":394},{"entryPoint":555,"graph":556,"unsanitizedCount":29,"severity":511},"\u003Cclass-import> (import\\class-import.php:0)",{"nodes":557,"edges":561},[558,560],{"id":499,"type":500,"label":559,"file":195,"line":527},"$_POST (x3)",{"id":504,"type":505,"label":529,"file":195,"line":530,"wp_function":531},[562],{"from":499,"to":504,"sanitized":394},{"entryPoint":564,"graph":565,"unsanitizedCount":29,"severity":511},"\u003Cclass-demos> (v2\\classes\\class-demos.php:0)",{"nodes":566,"edges":571},[567,569],{"id":499,"type":500,"label":517,"file":274,"line":568},123,{"id":504,"type":505,"label":506,"file":274,"line":570,"wp_function":508},191,[572],{"from":499,"to":504,"sanitized":394},{"entryPoint":574,"graph":575,"unsanitizedCount":29,"severity":511},"ajax_save_wizard_state (v2\\onboarding\\class-onboarding-wizard.php:182)",{"nodes":576,"edges":587},[577,579,582],{"id":499,"type":500,"label":526,"file":329,"line":578},203,{"id":504,"type":580,"label":581,"file":329,"line":578},"transform","→ save_state()",{"id":583,"type":505,"label":584,"file":585,"line":411,"wp_function":586},"n2","update_option() [Settings Manipulation]","v2\\onboarding\\includes\\class-state-manager.php","update_option",[588,589],{"from":499,"to":504,"sanitized":392},{"from":504,"to":583,"sanitized":394},{"entryPoint":591,"graph":592,"unsanitizedCount":29,"severity":511},"\u003Cclass-onboarding-wizard> (v2\\onboarding\\class-onboarding-wizard.php:0)",{"nodes":593,"edges":597},[594,595,596],{"id":499,"type":500,"label":526,"file":329,"line":578},{"id":504,"type":580,"label":581,"file":329,"line":578},{"id":583,"type":505,"label":584,"file":585,"line":411,"wp_function":586},[598,599],{"from":499,"to":504,"sanitized":392},{"from":504,"to":583,"sanitized":394},{"summary":601,"deductions":602},"The 'athemes-starter-sites' plugin v1.1.7 exhibits a generally good security posture with several strengths, including a high percentage of prepared SQL statements and properly escaped output. The absence of critical or high-severity taint analysis findings and a lack of currently unpatched CVEs are positive indicators.  However, a notable concern is the presence of 8 AJAX handlers that lack authentication checks, representing a significant attack surface that could be exploited by unauthenticated users. The plugin's history shows one medium-severity Cross-Site Scripting (XSS) vulnerability, suggesting a need for continued vigilance in input sanitization and output encoding, even with the current high rate of proper escaping.\n\nDespite the positive aspects like a lack of critical code signals and a recent focus on patching vulnerabilities, the unprotected AJAX endpoints present a tangible risk. While taint analysis shows no immediate critical or high flows, the 8 unauthenticated entry points are a direct invitation for potential abuse.  The past XSS vulnerability, though resolved, serves as a reminder that even with good practices, subtle flaws can emerge.  Overall, the plugin is on solid ground with good defensive programming, but the identified unauthenticated AJAX handlers require immediate attention to fully secure it.",[603,605],{"reason":604,"points":468},"Unprotected AJAX handlers detected",{"reason":606,"points":161},"Past medium severity XSS vulnerability","2026-03-16T17:20:46.477Z",{"wat":609,"direct":621},{"assetPaths":610,"generatorPatterns":614,"scriptPaths":615,"versionParams":616},[611,612,613],"\u002Fwp-content\u002Fplugins\u002Fathemes-starter-sites\u002Fassets\u002Fjs\u002Fselect2.min.js","\u002Fwp-content\u002Fplugins\u002Fathemes-starter-sites\u002Fassets\u002Fjs\u002Fstylefire.min.js","\u002Fwp-content\u002Fplugins\u002Fathemes-starter-sites\u002Fassets\u002Fjs\u002Fpopmotion.global.min.js",[],[611,612,613],[617,618,619,620],"athemes-starter-sites\u002Fathemes-starter-sites.php?ver=","select2.min.js?ver=","stylefire.min.js?ver=","popmotion.global.min.js?ver=",{"cssClasses":622,"htmlComments":623,"htmlAttributes":624,"restEndpoints":625,"jsGlobals":626,"shortcodeOutput":628},[],[],[],[],[627],"ATSS_URL",[]]