Does Blaze Demo Importer have any unpatched vulnerabilities?

No. All known vulnerabilities in Blaze Demo Importer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Blaze Demo Importer compatible with WordPress 6.9.4?

According to WordPress.org data, Blaze Demo Importer 1.0.15 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Blaze Demo Importer compatible with PHP 5.4+?

Blaze Demo Importer requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Blaze Demo Importer updated?

Blaze Demo Importer was last updated on Dec 22, 2025. Frequent updates are generally a positive security signal.

What is Blaze Demo Importer's security score?

Blaze Demo Importer has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Blaze Demo Importer Security & Risk Analysis

wordpress.org/plugins/blaze-demo-importer

Blaze Demo Importer can be used in all the official themes developed by BlazeThemes.

8K active installs v1.0.15 PHP 5.4+ WP 5.3+ Updated Dec 22, 2025

customizerdemo-importerimportone-click-importwidgets

A · Safe

CVEs total2

Unpatched0

Last CVEDec 11, 2025

Download

Safety Verdict

Is Blaze Demo Importer Safe to Use in 2026?

Generally Safe

Score 96/100

Blaze Demo Importer has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 11, 2025Updated 3mo ago

Risk Assessment

The 'blaze-demo-importer' plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and nonce checks, there are significant concerns regarding its attack surface and historical vulnerability patterns. The presence of an unprotected AJAX handler is a critical security gap that could allow unauthorized actions. The plugin's history of two known CVEs, including a past high-severity vulnerability of the 'Missing Authorization' type, is a strong indicator of recurring security weaknesses. Although there are no currently unpatched vulnerabilities and the taint analysis did not reveal critical issues, the combination of an exposed entry point and past authorization flaws warrants careful consideration. The plugin has strengths in its code hygiene for SQL and output, but its attack surface management and a pattern of authorization issues are notable weaknesses.

Key Concerns

Unprotected AJAX handler
Past high severity vulnerability (Missing Authorization)
Past medium severity vulnerability

Vulnerabilities

Blaze Demo Importer Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-13334high · 8.1Missing Authorization

Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion

Dec 11, 2025 Patched in 1.0.14 (1d)

CVE-2025-8446medium · 4.3Missing Authorization

Blaze Demo Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install

Sep 15, 2025 Patched in 1.0.13 (1d)

Code Analysis

Analyzed Mar 16, 2026

Blaze Demo Importer Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

88 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

86% prepared7 total queries

Output Escaping

76% escaped116 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

blaze_demo_importer_theme_option (blaze-demo-importer.php:295)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Blaze Demo Importer Attack Surface

Entry Points14

Unprotected1

AJAX Handlers 14

authwp_ajax_blaze_demo_importer_install_demoblaze-demo-importer.php:49

authwp_ajax_blaze_demo_importer_install_pluginblaze-demo-importer.php:50

authwp_ajax_blaze_demo_importer_activate_pluginblaze-demo-importer.php:51

authwp_ajax_blaze_demo_importer_download_filesblaze-demo-importer.php:52

authwp_ajax_blaze_demo_importer_import_xmlblaze-demo-importer.php:53

authwp_ajax_blaze_demo_importer_customizer_importblaze-demo-importer.php:54

authwp_ajax_blaze_demo_importer_menu_importblaze-demo-importer.php:55

authwp_ajax_blaze_demo_importer_theme_optionblaze-demo-importer.php:56

authwp_ajax_blaze_demo_importer_importing_widgetblaze-demo-importer.php:57

authwp_ajax_blaze_demo_importer_importing_revsliderblaze-demo-importer.php:58

authwp_ajax_plugin_installerclasses\class-demo-importer.php:34

authwp_ajax_plugin_offline_installerclasses\class-demo-importer.php:37

authwp_ajax_plugin_activationclasses\class-demo-importer.php:40

authwp_ajax_plugin_deactivationclasses\class-demo-importer.php:43

WordPress Hooks 5

actionadmin_enqueue_scriptsblaze-demo-importer.php:48

actionafter_setup_themeblaze-demo-importer.php:854

filterupload_mimesblaze-demo-importer.php:856

filterimport_post_meta_keywordpress-importer\class-wp-import.php:74

filterhttp_request_timeoutwordpress-importer\class-wp-import.php:75

Maintenance & Trust

Blaze Demo Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 22, 2025

PHP min version5.4

Downloads167K

Community Trust

Rating0/100

Number of ratings0

Active installs8K

Alternatives

Blaze Demo Importer Alternatives

HashThemes Demo Importer

hashthemes-demo-importer

Transforming website setups from headache to 'click, click, done!

6K 1 CVE

Flash Demo Import

flash-demo-import

Import themes demo content, widgets and theme settings with just one click which themes support this plugin. Themes it currently supports only for 99c …

30 No CVEs

Novex Demo Importer

novex-demo-importer

100

One click demo import for Novex themes — instantly import free & premium Elementor sites to launch a fully designed WordPress site in seconds.

0 No CVEs

One Click Demo Import

one-click-demo-import

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs

Widget Importer & Exporter

widget-importer-exporter

100

Import and export your widgets.

200K No CVEs

Developer Profile

Blaze Demo Importer Developer Profile

blazethemes

25 plugins · 36K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

12 days

View full developer profile

Detection Fingerprints

How We Detect Blaze Demo Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/blaze-demo-importer/assets/css/blaze-demo-importer-admin.css/wp-content/plugins/blaze-demo-importer/assets/js/blaze-demo-importer-admin.js

Script Paths

/wp-content/plugins/blaze-demo-importer/assets/js/blaze-demo-importer-admin.js

Version Parameters

blaze-demo-importer/assets/css/blaze-demo-importer-admin.css?ver=blaze-demo-importer/assets/js/blaze-demo-importer-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

blaze-demo-importer-containerblaze-demo-importer-adminblaze-demo-importer-navblaze-demo-importer-contentblaze-demo-importer-headerblaze-demo-importer-footerblaze-demo-importer-demo-itemblaze-demo-importer-demo-title+7 more

HTML Comments

Data Attributes

data-demo-slugdata-noncedata-demo-id

JS Globals

BlazeDemoImporterblaze_demo_importer_ajax_object

REST Endpoints

/wp-json/blaze-demo-importer/v1/install-demo/wp-json/blaze-demo-importer/v1/install-plugin/wp-json/blaze-demo-importer/v1/activate-plugin/wp-json/blaze-demo-importer/v1/download-files/wp-json/blaze-demo-importer/v1/import-xml/wp-json/blaze-demo-importer/v1/customizer-import/wp-json/blaze-demo-importer/v1/menu-import/wp-json/blaze-demo-importer/v1/theme-option/wp-json/blaze-demo-importer/v1/importing-widget/wp-json/blaze-demo-importer/v1/importing-revslider

FAQ