[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGIAfZmawYnajmQaTZ9YbPPh5IsC9bGwkc0mNpe2MnrQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":61,"crawl_stats":36,"alternatives":68,"analysis":167,"fingerprints":371},"blaze-demo-importer","Blaze Demo Importer","1.0.15","blazethemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fblazethemes\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fblazethemes.com\u002F\" rel=\"nofollow ugc\">Home\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fblazethemes.com\u002Fthemes\u002F\" rel=\"nofollow ugc\">All themes\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fblazethemes.com\u002Fblog\u002F\" rel=\"nofollow ugc\">Blog\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fblazethemes.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FzCw0bkswns4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Blaze Demo Importer can be used in all the official themes developed by BlazeThemes. Plugin can be used to import any of the available starter sites settings in your website. Within just a few steps your website will look exactly like the starter website. Provides information about the plugin required to be installed and activated and proceeds automatically.\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Replicate demo you want in just a click\u003C\u002Fli>\n\u003Cli>Clean previous website data – Optional\u003C\u002Fli>\n\u003Cli>Automatically installs recommended and required plugins\u003C\u002Fli>\n\u003Cli>Imports customizer settings, post, pages, media, navigation menus and widgets\u003C\u002Fli>\n\u003C\u002Ful>\n","Blaze Demo Importer can be used in all the official themes developed by BlazeThemes.",8000,167416,0,"2025-12-22T06:26:00.000Z","6.9.4","5.3","5.4",[19,20,21,22,23],"customizer","demo-importer","import","one-click-import","widgets","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblaze-demo-importer.1.0.15.zip",96,2,"2025-12-11 15:12:44","2026-03-15T15:16:48.613Z",[31,47],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-13334","blaze-demo-importer-missing-authorization-to-authenticated-subscriber-database-reset-and-file-deletion","Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion","The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the \"blaze_demo_importer_install_demo\" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with subscriber level access and above, to reset the database by truncating all tables (except options, usermeta, and users), delete all sidebar widgets, theme modifications, and content of the uploads folder.",null,">=1.0.0 \u003C=1.0.13","1.0.14","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H","Missing Authorization","2025-12-12 16:02:14",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd83cd6a0-d69c-4e6c-b76f-00c398b5f7e6?source=api-prod",1,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":42,"published_date":57,"updated_date":58,"references":59,"days_to_patch":46},"CVE-2025-8446","blaze-demo-importer-missing-authorization-to-authenticated-subscriber-limited-plugin-install","Blaze Demo Importer \u003C= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install","The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate a limited number of specific plugins. The News Kit Elementor Addons plugin and a BlazeThemes theme must be installed and activated in order to exploit the vulnerability.","\u003C=1.0.12","1.0.13","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","2025-09-15 00:00:00","2025-09-16 11:17:09",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa91bd1cf-ac63-4d65-b9fc-3fa2507cc27e?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":62,"total_installs":63,"avg_security_score":64,"avg_patch_time_days":65,"trust_score":66,"computed_at":67},25,36330,93,12,89,"2026-04-04T01:10:51.443Z",[69,87,106,124,147],{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":13,"num_ratings":13,"last_updated":79,"tested_up_to":15,"requires_at_least":80,"requires_php":81,"tags":82,"homepage":83,"download_link":84,"security_score":85,"vuln_count":46,"unpatched_count":13,"last_vuln_date":86,"fetched_at":29},"hashthemes-demo-importer","HashThemes Demo Importer","1.4.1","hashthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fhashthemes\u002F","\u003Cp>HashThemes Demo Importer imports the full demo with just one click. It is specially developed to add a demo importer functionality in the theme developed by HashThemes but it can also be used by any other themes as well.\u003C\u002Fp>\n\u003Cp>You just need to define the array that includes the location of the demo zip files and other informations. The other information includes name of the demo, preview image, theme option array, menu array, home page and blog page slug(if any), required plugins array and the tags that categorizes the theme.\u003C\u002Fp>\n\u003Cp>The demo zip should contain the XML file, customizer (.dat) file, widget (.wie) file, theme option (.json), revolutions slider zip. It is not necessary to add all these files in the demo zip. You can skip the files if your demo does not need it.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Reset website(Optional)\u003C\u002Fli>\n\u003Cli>Install recommended and required plugins automatically\u003C\u002Fli>\n\u003Cli>Imports Revolution slider\u003C\u002Fli>\n\u003Cli>Imports fully functional demo\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Video Guide\u003C\u002Fh4>\n","Transforming website setups from headache to 'click, click, done!",6000,218093,"2025-12-07T16:11:00.000Z","6.3","7.2",[20,73,21,22],"https:\u002F\u002Fgithub.com\u002Fpzstar\u002Fhashthemes-demo-importer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhashthemes-demo-importer.1.4.1.zip",99,"2021-10-26 00:00:00",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":13,"num_ratings":13,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":24,"download_link":104,"security_score":105,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"flash-demo-import","Flash Demo Import","1.0.0","99colorthemes","https:\u002F\u002Fprofiles.wordpress.org\u002F99colorthemes\u002F","\u003Cp>Flash Demo Import plugin helps you to import all the themes demo with just one click. You can download the themes from \u003Ca href=\"https:\u002F\u002F99colorthemes.com\u002Fthemes\u002F\" rel=\"nofollow ugc\">99colorthemes\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Get \u003Ca href=\"https:\u002F\u002F99colorthemes.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">free support\u003C\u002Fa>\u003C\u002Fp>\n","Import themes demo content, widgets and theme settings with just one click which themes support this plugin. Themes it currently supports only for 99c &hellip;",30,3540,"2020-11-07T09:13:00.000Z","5.5.18","4.6","5.6",[91,20,88,102,103],"importer","one-click-import-demo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflash-demo-import.zip",85,{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":13,"downloaded":114,"rating":13,"num_ratings":13,"last_updated":115,"tested_up_to":15,"requires_at_least":100,"requires_php":116,"tags":117,"homepage":121,"download_link":122,"security_score":123,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"novex-demo-importer","Novex Demo Importer","0.0.2","novexthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fnovexthemes\u002F","\u003Cp>\u003Cstrong>Novex Demo Importer\u003C\u002Fstrong> is the easiest way to instantly set up a stunning WordPress website with just one click. Whether you are using a free or premium Novex theme, this plugin gives you access to beautiful, ready-made \u003Cstrong>Elementor sites\u003C\u002Fstrong> that can be imported in minutes — no coding or manual setup required.\u003C\u002Fp>\n\u003Cp>With \u003Cstrong>one click demo import\u003C\u002Fstrong>, you can transform a blank WordPress install into a fully designed, content-rich Elementor site that looks exactly like the live demo. Stop spending hours building pages from scratch and launch your site faster than ever.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What Novex Demo Importer Offers:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>One Click Demo Import\u003C\u002Fstrong> — Import complete Elementor sites instantly with a single click, including pages, posts, images, menus, and settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free Template Import\u003C\u002Fstrong> — Access a growing library of professionally designed free Elementor sites compatible with popular Novex free themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Template Import\u003C\u002Fstrong> — Unlock exclusive premium Elementor sites with a valid license, giving your site a high-end, professional appearance right out of the box.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stunning Elementor Sites\u003C\u002Fstrong> — All demos are fully built Elementor sites, so you get pixel-perfect layouts with full drag-and-drop editing power.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Complete Site Setup\u003C\u002Fstrong> — Every import brings in not just content but also widgets, theme settings, homepage assignments, and global design styles — everything you need for a complete website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free & Pro Support\u003C\u002Fstrong> — Works seamlessly with both free and premium Novex themes, giving all users access to beautiful ready-made Elementor sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Who Is It For?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Novex Demo Importer is perfect for freelancers, agencies, bloggers, business owners, and anyone who wants a professionally designed Elementor site without the hassle. Simply install, import your favorite demo, and start customizing.\u003C\u002Fp>\n\u003Cp>Stop building from scratch. Start with a stunning Elementor site today.\u003C\u002Fp>\n","One click demo import for Novex themes — instantly import free & premium Elementor sites to launch a fully designed WordPress site in seconds.",161,"2026-02-25T11:07:00.000Z","7.4",[118,20,119,22,120],"demo-content","elementor","starter-sites","https:\u002F\u002Fnovexthemes.com\u002Fnovex-demo-importer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnovex-demo-importer.zip",100,{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":134,"num_ratings":135,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":116,"tags":139,"homepage":143,"download_link":144,"security_score":145,"vuln_count":27,"unpatched_count":13,"last_vuln_date":146,"fetched_at":29},"one-click-demo-import","One Click Demo Import","3.4.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>The best feature of this plugin is, that theme authors can define import files in their themes and so all you (the user of the theme) have to do is click on the “Import Demo Data” button.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Are you a theme author?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Setup One Click Demo Imports for your theme and your users will thank you for it!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fquick-integration-guide\u002F\" rel=\"nofollow ugc\">Follow this easy guide on how to setup this plugin for your themes!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Are you a theme user?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contact the author of your theme and \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F\" rel=\"nofollow ugc\">let them know about this plugin\u003C\u002Fa>. Theme authors can make any theme compatible with this plugin in 15 minutes and make it much more user-friendly.\u003C\u002Fp>\n\u003Cp>“\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F#how-can-you-contact-your-theme-author\" rel=\"nofollow ugc\">Where can I find the theme author contact?\u003C\u002Fa>“\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Please take a look at our \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fuser-guide\u002F\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa> for more information on how to import your demo content.\u003C\u002Fp>\n\u003Cp>This plugin is using the modified version of the improved WP import 2.0 that is still in development and can be found here: https:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer.\u003C\u002Fp>\n\u003Cp>NOTE: There is no setting to “connect” authors from the demo import file to the existing users in your WP site (like there is in the original WP Importer plugin). All demo content will be imported under the current user.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Do you want to contribute?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please refer to our official \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fawesomemotive\u002Fone-click-demo-import\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.",1000000,19902961,86,79,"2025-09-11T09:36:00.000Z","6.8.5","5.5",[140,21,141,142,23],"content","settings","theme-options","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fone-click-demo-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-click-demo-import.3.4.0.zip",97,"2024-05-07 00:00:00",{"slug":148,"name":149,"version":150,"author":151,"author_profile":152,"description":153,"short_description":154,"active_installs":155,"downloaded":156,"rating":157,"num_ratings":158,"last_updated":159,"tested_up_to":15,"requires_at_least":160,"requires_php":161,"tags":162,"homepage":165,"download_link":166,"security_score":123,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"widget-importer-exporter","Widget Importer & Exporter","1.6.1","Steven Gliebe","https:\u002F\u002Fprofiles.wordpress.org\u002Fstevengliebe\u002F","\u003Cp>Widget Importer & Exporter is useful for moving widgets from one WordPress site to another, backing up widgets and for theme developers to give users sample widgets. See the \u003Ca href=\"https:\u002F\u002Fchurchthemes.com\u002Fplugins\u002Fwidget-importer-exporter\u002F\" rel=\"nofollow ugc\">details\u003C\u002Fa> on ChurchThemes.com.\u003C\u002Fp>\n\u003Ch4>Importing\u003C\u002Fh4>\n\u003Cp>Importing is done by uploading an export file created by the plugin. The results of an import are shown in a nicely formatted table with an explanation of what happened with each widget area and widget.\u003C\u002Fp>\n\u003Cp>Importation takes into consideration widget areas not existing in the current theme (widgets imported as \u003Cem>Inactive\u003C\u002Fem>), widgets that already exist in the same widget area (widgets not duplicated) and widgets that are not supported by the site (widgets not imported).\u003C\u002Fp>\n\u003Ch4>Exporting\u003C\u002Fh4>\n\u003Cp>Widget Importer & Exporter can create an export file (in JSON format with .wie extension) out of currently active widgets. This file can be imported into other sites using this plugin or used to restore widgets to the same site later.\u003C\u002Fp>\n\u003Ch4>Developers\u003C\u002Fh4>\n\u003Cp>The \u003Ccode>wie_before_import\u003C\u002Fcode> action fires after a file is uploaded but before the data is imported. \u003Ccode>wie_after_import\u003C\u002Fcode> fires after the data is imported. The \u003Ccode>wie_import_data\u003C\u002Fcode> filter can be used to filter data before it is imported. Other filters are used throughout. Make a pull request on GitHub if you need another hook.\u003C\u002Fp>\n\u003Cp>Please jump on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchurchthemes\u002Fwidget-importer-exporter\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> to report issues and follow development.\u003C\u002Fp>\n","Import and export your widgets.",200000,5278666,94,117,"2025-12-01T16:14:00.000Z","3.5","5.2.4",[163,21,102,164,23],"exporter","widget","https:\u002F\u002Fchurchthemes.com\u002Fplugins\u002Fwidget-importer-exporter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-importer-exporter.1.6.1.zip",{"attackSurface":168,"codeSignals":248,"taintFlows":322,"riskAssessment":360,"analyzedAt":370},{"hooks":169,"ajaxHandlers":194,"restRoutes":244,"shortcodes":245,"cronEvents":246,"entryPointCount":247,"unprotectedCount":46},[170,176,180,185,190],{"type":171,"name":172,"callback":173,"file":174,"line":175},"action","admin_enqueue_scripts","admin_scripts","blaze-demo-importer.php",48,{"type":171,"name":177,"callback":178,"file":174,"line":179},"after_setup_theme","blaze_demo_importer_importer",854,{"type":181,"name":182,"callback":183,"file":174,"line":184},"filter","upload_mimes","closure",856,{"type":181,"name":186,"callback":187,"file":188,"line":189},"import_post_meta_key","is_valid_meta_key","wordpress-importer\\class-wp-import.php",74,{"type":181,"name":191,"callback":192,"file":188,"line":193},"http_request_timeout","bump_request_timeout",75,[195,200,203,206,209,212,215,218,221,224,227,232,236,240],{"action":196,"nopriv":197,"callback":196,"hasNonce":198,"hasCapCheck":198,"file":174,"line":199},"blaze_demo_importer_install_demo",false,true,49,{"action":201,"nopriv":197,"callback":201,"hasNonce":198,"hasCapCheck":198,"file":174,"line":202},"blaze_demo_importer_install_plugin",50,{"action":204,"nopriv":197,"callback":204,"hasNonce":198,"hasCapCheck":198,"file":174,"line":205},"blaze_demo_importer_activate_plugin",51,{"action":207,"nopriv":197,"callback":207,"hasNonce":198,"hasCapCheck":198,"file":174,"line":208},"blaze_demo_importer_download_files",52,{"action":210,"nopriv":197,"callback":210,"hasNonce":198,"hasCapCheck":198,"file":174,"line":211},"blaze_demo_importer_import_xml",53,{"action":213,"nopriv":197,"callback":213,"hasNonce":198,"hasCapCheck":198,"file":174,"line":214},"blaze_demo_importer_customizer_import",54,{"action":216,"nopriv":197,"callback":216,"hasNonce":198,"hasCapCheck":198,"file":174,"line":217},"blaze_demo_importer_menu_import",55,{"action":219,"nopriv":197,"callback":219,"hasNonce":198,"hasCapCheck":197,"file":174,"line":220},"blaze_demo_importer_theme_option",56,{"action":222,"nopriv":197,"callback":222,"hasNonce":198,"hasCapCheck":198,"file":174,"line":223},"blaze_demo_importer_importing_widget",57,{"action":225,"nopriv":197,"callback":225,"hasNonce":198,"hasCapCheck":198,"file":174,"line":226},"blaze_demo_importer_importing_revslider",58,{"action":228,"nopriv":197,"callback":229,"hasNonce":198,"hasCapCheck":198,"file":230,"line":231},"plugin_installer","plugin_installer_callback","classes\\class-demo-importer.php",34,{"action":233,"nopriv":197,"callback":234,"hasNonce":198,"hasCapCheck":198,"file":230,"line":235},"plugin_offline_installer","plugin_offline_installer_callback",37,{"action":237,"nopriv":197,"callback":238,"hasNonce":198,"hasCapCheck":197,"file":230,"line":239},"plugin_activation","plugin_activation_callback",40,{"action":241,"nopriv":197,"callback":242,"hasNonce":197,"hasCapCheck":197,"file":230,"line":243},"plugin_deactivation","plugin_deactivation_callback",43,[],[],[],14,{"dangerousFunctions":249,"sqlUsage":250,"outputEscaping":256,"fileOperations":318,"externalRequests":319,"nonceChecks":320,"capabilityChecks":65,"bundledLibraries":321},[],{"prepared":251,"raw":46,"locations":252},6,[253],{"file":174,"line":254,"context":255},488,"$wpdb->query() with variable interpolation",{"escaped":257,"rawEcho":258,"locations":259},88,28,[260,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,312,314,316],{"file":188,"line":261,"context":262},103,"raw output",{"file":188,"line":264,"context":262},104,{"file":188,"line":266,"context":262},112,{"file":188,"line":268,"context":262},147,{"file":188,"line":270,"context":262},148,{"file":188,"line":272,"context":262},163,{"file":188,"line":274,"context":262},167,{"file":188,"line":276,"context":262},176,{"file":188,"line":278,"context":262},230,{"file":188,"line":280,"context":262},232,{"file":188,"line":282,"context":262},279,{"file":188,"line":284,"context":262},289,{"file":188,"line":286,"context":262},292,{"file":188,"line":288,"context":262},300,{"file":188,"line":290,"context":262},309,{"file":188,"line":292,"context":262},360,{"file":188,"line":294,"context":262},413,{"file":188,"line":296,"context":262},459,{"file":188,"line":298,"context":262},515,{"file":188,"line":300,"context":262},706,{"file":188,"line":302,"context":262},739,{"file":188,"line":304,"context":262},1216,{"file":188,"line":306,"context":262},1238,{"file":188,"line":308,"context":262},1239,{"file":310,"line":311,"context":262},"wordpress-importer\\class-wxr-parser.php",38,{"file":310,"line":313,"context":262},41,{"file":310,"line":315,"context":262},44,{"file":310,"line":317,"context":262},45,26,3,15,[],[323,349],{"entryPoint":324,"graph":325,"unsanitizedCount":13,"severity":348},"blaze_demo_importer_theme_option (blaze-demo-importer.php:295)",{"nodes":326,"edges":345},[327,332,338,340],{"id":328,"type":329,"label":330,"file":174,"line":331},"n0","source","$_POST",298,{"id":333,"type":334,"label":335,"file":174,"line":336,"wp_function":337},"n1","sink","file_get_contents() [SSRF\u002FLFI]",324,"file_get_contents",{"id":339,"type":329,"label":330,"file":174,"line":331},"n2",{"id":341,"type":334,"label":342,"file":174,"line":343,"wp_function":344},"n3","update_option() [Settings Manipulation]",327,"update_option",[346,347],{"from":328,"to":333,"sanitized":198},{"from":339,"to":341,"sanitized":198},"low",{"entryPoint":350,"graph":351,"unsanitizedCount":13,"severity":348},"\u003Cblaze-demo-importer> (blaze-demo-importer.php:0)",{"nodes":352,"edges":357},[353,354,355,356],{"id":328,"type":329,"label":330,"file":174,"line":331},{"id":333,"type":334,"label":335,"file":174,"line":336,"wp_function":337},{"id":339,"type":329,"label":330,"file":174,"line":331},{"id":341,"type":334,"label":342,"file":174,"line":343,"wp_function":344},[358,359],{"from":328,"to":333,"sanitized":198},{"from":339,"to":341,"sanitized":198},{"summary":361,"deductions":362},"The 'blaze-demo-importer' plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and nonce checks, there are significant concerns regarding its attack surface and historical vulnerability patterns. The presence of an unprotected AJAX handler is a critical security gap that could allow unauthorized actions.  The plugin's history of two known CVEs, including a past high-severity vulnerability of the 'Missing Authorization' type, is a strong indicator of recurring security weaknesses.  Although there are no currently unpatched vulnerabilities and the taint analysis did not reveal critical issues, the combination of an exposed entry point and past authorization flaws warrants careful consideration.  The plugin has strengths in its code hygiene for SQL and output, but its attack surface management and a pattern of authorization issues are notable weaknesses.",[363,366,368],{"reason":364,"points":365},"Unprotected AJAX handler",10,{"reason":367,"points":320},"Past high severity vulnerability (Missing Authorization)",{"reason":369,"points":365},"Past medium severity vulnerability","2026-03-16T17:55:02.543Z",{"wat":372,"direct":381},{"assetPaths":373,"generatorPatterns":376,"scriptPaths":377,"versionParams":378},[374,375],"\u002Fwp-content\u002Fplugins\u002Fblaze-demo-importer\u002Fassets\u002Fcss\u002Fblaze-demo-importer-admin.css","\u002Fwp-content\u002Fplugins\u002Fblaze-demo-importer\u002Fassets\u002Fjs\u002Fblaze-demo-importer-admin.js",[],[375],[379,380],"blaze-demo-importer\u002Fassets\u002Fcss\u002Fblaze-demo-importer-admin.css?ver=","blaze-demo-importer\u002Fassets\u002Fjs\u002Fblaze-demo-importer-admin.js?ver=",{"cssClasses":382,"htmlComments":398,"htmlAttributes":401,"restEndpoints":405,"jsGlobals":416,"shortcodeOutput":419},[383,384,385,386,387,388,389,390,391,392,393,394,395,396,397],"blaze-demo-importer-container","blaze-demo-importer-admin","blaze-demo-importer-nav","blaze-demo-importer-content","blaze-demo-importer-header","blaze-demo-importer-footer","blaze-demo-importer-demo-item","blaze-demo-importer-demo-title","blaze-demo-importer-demo-image","blaze-demo-importer-demo-description","blaze-demo-importer-demo-actions","blaze-demo-importer-import-button","blaze-demo-importer-reset-button","blaze-demo-importer-progress-bar","blaze-demo-importer-status-message",[399,400],"\u003C!-- Blaze Demo Importer -->","\u003C!-- Blaze Demo Importer Admin Page -->",[402,403,404],"data-demo-slug","data-nonce","data-demo-id",[406,407,408,409,410,411,412,413,414,415],"\u002Fwp-json\u002Fblaze-demo-importer\u002Fv1\u002Finstall-demo","\u002Fwp-json\u002Fblaze-demo-importer\u002Fv1\u002Finstall-plugin","\u002Fwp-json\u002Fblaze-demo-importer\u002Fv1\u002Factivate-plugin","\u002Fwp-json\u002Fblaze-demo-importer\u002Fv1\u002Fdownload-files","\u002Fwp-json\u002Fblaze-demo-importer\u002Fv1\u002Fimport-xml","\u002Fwp-json\u002Fblaze-demo-importer\u002Fv1\u002Fcustomizer-import","\u002Fwp-json\u002Fblaze-demo-importer\u002Fv1\u002Fmenu-import","\u002Fwp-json\u002Fblaze-demo-importer\u002Fv1\u002Ftheme-option","\u002Fwp-json\u002Fblaze-demo-importer\u002Fv1\u002Fimporting-widget","\u002Fwp-json\u002Fblaze-demo-importer\u002Fv1\u002Fimporting-revslider",[417,418],"BlazeDemoImporter","blaze_demo_importer_ajax_object",[]]