Does Catch Themes Demo Import have any unpatched vulnerabilities?

No. All known vulnerabilities in Catch Themes Demo Import have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Catch Themes Demo Import compatible with WordPress 6.9.4?

According to WordPress.org data, Catch Themes Demo Import 2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Catch Themes Demo Import updated?

Catch Themes Demo Import was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is Catch Themes Demo Import's security score?

Catch Themes Demo Import has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Catch Themes Demo Import Security & Risk Analysis

wordpress.org/plugins/catch-themes-demo-import

Catch Themes Demo Import is a simple and easy-to-use demo importer WordPress plugin that allows you to import the theme demo data Based on One Click D …

6K active installs v2.2 PHP + WP 5.9+ Updated Feb 25, 2026

contentdemoimportsettingstheme-options

A · Safe

CVEs total2

Unpatched0

Last CVEFeb 7, 2022

Plugin page Download

Safety Verdict

Is Catch Themes Demo Import Safe to Use in 2026?

Generally Safe

Score 98/100

Catch Themes Demo Import has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 7, 2022Updated 1mo ago

Risk Assessment

The "catch-themes-demo-import" plugin version 2.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. It also correctly implements nonce and capability checks on a majority of its entry points and has no known currently unpatched vulnerabilities.

However, there are notable areas of concern. The presence of three unprotected AJAX handlers significantly expands the attack surface without proper authentication, making them prime targets for exploitation. The use of the `unserialize` function is a critical risk, as it can lead to Remote Code Execution if fed with malicious data. While taint analysis did not reveal any unsanitized flows in this specific scan, the existence of `unserialize` remains a inherent danger. The plugin's history of two high-severity vulnerabilities, specifically Unrestricted Upload of File with Dangerous Type, suggests past issues with input validation and file handling, even though they are currently patched.

In conclusion, while the plugin has made strides in secure coding practices like prepared statements and output escaping, the unprotected AJAX endpoints and the dangerous `unserialize` function present significant immediate risks. The historical vulnerability pattern also warrants continued vigilance. The overall security is moderately compromised by these critical weaknesses.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize detected
Past high-severity vulnerabilities (2 total)

Vulnerabilities

Catch Themes Demo Import Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

2 total CVEs

CVE-2022-0440high · 7.2Unrestricted Upload of File with Dangerous Type

Catch Themes Demo Import <= 2.1 - Authenticated (Admin+) Arbitrary File Upload

Feb 7, 2022 Patched in 2.1.1 (715d)

CVE-2021-39352high · 7.2Unrestricted Upload of File with Dangerous Type

Catch Themes Demo Import <= 1.7 - Arbitrary File Upload

Oct 21, 2021 Patched in 1.8 (823d)

Code Analysis

Analyzed Mar 16, 2026

Catch Themes Demo Import Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

117 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize($raw);inc\CustomizerImporter.php:93

Output Escaping

98% escaped119 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

ctp_switch (inc\ctp-tabs-removal.php:58)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Catch Themes Demo Import Attack Surface

Entry Points6

Unprotected3

AJAX Handlers 6

authwp_ajax_ctdi_import_demo_datainc\CatchThemesDemoImport.php:113

authwp_ajax_ctdi_import_customizer_datainc\CatchThemesDemoImport.php:114

authwp_ajax_ctdi_after_import_datainc\CatchThemesDemoImport.php:115

authwp_ajax_query-themesinc\CatchThemesThemePlugin.php:10

authwp_ajax_customize_load_themesinc\CatchThemesThemePlugin.php:20

authwp_ajax_ctp_switchinc\ctp-tabs-removal.php:84

WordPress Hooks 30

actionadmin_noticescatch-themes-demo-import.php:31

actionactivated_plugincatch-themes-demo-import.php:52

actionadmin_initcatch-themes-demo-import.php:93

actionadmin_menuinc\CatchThemesDemoImport.php:111

actionadmin_enqueue_scriptsinc\CatchThemesDemoImport.php:112

actionafter_setup_themeinc\CatchThemesDemoImport.php:116

actionplugins_loadedinc\CatchThemesDemoImport.php:117

filterplugin_action_linksinc\CatchThemesDemoImport.php:118

actionadmin_enqueue_scriptsinc\CatchThemesThemePlugin.php:12

actioncustomize_registerinc\CatchThemesThemePlugin.php:15

filterinstall_plugins_tabsinc\CatchThemesThemePlugin.php:22

filterinstall_plugins_table_api_args_catchpluginsinc\CatchThemesThemePlugin.php:23

actioninstall_plugins_catchpluginsinc\CatchThemesThemePlugin.php:24

actionadmin_initinc\ctp-tabs-removal.php:16

actioncp-ctdi/after_importinc\demo-importer.php:32

actionadmin_enqueue_scriptsinc\demo-importer.php:35

actionadmin_initinc\demo-importer.php:39

actionafter_switch_themeinc\demo-importer.php:147

actioncp-ctdi/before_content_import_executioninc\ImportActions.php:22

actioncp-ctdi/after_content_import_executioninc\ImportActions.php:25

actioncp-ctdi/after_content_import_executioninc\ImportActions.php:26

actioncp-ctdi/after_content_import_executioninc\ImportActions.php:27

actioncp-ctdi/customizer_import_executioninc\ImportActions.php:30

actioncp-ctdi/after_all_import_executioninc\ImportActions.php:33

actioncp-ctdi/widget_settings_arrayinc\ImportActions.php:37

filterwxr_importer.pre_process.userinc\Importer.php:135

filterwxr_importer.pre_process.postinc\Importer.php:138

filterintermediate_image_sizes_advancedinc\Importer.php:142

filtercp-ctdi/time_for_one_ajax_callinc\WPCLICommands.php:206

filterwxr_importer.pre_process.terminc\WXRImporter.php:33

Maintenance & Trust

Catch Themes Demo Import Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version

Downloads248K

Community Trust

Rating20/100

Number of ratings1

Active installs6K

Alternatives

Catch Themes Demo Import Alternatives

One Click Demo Import

one-click-demo-import

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs

WL Import Demo

wl-import-demo

Import Demo data of specific Theme created by Website Learnings

10 No CVEs

Rara One Click Demo Import

rara-one-click-demo-import

Make your website look like the live demo of the theme with a click!

20K 1 CVE

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress

af-companion

100

Quickly import live demo content, widgets and settings with one click

10K 1 CVE

TutorMate

tutormate

100

TutorMate is a Tutor Starter theme companion plugin to import predesigned stylish demo pages to eLearning sites powered by Tutor LMS plugin.

10K No CVEs

Developer Profile

Catch Themes Demo Import Developer Profile

Catch Plugins

9 plugins · 29K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

798 days

View full developer profile

Detection Fingerprints

How We Detect Catch Themes Demo Import

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/catch-themes-demo-import/inc/admin/css/common.css/wp-content/plugins/catch-themes-demo-import/inc/admin/css/ctdi-admin-style.css/wp-content/plugins/catch-themes-demo-import/inc/admin/css/responsive.css/wp-content/plugins/catch-themes-demo-import/inc/admin/css/tgmpa.css/wp-content/plugins/catch-themes-demo-import/inc/admin/js/common.js/wp-content/plugins/catch-themes-demo-import/inc/admin/js/ctdi-admin-script.js/wp-content/plugins/catch-themes-demo-import/inc/admin/js/tgmpa.js

Script Paths

/wp-content/plugins/catch-themes-demo-import/inc/admin/js/common.js/wp-content/plugins/catch-themes-demo-import/inc/admin/js/ctdi-admin-script.js/wp-content/plugins/catch-themes-demo-import/inc/admin/js/tgmpa.js

Version Parameters

catch-themes-demo-import/inc/admin/css/common.css?ver=catch-themes-demo-import/inc/admin/css/ctdi-admin-style.css?ver=catch-themes-demo-import/inc/admin/css/responsive.css?ver=catch-themes-demo-import/inc/admin/css/tgmpa.css?ver=catch-themes-demo-import/inc/admin/js/common.js?ver=catch-themes-demo-demo-import/inc/admin/js/ctdi-admin-script.js?ver=catch-themes-demo-import/inc/admin/js/tgmpa.js?ver=

HTML / DOM Fingerprints

CSS Classes

ctdi-plugin-wrapcatch-themes-demo-import-wrapctdi-main-contentctdi-theme-list-wrapctdi-demo-import-headerctdi-demo-import-contentctdi-demo-import-footerctdi-demo-import-actions+6 more

HTML Comments

+6 more

Data Attributes

data-demo-iddata-theme-slugdata-tab-slugdata-parent-slugdata-menu-slugdata-capability+1 more

JS Globals

ctdi_ajax_objectctdi_importer_scriptsctdi_tgmpa_scriptsctdi_admin_scriptsCatchThemesDemoImport

REST Endpoints

/wp-json/ctdi/v1/get_import_files/wp-json/ctdi/v1/import_data/wp-json/ctdi/v1/import_customizer_data/wp-json/ctdi/v1/after_import_data

FAQ