Does CV Demo Importer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is CV Demo Importer compatible with WordPress 6.8.5?

According to WordPress.org data, CV Demo Importer 1.0.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is CV Demo Importer compatible with PHP 7.2+?

CV Demo Importer requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CV Demo Importer updated?

CV Demo Importer was last updated on Apr 21, 2025. Frequent updates are generally a positive security signal.

What is CV Demo Importer's security score?

CV Demo Importer has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CV Demo Importer Security & Risk Analysis

wordpress.org/plugins/cv-demo-importer

One Click Demo Importer For CodeVibrant official themes demo content, customization options, widgets and theme settings. This plugin fetches the codev …

500 active installs v1.0.6 PHP 7.2+ WP 5.0+ Updated Apr 21, 2025

codevibrantdemoimporterone-click-demo-importtheme-demos

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CV Demo Importer Safe to Use in 2026?

Generally Safe

Score 92/100

CV Demo Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'cv-demo-importer' v1.0.6 plugin presents a mixed security posture. While it exhibits strong practices like 100% prepared SQL statements and a high percentage of properly escaped output, significant concerns arise from its attack surface. All three identified AJAX entry points lack authentication checks, making them prime targets for unauthorized actions. The presence of the `unserialize` function, especially without clear evidence of input sanitization or contextual checks, raises red flags for potential deserialization vulnerabilities. Fortunately, the plugin has no recorded vulnerability history, suggesting a lack of past exploitation or discovery. This, combined with the absence of critical or high severity taint flows, indicates a potentially robust codebase in certain areas. However, the unprotected AJAX handlers and the `unserialize` function represent critical weaknesses that could be exploited by attackers.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize without clear sanitization

Vulnerabilities

None known

CV Demo Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

CV Demo Importer Release Timeline

v1.0.6Current

v1.0.5

Code Analysis

Analyzed Mar 16, 2026

CV Demo Importer Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

210 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$themes = unserialize( wp_remote_retrieve_body( $response ) );includes\class-cvdi.php:214

SQL Query Safety

100% prepared6 total queries

Output Escaping

94% escaped223 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

cvdi_import_all_demo (admin\class-cvdi-admin.php:320)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

CV Demo Importer Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_cvdi_ajax_onclick_import_buttonincludes\class-cvdi.php:141

authwp_ajax_cvdi_requried_plugin_installincludes\class-cvdi.php:147

authwp_ajax_cvdi_import_demoincludes\class-cvdi.php:149

WordPress Hooks 19

actionplugins_loadedincludes\class-cvdi.php:118

actioninitincludes\class-cvdi.php:135

actioninitincludes\class-cvdi.php:136

actionadmin_enqueue_scriptsincludes\class-cvdi.php:137

actionadmin_enqueue_scriptsincludes\class-cvdi.php:138

actionadmin_footerincludes\class-cvdi.php:144

filtercvdi_widget_demo_import_settingsincludes\class-cvdi.php:151

filtercvdi_customizer_demo_import_settingsincludes\class-cvdi.php:153

actioncvdi_ajax_importedincludes\class-cvdi.php:156

actioncvdi_ajax_importedincludes\class-cvdi.php:157

actioncvdi_ajax_importedincludes\class-cvdi.php:158

actioncvdi_ajax_importedincludes\class-cvdi.php:166

actioncvdi_ajax_before_demo_importincludes\class-cvdi.php:178

actioncvdi_ajax_before_demo_importincludes\class-cvdi.php:179

actioncvdi_ajax_before_demo_importincludes\class-cvdi.php:180

filterplugin_action_links_includes\class-cvdi.php:183

actionadmin_noticesincludes\class-cvdi.php:185

filterimport_post_meta_keyincludes\wp-importers\class-cvdi-importer.php:102

filterhttp_request_timeoutincludes\wp-importers\class-cvdi-importer.php:103

Maintenance & Trust

CV Demo Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 21, 2025

PHP min version7.2

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs500

Alternatives

CV Demo Importer Alternatives

Mystery Themes Demo Importer

mysterythemes-demo-importer

One Click Demo Importer For Mystery Themes official themes demo content, customization options, widgets and theme settings.

8K No CVEs

Starter Templates & Sites Pack by ThemeGrill

themegrill-demo-importer

Premium starter sites and website templates by ThemeGrill. Import demo content, widgets, and theme settings with one click.

80K 2 CVEs

Keon Toolset

keon-toolset

100

Import dummy data for themes developed by Keon Themes.

30K No CVEs

Ansar Import – One Click Demo Import for WordPress Themes

ansar-import

100

Easily import theme demos in one click. Simplifies starter sites setup.

20K No CVEs

Icyclub

icyclub

100

Icyclub plugin for Provided a readymade template for all Themeansar Theme

10K No CVEs

Developer Profile

CV Demo Importer Developer Profile

CodeVibrant

16 plugins · 20K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect CV Demo Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cv-demo-importer/admin/css/cvdi-admin.css/wp-content/plugins/cv-demo-importer/admin/js/cvdi-admin.js

Script Paths

/wp-content/plugins/cv-demo-importer/admin/js/cvdi-admin.js

Version Parameters

cv-demo-importer/admin/css/cvdi-admin.css?ver=cv-demo-importer/admin/js/cvdi-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

cvdi-modalcvdi-modal-contentcvdi-modal-headercvdi-modal-bodycvdi-modal-footercvdi-import-buttoncvdi-demo-installcvdi-plugin-install+2 more

HTML Comments

Data Attributes

data-cvdi-noncedata-cvdi-demodata-cvdi-plugin

JS Globals

CVDI_JSObject

FAQ