Does Demo Importer Plus have any unpatched vulnerabilities?

No. All known vulnerabilities in Demo Importer Plus have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Demo Importer Plus compatible with WordPress 6.8.5?

According to WordPress.org data, Demo Importer Plus 2.0.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Demo Importer Plus compatible with PHP 7.4+?

Demo Importer Plus requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Demo Importer Plus updated?

Demo Importer Plus was last updated on Jan 14, 2026. Frequent updates are generally a positive security signal.

What is Demo Importer Plus's security score?

Demo Importer Plus has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Demo Importer Plus Security & Risk Analysis

wordpress.org/plugins/demo-importer-plus

Import the demo content, widgets, customizer settings and theme settings with a single click without any hassle.

10K active installs v2.0.10 PHP 7.4+ WP 4.7+ Updated Jan 14, 2026

elementorimportone-click-demo-importtemplatesthemes

A · Safe

CVEs total5

Unpatched0

Last CVEJan 16, 2026

Plugin page Download

Safety Verdict

Is Demo Importer Plus Safe to Use in 2026?

Generally Safe

Score 90/100

Demo Importer Plus has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Jan 16, 2026Updated 2mo ago

Risk Assessment

The demo-importer-plus plugin v2.0.10 exhibits a mixed security posture. While it demonstrates good practices in some areas, such as a high percentage of prepared SQL statements and properly escaped output, significant concerns exist. The presence of 3 AJAX handlers without authentication checks represents a direct attack vector, potentially allowing unauthorized actions. The taint analysis revealed one flow with unsanitized paths, which is a critical concern that could lead to various vulnerabilities if exploited.

Key Concerns

Unprotected AJAX handlers present
Taint flow with unsanitized path
Multiple high severity past vulnerabilities
Multiple medium severity past vulnerabilities

Vulnerabilities

Demo Importer Plus Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025

2025

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2025-14478high · 7.5Improper Restriction of XML External Entity Reference

Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload

Jan 16, 2026 Patched in 2.0.10 (1d)

CVE-2025-69091medium · 4.3Missing Authorization

Demo Importer Plus <= 2.0.8 - Missing Authorization

Jan 5, 2026 Patched in 2.0.9 (10d)

CVE-2025-14364high · 8.8Missing Authorization

Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation

Dec 17, 2025 Patched in 2.0.9 (1d)

CVE-2025-13066high · 8.8Unrestricted Upload of File with Dangerous Type

Demo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass

Dec 4, 2025 Patched in 2.0.7 (1d)

CVE-2024-9172medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Demo Importer Plus <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Oct 1, 2024 Patched in 2.0.2 (1d)

Code Analysis

Analyzed Mar 16, 2026

Demo Importer Plus Code Analysis

Dangerous Functions

Raw SQL Queries

28 prepared

Unescaped Output

74 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

62% prepared45 total queries

Output Escaping

91% escaped81 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths

api_request (inc\classes\class-demo-importer-plus-ajax.php:160)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Demo Importer Plus Attack Surface

Entry Points24

Unprotected3

AJAX Handlers 24

authwp_ajax_demo_importer_plus_change_page_builderinc\classes\class-demo-importer-plus-ajax.php:21

authwp_ajax_demo-importer-plus-activate-themeinc\classes\class-demo-importer-plus-ajax.php:22

authwp_ajax_demo-import-site-api-requestinc\classes\class-demo-importer-plus-ajax.php:23

authwp_ajax_demo-importer-plus-required-pluginsinc\classes\class-demo-importer-plus-ajax.php:24

authwp_ajax_demo-importer-plus-required-plugin-activateinc\classes\class-demo-importer-plus-ajax.php:25

authwp_ajax_demo-importer-plus-create-pageinc\classes\class-demo-importer-plus-ajax.php:26

authwp_ajax_demo-importer-plus-set-reset-datainc\classes\class-demo-importer-plus-ajax.php:27

authwp_ajax_demo-importer-plus-page-elementor-batch-processinc\classes\class-demo-importer-plus-ajax.php:28

authwp_ajax_demo-importer-plus-backup-settingsinc\classes\class-demo-importer-plus-ajax.php:30

authwp_ajax_demo-importer-plus-import-contactformsinc\classes\class-demo-importer-plus-sites-importer.php:59

authwp_ajax_demo-importer-plus-import-customizer-settingsinc\classes\class-demo-importer-plus-sites-importer.php:60

authwp_ajax_demo-importer-plus-import-prepare-xmlinc\classes\class-demo-importer-plus-sites-importer.php:61

authwp_ajax_demo-importer-plus-import-optionsinc\classes\class-demo-importer-plus-sites-importer.php:62

authwp_ajax_demo-importer-plus-import-widgetsinc\classes\class-demo-importer-plus-sites-importer.php:63

authwp_ajax_demo-importer-plus-import-endinc\classes\class-demo-importer-plus-sites-importer.php:64

authwp_ajax_demo-importer-plus-reset-customizer-datainc\classes\class-demo-importer-plus-sites-importer.php:74

authwp_ajax_demo-importer-plus-reset-site-optionsinc\classes\class-demo-importer-plus-sites-importer.php:75

authwp_ajax_demo-importer-plus-reset-widgets-datainc\classes\class-demo-importer-plus-sites-importer.php:76

authwp_ajax_demo-importer-plus-sites-delete-postsinc\classes\class-demo-importer-plus-sites-importer.php:79

authwp_ajax_demo-importer-plus-sites-delete-contact-form7inc\classes\class-demo-importer-plus-sites-importer.php:80

authwp_ajax_demo-importer-plus-sites-delete-termsinc\classes\class-demo-importer-plus-sites-importer.php:81

authwp_ajax_demo_importer_plusinc\classes\class-demo-importer-plus.php:59

noprivwp_ajax_demo_importer_plusinc\classes\class-demo-importer-plus.php:60

authwp_ajax_demo-importer-plus-wxr-importinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:63

WordPress Hooks 69

actionafter_setup_themedemo-importer-plus.php:62

actionadmin_initinc\classes\class-demo-importer-plus-sites-importer-log.php:45

actionadmin_noticesinc\classes\class-demo-importer-plus-sites-importer-log.php:58

actiondemo_importer_plus_sites_import_startinc\classes\class-demo-importer-plus-sites-importer-log.php:64

filterelementor/files/allow_unfiltered_uploadinc\classes\class-demo-importer-plus-sites-importer-log.php:66

actioninitinc\classes\class-demo-importer-plus-sites-importer.php:67

actiondemo_importer_plus_sites_image_import_completeinc\classes\class-demo-importer-plus-sites-importer.php:71

actiondemo_importer_plus_sites_import_completeinc\classes\class-demo-importer-plus-sites-importer.php:83

filterhttp_request_timeoutinc\classes\class-demo-importer-plus-sites-importer.php:86

actionafter_setup_themeinc\classes\class-demo-importer-plus.php:55

actionadmin_enqueue_scriptsinc\classes\class-demo-importer-plus.php:56

actionadmin_menuinc\classes\class-demo-importer-plus.php:67

filterwp_import_post_metainc\classes\compatibility\class-demo-importer-plus-compatibility-elementor.php:48

filterwxr_importer.pre_process.post_metainc\classes\compatibility\class-demo-importer-plus-compatibility-elementor.php:49

actiondemo_importer_plus_sites_before_delete_imported_postsinc\classes\compatibility\class-demo-importer-plus-compatibility-elementor.php:52

filterdemo_importer_plus_image_importer_skip_imageinc\importers\batch-processing\class-demo-importer-plus-batch-processing.php:96

actiondemo_importer_plus_import_completeinc\importers\batch-processing\class-demo-importer-plus-batch-processing.php:97

actiondemo_importer_plus_process_singleinc\importers\batch-processing\class-demo-importer-plus-batch-processing.php:98

actionadmin_headinc\importers\batch-processing\class-demo-importer-plus-batch-processing.php:99

filterelementor/files/allow_unfiltered_uploadinc\importers\batch-processing\class-demo-importer-plus-batch-processing.php:184

filterelementor/files/allow_unfiltered_uploadinc\importers\batch-processing\class-demo-importer-plus-batch-processing.php:245

filtercron_schedulesinc\importers\batch-processing\helpers\class-wp-background-process.php:65

filterwie_import_datainc\importers\class-demo-importer-plus-sites-helper.php:40

filterwp_prepare_attachment_for_jsinc\importers\class-demo-importer-plus-sites-helper.php:41

filterupload_mimesinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:61

filterwp_handle_upload_prefilterinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:62

filterwxr_importer.pre_process.userinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:64

filterwp_import_post_data_processedinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:65

filterwxr_importer.pre_process.postinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:66

filterwp_check_filetype_and_extinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:68

filterwp_check_filetype_and_extinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:70

filterwp_image_editorsinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:320

filterwxr_importer.pre_process.postinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:322

filterwxr_importer.pre_process.userinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:324

actionwxr_importer.processed.postinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:326

actionwxr_importer.process_failed.postinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:327

actionwxr_importer.process_already_imported.postinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:328

actionwxr_importer.process_skipped.postinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:329

actionwxr_importer.processed.commentinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:330

actionwxr_importer.process_already_imported.commentinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:331

actionwxr_importer.processed.terminc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:332

actionwxr_importer.process_failed.terminc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:333

actionwxr_importer.process_already_imported.terminc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:334

actionwxr_importer.processed.userinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:335

actionwxr_importer.process_failed.userinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:336

actionwxr_importer.processed.postinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:338

actionwxr_importer.processed.terminc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:339

actionimport_endinc\importers\wxr-importer\class-demo-importer-plus-wxr-importer.php:341

filterimport_post_meta_keyinc\importers\wxr-importer\class-wxr-importer.php:423

filterhttp_request_timeoutinc\importers\wxr-importer\class-wxr-importer.php:424

filterimport_post_meta_keyinc\WPWXRImporter.php:435

filterhttp_request_timeoutinc\WPWXRImporter.php:436

filterwp_image_editorsinc\WXRImporter.php:124

filterwxr_importer.pre_process.postinc\WXRImporter.php:126

filterwxr_importer.pre_process.userinc\WXRImporter.php:128

actionwxr_importer.processed.postinc\WXRImporter.php:130

actionwxr_importer.process_failed.postinc\WXRImporter.php:131

actionwxr_importer.process_already_imported.postinc\WXRImporter.php:132

actionwxr_importer.process_skipped.postinc\WXRImporter.php:133

actionwxr_importer.processed.commentinc\WXRImporter.php:134

actionwxr_importer.process_already_imported.commentinc\WXRImporter.php:135

actionwxr_importer.processed.terminc\WXRImporter.php:136

actionwxr_importer.process_failed.terminc\WXRImporter.php:137

actionwxr_importer.process_already_imported.terminc\WXRImporter.php:138

actionwxr_importer.processed.userinc\WXRImporter.php:139

actionwxr_importer.process_failed.userinc\WXRImporter.php:140

actionwxr_importer.processed.postinc\WXRImporter.php:142

actionwxr_importer.processed.terminc\WXRImporter.php:143

actionimport_endinc\WXRImporter.php:145

Maintenance & Trust

Demo Importer Plus Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 14, 2026

PHP min version7.4

Downloads323K

Community Trust

Rating100/100

Number of ratings1

Active installs10K

Alternatives

Demo Importer Plus Alternatives

Easy Demo Import for Omega Themes

easy-demo-import-for-omega-themes

100

A lightweight One-Click Demo Import plugin built specifically for Omega Themes. Easily import demo content, widgets, and settings with a single click.

300 No CVEs

Sirat Demo Importer

sirat-demo-importer

100

Sirat Demo Importer

10 No CVEs

aThemes Starter Sites

athemes-starter-sites

We've got a full and ever-growing library stocked with ready-made templates for any kind of business.

40K 1 CVE

Bosa Elementor Addons and Templates for WooCommerce

bosa-elementor-for-woocommerce

Elementor Addon with widgets and templates for WooCommerce.

30K 1 CVE

Ibtana – WordPress Website Builder

ibtana-visual-editor

Build your dream WordPress website with Ibtana, a powerful website builder with customizable templates and drag-and-drop elements for customization.

20K 1 unpatched

Developer Profile

Demo Importer Plus Developer Profile

Kraft Plugins

5 plugins · 23K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

5 days

View full developer profile

Detection Fingerprints

How We Detect Demo Importer Plus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/demo-importer-plus/assets/admin/js/eventsource.min.js/wp-content/plugins/demo-importer-plus/assets/admin/js/fetch.umd.js/wp-content/plugins/demo-importer-plus/assets/admin/js/demo-importer-plus-api.js/wp-content/plugins/demo-importer-plus/assets/admin/css/demo-importer-plus-admin.css/wp-content/plugins/demo-importer-plus/assets/admin/css/demo-importer-plus-admin.min.css/wp-content/plugins/demo-importer-plus/assets/admin/js/demo-importer-plus-admin.js/wp-content/plugins/demo-importer-plus/dist/admin.bundle.js/wp-content/plugins/demo-importer-plus/dist/admin.bundle.css

Script Paths

Version Parameters

demo-importer-plus/assets/admin/css/demo-importer-plus-admin.css?ver=demo-importer-plus/assets/admin/css/demo-importer-plus-admin.min.css?ver=demo-importer-plus/dist/admin.bundle.js?ver=demo-importer-plus/dist/admin.bundle.css?ver=

HTML / DOM Fingerprints

CSS Classes

demo-importer-plus-admin-pagedemo-importer-plus-admin-appdemo-importer-plus-apidemoImporterVars

Data Attributes

demo-importer-plus-admin

JS Globals

demoImporterVars

REST Endpoints

/wp-json/demo-importer-plus/v1

FAQ

Demo Importer Plus Security & Risk Analysis

Is Demo Importer Plus Safe to Use in 2026?

Generally Safe

Key Concerns

Demo Importer Plus Security Vulnerabilities

CVEs by Year

Severity Breakdown

Demo Importer Plus Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Demo Importer Plus Attack Surface

AJAX Handlers 24

Demo Importer Plus Maintenance & Trust

Maintenance Signals

Community Trust

Demo Importer Plus Alternatives

Easy Demo Import for Omega Themes

Sirat Demo Importer

aThemes Starter Sites

Bosa Elementor Addons and Templates for WooCommerce

Ibtana – WordPress Website Builder

Demo Importer Plus Developer Profile

How We Detect Demo Importer Plus

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Demo Importer Plus