WP-Safety

DemoPress: Demo Content Generator Security & Risk Analysis

wordpress.org/plugins/demopress

Generate demo content for newly created websites used during the website development and testing, before real content is created and added.

100 active installs v2.0 PHP 7.4+ WP 5.9+ Updated Aug 20, 2024
bbpressdemo-datadev4presslorem-ipsumwoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is DemoPress: Demo Content Generator Safe to Use in 2026?

Generally Safe

Score 92/100

DemoPress: Demo Content Generator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "demopress" v2.0 plugin demonstrates good security practices in several areas, particularly its robust use of prepared statements for SQL queries and a high percentage of properly escaped output. The plugin also shows a strong adherence to security checks, with a significant number of nonce and capability checks in place. Its lack of known CVEs and historical vulnerabilities is a positive indicator, suggesting a generally stable and well-maintained codebase. The plugin also boasts a limited attack surface with no identified unprotected entry points.

However, the presence of two instances of the dangerous `unserialize` function, especially without specific context on how user-supplied data is handled before deserialization, presents a potential risk. While taint analysis did not reveal critical or high-severity unsanitized paths, the flow analysis did identify two flows with unsanitized paths. The nature and potential impact of these unsanitized paths require further investigation to confirm their exploitability. The plugin also performs a moderate number of file operations and external HTTP requests, which could introduce risks if not handled with sufficient sanitization and validation.

Overall, "demopress" v2.0 appears to be a relatively secure plugin due to its strong foundation in secure coding practices and clean vulnerability history. The primary areas of concern stem from the `unserialize` usage and the identified unsanitized paths in the taint analysis. Addressing these specific points would further strengthen its security posture.

Key Concerns

  • Dangerous function 'unserialize' used
  • Flows with unsanitized paths found
Vulnerabilities
None known

DemoPress: Demo Content Generator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

DemoPress: Demo Content Generator Code Analysis

Dangerous Functions
2
Raw SQL Queries
7
60 prepared
Unescaped Output
155
774 escaped
Nonce Checks
12
Capability Checks
7
File Operations
16
External Requests
13
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->{$key} = unserialize( serialize( $val ) );library\dev4press\core\base\Obj.php:44
unserialize$this->{$key} = unserialize( serialize( $val ) );library\dev4press\core\base\Store.php:48

SQL Query Safety

90% prepared67 total queries

Output Escaping

83% escaped929 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
redirect_self (library\dev4press\core\quick\WPR.php:255)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

DemoPress: Demo Content Generator Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_demopress_get_generator_statuscore\admin\AJAX.php:13
WordPress Hooks 48
actiondemopress_settings_loadedcore\basic\Generator.php:24
actiondemopress_run_generatorcore\basic\Generator.php:25
actionafter_setup_themecore\basic\Plugin.php:33
actiondemopress_load_settingscore\basic\Settings.php:52
filterdemopress_data_text_lorem_ipsum_block_supportedcore\generator\bbPress.php:38
filterhttp_request_argslibrary\dev4press\api\Four.php:94
actionnetwork_admin_menulibrary\dev4press\core\admin\network\Plugin.php:45
actionnetwork_admin_menulibrary\dev4press\core\admin\network\Plugin.php:46
actionnetwork_admin_noticeslibrary\dev4press\core\admin\network\Plugin.php:66
actionnetwork_admin_noticeslibrary\dev4press\core\admin\network\Plugin.php:70
filternetwork_admin_plugin_action_linkslibrary\dev4press\core\admin\Plugin.php:91
filterplugin_action_linkslibrary\dev4press\core\admin\Plugin.php:94
filterplugin_row_metalibrary\dev4press\core\admin\Plugin.php:95
actionplugins_loadedlibrary\dev4press\core\admin\Plugin.php:97
actionplugins_loadedlibrary\dev4press\core\admin\Plugin.php:98
actionafter_setup_themelibrary\dev4press\core\admin\Plugin.php:99
filterset-screen-optionlibrary\dev4press\core\admin\Plugin.php:101
actionadmin_initlibrary\dev4press\core\admin\Plugin.php:124
actioncurrent_screenlibrary\dev4press\core\admin\Plugin.php:125
actionadmin_enqueue_scriptslibrary\dev4press\core\admin\Plugin.php:126
actionadmin_menulibrary\dev4press\core\admin\Plugin.php:130
actionadmin_menulibrary\dev4press\core\admin\Plugin.php:131
actionadmin_noticeslibrary\dev4press\core\admin\Plugin.php:312
actionadmin_noticeslibrary\dev4press\core\admin\Plugin.php:316
actioninitlibrary\dev4press\core\blocks\Register.php:38
filterblock_categories_alllibrary\dev4press\core\blocks\Register.php:41
filterblock_categorieslibrary\dev4press\core\blocks\Register.php:43
filterwidget_types_to_hide_from_legacy_widget_blocklibrary\dev4press\core\blocks\Register.php:46
filterwp_maillibrary\dev4press\core\mailer\Detection.php:177
actionbp_send_emaillibrary\dev4press\core\mailer\Detection.php:178
filterwpmem_email_filterlibrary\dev4press\core\mailer\Detection.php:179
filterwoocommerce_mail_callbacklibrary\dev4press\core\mailer\Detection.php:180
filterwp_maillibrary\dev4press\core\mailer\Detection.php:190
actionwp_mail_succeededlibrary\dev4press\core\mailer\Detection.php:191
actionwp_mail_failedlibrary\dev4press\core\mailer\Detection.php:192
actionplugins_loadedlibrary\dev4press\core\plugins\Core.php:65
actionafter_setup_themelibrary\dev4press\core\plugins\Core.php:66
actionwidgets_initlibrary\dev4press\core\plugins\Core.php:88
actionwp_enqueue_scriptslibrary\dev4press\core\plugins\Core.php:92
actionadmin_noticeslibrary\dev4press\core\plugins\Core.php:101
actionswitch_bloglibrary\dev4press\core\plugins\DB.php:53
filtersanitize_keylibrary\dev4press\core\plugins\DB.php:88
actioninitlibrary\dev4press\core\shared\Enqueue.php:67
actionadmin_initlibrary\dev4press\core\ui\Enqueue.php:69
filterlist_table_primary_columnlibrary\dev4press\wordpress\admin\Table.php:55
actioncustomize_controls_enqueue_scriptslibrary\dev4press\wordpress\customizer\Manager.php:50
actioncustomize_registerlibrary\dev4press\wordpress\customizer\Manager.php:51
actionrest_api_initlibrary\dev4press\WordPress.php:88

Scheduled Events 1

demopress_run_generator
Maintenance & Trust

DemoPress: Demo Content Generator Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedAug 20, 2024
PHP min version7.4
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

DemoPress: Demo Content Generator Alternatives

GD bbPress Attachments

GD bbPress Attachments

gd-bbpress-attachments

A
96

Implement attachments upload to the topics and replies in bbPress plugin through a media library and add additional forum-based controls.

6K 5 CVEs
GD bbPress Tools

GD bbPress Tools

gd-bbpress-tools

B
70

Adds different expansions and tools to the bbPress plugin powered forums: BBCode support, signatures, various tweaks, custom views, quote...

2K 1 unpatched
WP Notification Bell

WP Notification Bell

wp-notification-bell

B
78

On-site bell notifications. Display notifications custom or triggered (new posts/cpts, WooCommerce order updates, new comment replies, bbPress...)

800 1 unpatched
topicPolls Pro for bbPress

topicPolls Pro for bbPress

gd-topic-polls

A
100

Implement a polls system for topics in bbPress powered forums, with settings to control voting, poll closing, display of results and more.

300 No CVEs
Comment Mention

Comment Mention

comment-mention

A
100

Mention users in WordPress comments without needing BuddyPress! Automatically notify mentioned users via email. Also supports bbPress.

100 No CVEs
Developer Profile

DemoPress: Demo Content Generator Developer Profile

Milan Petrovic

17 plugins · 12K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
1235 days
View full developer profile
Detection Fingerprints

How We Detect DemoPress: Demo Content Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/demopress/admin/css/main.css/wp-content/plugins/demopress/admin/css/tooltip.css/wp-content/plugins/demopress/admin/js/core.js/wp-content/plugins/demopress/admin/js/main.js/wp-content/plugins/demopress/core/js/content.js/wp-content/plugins/demopress/core/js/generator.js/wp-content/plugins/demopress/core/js/settings.js/wp-content/plugins/demopress/library/dev4press/core/assets/js/admin.js
Generator Patterns
DemoPress: Demo Content Generator
Script Paths
/wp-content/plugins/demopress/admin/js/main.js/wp-content/plugins/demopress/core/js/content.js/wp-content/plugins/demopress/core/js/generator.js/wp-content/plugins/demopress/core/js/settings.js/wp-content/plugins/demopress/library/dev4press/core/assets/js/admin.js
Version Parameters
/wp-content/plugins/demopress/admin/css/main.css?ver=/wp-content/plugins/demopress/admin/css/tooltip.css?ver=/wp-content/plugins/demopress/admin/js/core.js?ver=/wp-content/plugins/demopress/admin/js/main.js?ver=/wp-content/plugins/demopress/core/js/content.js?ver=/wp-content/plugins/demopress/core/js/generator.js?ver=/wp-content/plugins/demopress/core/js/settings.js?ver=/wp-content/plugins/demopress/library/dev4press/core/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
demopress-settings-admindemopress-settings-contentdemopress-settings-generator
HTML Comments
<!-- DEMOPRESS START --><!-- DEMOPRESS END -->
Data Attributes
data-demopress-content-iddata-demopress-settings-id
JS Globals
demopress_vars
Shortcode Output
[demopress_content][demopress_generator]
FAQ

Frequently Asked Questions about DemoPress: Demo Content Generator