Does Di Themes Demo Site Importer have any unpatched vulnerabilities?

Yes — Di Themes Demo Site Importer currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Di Themes Demo Site Importer compatible with WordPress 6.6.5?

According to WordPress.org data, Di Themes Demo Site Importer 1.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Di Themes Demo Site Importer compatible with PHP 7.0+?

Di Themes Demo Site Importer requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Di Themes Demo Site Importer updated?

Di Themes Demo Site Importer was last updated on Jul 29, 2024. Frequent updates are generally a positive security signal.

What is Di Themes Demo Site Importer's security score?

Di Themes Demo Site Importer has a WP-Safety security score of 70/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Di Themes Demo Site Importer Security & Risk Analysis

wordpress.org/plugins/di-themes-demo-site-importer

Di Themes Demo Site Importer plugin can be used to import the demo website developed by Di Themes.

1K active installs v1.2 PHP 7.0+ WP 5.2+ Updated Jul 29, 2024

demoimporttheme

B · Generally Safe

CVEs total1

Unpatched1

Last CVESep 24, 2025

Download

Safety Verdict

Is Di Themes Demo Site Importer Safe to Use in 2026?

Mostly Safe

Score 70/100

Di Themes Demo Site Importer is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Sep 24, 2025Updated 1yr ago

Risk Assessment

The "di-themes-demo-site-importer" plugin v1.2 presents a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements, a robust number of nonce and capability checks relative to its entry points, and a low percentage of improperly escaped outputs. Taint analysis shows no critical or high severity vulnerabilities and no unsanitized paths, indicating a generally good effort in preventing common injection flaws.

However, significant concerns remain. The presence of two instances of the dangerous `unserialize` function, especially in the context of an importer plugin, poses a notable risk for object injection vulnerabilities if not handled with extreme care and proper sanitization. Furthermore, the plugin exposes 3 AJAX handlers without any authentication checks. This lack of authorization on these entry points is a critical flaw, potentially allowing unauthenticated users to trigger sensitive actions.

The plugin's vulnerability history reveals a past medium-severity vulnerability, specifically Cross-Site Request Forgery (CSRF). While this was not a critical or high severity issue, the fact that one medium vulnerability is currently unpatched is a direct concern. The overall pattern suggests that while the developers are addressing some security aspects, oversight in critical areas like authentication on AJAX endpoints and the safe handling of serialized data needs improvement. The plugin's strengths in SQL and output escaping are overshadowed by the direct risks of unprotected AJAX actions and the potential for object injection via `unserialize`.

Key Concerns

Unpatched CVEs
Unprotected AJAX handlers
Dangerous function: unserialize

Vulnerabilities

1 published

Di Themes Demo Site Importer Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58914medium · 4.3Cross-Site Request Forgery (CSRF)

Di Themes Demo Site Importer <= 1.2 - Cross-Site Request Forgery

Sep 24, 2025Unpatched

Version History

Di Themes Demo Site Importer Release Timeline

v1.2Current1 CVE

CVE-2025-58914

v1.1.71 CVE

CVE-2025-58914

Code Analysis

Analyzed Mar 16, 2026

Di Themes Demo Site Importer Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

164 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = @unserialize( $raw );inc\di-multipurpose\importers\class-settings-importer.php:25

unserialize$data = unserialize( $raw );inc\ocdi\inc\CustomizerImporter.php:87

SQL Query Safety

100% prepared4 total queries

Output Escaping

82% escaped199 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

ajax_demo_data (inc\di-multipurpose\demos.php:1348)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Di Themes Demo Site Importer Attack Surface

Entry Points10

Unprotected3

AJAX Handlers 10

authwp_ajax_dmdi_ajax_get_demo_datainc\di-multipurpose\demos.php:53

authwp_ajax_dmdi_ajax_required_plugins_activateinc\di-multipurpose\demos.php:54

authwp_ajax_dmdi_ajax_get_import_datainc\di-multipurpose\demos.php:57

authwp_ajax_dmdi_ajax_import_xmlinc\di-multipurpose\demos.php:60

authwp_ajax_dmdi_ajax_import_theme_settingsinc\di-multipurpose\demos.php:63

authwp_ajax_dmdi_ajax_import_widgetsinc\di-multipurpose\demos.php:66

authwp_ajax_dmdi_after_importinc\di-multipurpose\demos.php:69

authwp_ajax_ocdi_import_demo_datainc\ocdi\inc\OneClickDemoImport.php:107

authwp_ajax_ocdi_import_customizer_datainc\ocdi\inc\OneClickDemoImport.php:108

authwp_ajax_ocdi_after_import_datainc\ocdi\inc\OneClickDemoImport.php:109

WordPress Hooks 51

actionadmin_noticesdi-themes-demo-site-importer.php:32

filterupload_mimesdi-themes-demo-site-importer.php:65

filterupload_mimesdi-themes-demo-site-importer.php:80

filterupload_mimesdi-themes-demo-site-importer.php:95

filterupload_mimesdi-themes-demo-site-importer.php:110

filterupload_mimesdi-themes-demo-site-importer.php:125

filterupload_mimesdi-themes-demo-site-importer.php:140

actionadmin_menuinc\di-multipurpose\class-install-demos.php:15

actionadmin_initinc\di-multipurpose\demos.php:35

actionadmin_enqueue_scriptsinc\di-multipurpose\demos.php:36

filterupload_mimesinc\di-multipurpose\demos.php:37

actionadmin_footerinc\di-multipurpose\demos.php:38

filterupload_mimesinc\di-multipurpose\demos.php:1684

filterimport_post_meta_keyinc\di-multipurpose\importers\class-wordpress-importer.php:120

filterhttp_request_timeoutinc\di-multipurpose\importers\class-wordpress-importer.php:121

filterpt-ocdi/disable_pt_brandinginc\di-themes\di-blog\import-settings.php:3

filterpt-ocdi/import_filesinc\di-themes\di-blog\import-settings.php:19

actionpt-ocdi/after_importinc\di-themes\di-blog\import-settings.php:80

filterpt-ocdi/disable_pt_brandinginc\di-themes\di-business\import-settings.php:3

filterpt-ocdi/import_filesinc\di-themes\di-business\import-settings.php:23

actionpt-ocdi/after_importinc\di-themes\di-business\import-settings.php:83

filterpt-ocdi/disable_pt_brandinginc\di-themes\di-ecommerce\import-settings.php:3

filterpt-ocdi/import_filesinc\di-themes\di-ecommerce\import-settings.php:24

actionpt-ocdi/after_importinc\di-themes\di-ecommerce\import-settings.php:83

filterpt-ocdi/disable_pt_brandinginc\di-themes\di-magazine\import-settings.php:3

filterpt-ocdi/import_filesinc\di-themes\di-magazine\import-settings.php:23

actionpt-ocdi/after_importinc\di-themes\di-magazine\import-settings.php:48

filterpt-ocdi/disable_pt_brandinginc\di-themes\di-responsive\import-settings.php:3

filterpt-ocdi/import_filesinc\di-themes\di-responsive\import-settings.php:23

actionpt-ocdi/after_importinc\di-themes\di-responsive\import-settings.php:85

filterpt-ocdi/disable_pt_brandinginc\di-themes\di-restaurant\import-settings.php:3

filterpt-ocdi/import_filesinc\di-themes\di-restaurant\import-settings.php:24

actionpt-ocdi/after_importinc\di-themes\di-restaurant\import-settings.php:82

actionpt-ocdi/before_content_import_executioninc\ocdi\inc\ImportActions.php:17

actionpt-ocdi/after_content_import_executioninc\ocdi\inc\ImportActions.php:20

actionpt-ocdi/after_content_import_executioninc\ocdi\inc\ImportActions.php:21

actionpt-ocdi/after_content_import_executioninc\ocdi\inc\ImportActions.php:22

actionpt-ocdi/customizer_import_executioninc\ocdi\inc\ImportActions.php:25

actionpt-ocdi/after_all_import_executioninc\ocdi\inc\ImportActions.php:28

actionpt-ocdi/widget_settings_arrayinc\ocdi\inc\ImportActions.php:32

filterwxr_importer.pre_process.userinc\ocdi\inc\Importer.php:126

filterwxr_importer.pre_process.postinc\ocdi\inc\Importer.php:129

filterintermediate_image_sizes_advancedinc\ocdi\inc\Importer.php:133

actionadmin_menuinc\ocdi\inc\OneClickDemoImport.php:105

actionadmin_enqueue_scriptsinc\ocdi\inc\OneClickDemoImport.php:106

actionafter_setup_themeinc\ocdi\inc\OneClickDemoImport.php:110

actionplugins_loadedinc\ocdi\inc\OneClickDemoImport.php:111

filterpt-ocdi/time_for_one_ajax_callinc\ocdi\inc\WPCLICommands.php:190

filterwxr_importer.pre_process.terminc\ocdi\inc\WXRImporter.php:28

actionadmin_noticesinc\ocdi\one-click-demo-import.php:31

actionadmin_initinc\ocdi\one-click-demo-import.php:78

Maintenance & Trust

Di Themes Demo Site Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJul 29, 2024

PHP min version7.0

Downloads72K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

Di Themes Demo Site Importer Alternatives

Advanced Import: One-Click Demo Import for WordPress

advanced-import

Advanced Import simplifies importing demo data for WordPress sites, enabling users to import posts, pages, media, widgets, customizer settings, and Gu …

90K 1 CVE

Starter Templates & Sites Pack by ThemeGrill

themegrill-demo-importer

Premium starter sites and website templates by ThemeGrill. Import demo content, widgets, and theme settings with one click.

80K 2 CVEs

aThemes Starter Sites

athemes-starter-sites

We've got a full and ever-growing library stocked with ready-made templates for any kind of business.

40K 1 CVE

FameTheme Demo Importer

famethemes-demo-importer

100

FameThemes Demo importer

30K 1 CVE

Ansar Import – One Click Demo Import for WordPress Themes

ansar-import

100

Easily import theme demos in one click. Simplifies starter sites setup.

20K No CVEs

Developer Profile

Di Themes Demo Site Importer Developer Profile

Di Themes

30 plugins · 7K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Di Themes Demo Site Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/di-themes-demo-site-importer/inc/ocdi/one-click-demo-import.php/wp-content/plugins/di-themes-demo-site-importer/inc/di-themes/di-business/import-settings.php/wp-content/plugins/di-themes-demo-site-importer/inc/di-themes/di-blog/import-settings.php/wp-content/plugins/di-themes-demo-site-importer/inc/di-themes/di-responsive/import-settings.php/wp-content/plugins/di-themes-demo-site-importer/inc/di-themes/di-ecommerce/import-settings.php/wp-content/plugins/di-themes-demo-site-importer/inc/di-themes/di-magazine/import-settings.php/wp-content/plugins/di-themes-demo-site-importer/inc/di-themes/di-restaurant/import-settings.php/wp-content/plugins/di-themes-demo-site-importer/inc/di-multipurpose/demos.php+5 more

HTML / DOM Fingerprints

FAQ