[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXFtt0krpp_DOHHRpLfI1FlDTP2Xp3ljB6YBAUc-Xpno":3,"$f37Y8a2TOqcEdVJOz_efJUKqXDUOY-wmwO71ir4kbycY":534,"$f38JB-V4HxRt8hQwcOMVoruibyNtIiAVzKh1H7_L7yt0":538},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":46,"crawl_stats":35,"alternatives":53,"analysis":162,"fingerprints":508},"di-themes-demo-site-importer","Di Themes Demo Site Importer","1.2","Di Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fdithemes\u002F","\u003Cp>Di Themes Demo Site Importer plugin can be used to import the demo website developed by Di Themes. To import a demo website, Open: ‘Appearance > Import Demo’ and follow simple steps.\u003C\u002Fp>\n\u003Cp>Di Themes Demo Site Importer plugin will import contents like post types, widgets, customize settings and set the pages and settings according to the settings of the demo website. It simply makes the demo website importing tasks easier.\u003C\u002Fp>\n","Di Themes Demo Site Importer plugin can be used to import the demo website developed by Di Themes.",1000,71588,0,"2024-07-29T13:03:00.000Z","6.6.5","5.2","7.0",[19,20,21],"demo","import","theme","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdi-themes-demo-site-importer.1.2.zip",70,1,"2025-09-24 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":26,"updated_date":41,"references":42,"days_to_patch":35,"patch_diff_files":44,"patch_trac_url":35,"research_status":35,"research_verified":45,"research_rounds_completed":13,"research_plan":35,"research_summary":35,"research_vulnerable_code":35,"research_fix_diff":35,"research_exploit_outline":35,"research_model_used":35,"research_started_at":35,"research_completed_at":35,"research_error":35,"poc_status":35,"poc_video_id":35,"poc_summary":35,"poc_steps":35,"poc_tested_at":35,"poc_wp_version":35,"poc_php_version":35,"poc_playwright_script":35,"poc_exploit_code":35,"poc_has_trace":45,"poc_model_used":35,"poc_verification_depth":35},"CVE-2025-58914","di-themes-demo-site-importer-cross-site-request-forgery","Di Themes Demo Site Importer \u003C= 1.2 - Cross-Site Request Forgery","The Di Themes Demo Site Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-29 21:01:03",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F58898db3-e3fb-4903-8121-3a438a09122a?source=api-prod",[],false,{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":48,"trust_score":51,"computed_at":52},"dithemes",30,7350,91,88,"2026-05-19T21:02:39.028Z",[54,79,105,126,146],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":51,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":75,"download_link":76,"security_score":77,"vuln_count":25,"unpatched_count":13,"last_vuln_date":78,"fetched_at":27},"advanced-import","Advanced Import: One-Click Demo Import for WordPress","1.4.6","AddonsPress","https:\u002F\u002Fprofiles.wordpress.org\u002Faddonspress\u002F","\u003Cp>Import Data or Demo Content which is exported by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-export\u002F\" rel=\"ugc\">Advanced Export\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Advanced Import is the ultimate solution for WordPress theme and plugin developers who want to provide a seamless demo import experience for their users. With a simple one-click interface, it allows users to import demo content, widgets, customizer settings, and even Gutenberg block data effortlessly.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>One-Click Demo Import:\u003C\u002Fstrong> Easily import all demo content with a single click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizer Settings Import:\u003C\u002Fstrong> Retain your theme’s look and feel by importing customizer settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widget Data Import:\u003C\u002Fstrong> Quickly set up widgets to match your demo layout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gutenberg Blocks Import:\u003C\u002Fstrong> Import block-based content for modern themes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media Files Import:\u003C\u002Fstrong> Seamlessly upload and integrate demo media.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Friendly Hooks:\u003C\u002Fstrong> Extend or customize the import process with available actions and filters.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Use Advanced Import?\u003C\u002Fh3>\n\u003Cp>Whether you’re a theme developer offering demo content or a user setting up a site, Advanced Import makes the process hassle-free. It saves time, reduces manual setup effort, and ensures consistency between demo and live sites.\u003C\u002Fp>\n\u003Ch3>Features for Theme Author\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Code\u002FPlugin example available\u003C\u002Fli>\n\u003Cli>Support for the premium version or premium plugin of the free theme\u003C\u002Fli>\n\u003Cli>Install separate dependent plugin\u002Fs for each demo starter package of the theme\u003C\u002Fli>\n\u003Cli>Categorized available demo import starter package to type and categories\u003C\u002Fli>\n\u003Cli>Search filter keywords for demo starter packages\u003C\u002Fli>\n\u003Cli>Sufficient hooks to customize the plugin design and functionality\u003C\u002Fli>\n\u003Cli>Add demo URL\u003C\u002Fli>\n\u003Cli>Add pro URL\u003C\u002Fli>\n\u003Cli>Better experience for the user\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Dashboard Location\u003C\u002Fh3>\n\u003Ch4>Theme Demo Import Screen\u003C\u002Fh4>\n\u003Cp>Dashboard -> Appearance -> Demo Import\u003C\u002Fp>\n\u003Ch4>Zip File Import Screen\u003C\u002Fh4>\n\u003Cp>Dashboard -> Tool -> Advanced Import\u003C\u002Fp>\n","Advanced Import simplifies importing demo data for WordPress sites, enabling users to import posts, pages, media, widgets, customizer settings, and Gu &hellip;",90000,1730709,7,"2026-03-31T20:34:00.000Z","6.9.4","5.0","5.6.20",[70,71,72,73,74],"customizer-import","demo-import","gutenberg-import","theme-import","widget-import","https:\u002F\u002Faddonspress.com\u002Fitem\u002Fadvanced-import","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-import.1.4.6.zip",99,"2022-11-14 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":100,"download_link":101,"security_score":102,"vuln_count":103,"unpatched_count":13,"last_vuln_date":104,"fetched_at":27},"themegrill-demo-importer","Starter Templates & Sites Pack by ThemeGrill","2.0.0.7","ThemeGrill","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemegrill\u002F","\u003Cp>Discover a vast collection of premium starter sites and website templates. Instantly import complete demo content, widgets, and theme settings with a single click. Ideal for business websites, online courses, portfolios, blogs, and more — giving you a professional, ready-to-launch website in minutes.\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>You can contribute to the source code in our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthemegrill\u002Fthemegrill-demo-importer\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> page.\u003C\u002Fp>\n","Premium starter sites and website templates by ThemeGrill. Import demo content, widgets, and theme settings with one click.",80000,5504097,94,197,"2026-03-30T08:44:00.000Z","6.8.5","5.7","8.1.0",[19,96,97,98,99],"importer","one-click-import","theme-demos","themegrill","https:\u002F\u002Fthemegrill.com\u002Fdemo-importer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthemegrill-demo-importer.2.0.0.7.zip",93,2,"2026-03-06 00:00:00",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":103,"last_updated":116,"tested_up_to":92,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":22,"download_link":124,"security_score":77,"vuln_count":25,"unpatched_count":13,"last_vuln_date":125,"fetched_at":27},"athemes-starter-sites","aThemes Starter Sites","1.1.7","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>We’ve got a full and ever-growing library stocked with ready-made templates for any kind of business.\u003C\u002Fp>\n\u003Ch3>ATHEMES STARTER SITES\u003C\u002Fh3>\n\u003Cp>Business owners, freelancers, Online Store Owners, and creatives: get ready to build and launch an awesome website in no-time, all by yourself! With our aThemes Starter Sites plugin, you can take your pick from plenty of starter sites, such as business, portfolio, and e-commerce. Then get creative and customize it to match your branding, all without writing a single line of code. Select the demo that suits your needs, import, tweak, and go live!\u003C\u002Fp>\n\u003Ch4>Pick your website template\u003C\u002Fh4>\n\u003Cp>We’ve got a full and ever-growing library stocked with ready-made templates for any kind of business.\u003C\u002Fp>\n\u003Ch4>Add your own awesome content\u003C\u002Fh4>\n\u003Cp>Add your own text, photos, videos, vector art, and more is a breeze by Gutenberg, Elementor, and different website builders.\u003C\u002Fp>\n\u003Ch4>Customize your site\u003C\u002Fh4>\n\u003Cp>Make your starter site really yours. Tweak your site with different fonts, color palettes, and more to fit your style.\u003C\u002Fp>\n\u003Ch4>Let’s go live\u003C\u002Fh4>\n\u003Cp>Ready to grow your business with a website that stands out from the crowd? Publish your page in just a few clicks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Happy Building!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>LIST OF STARTER SITES TO IMPORT\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fathemes.com\u002Fsydney-demos\u002F\" rel=\"nofollow ugc\">Sydney Starters Sites\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fathemes.com\u002Fairi-demos\u002F\" rel=\"nofollow ugc\">Airi Starters Sites\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fathemes.com\u002Ftheme\u002Fbotiga\u002F\" rel=\"nofollow ugc\">Botiga\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","We've got a full and ever-growing library stocked with ready-made templates for any kind of business.",40000,1895222,40,"2026-03-03T16:41:00.000Z","4.0","5.4",[120,121,122,20,123],"athemes","demos","elementor","sites","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fathemes-starter-sites.1.1.7.zip","2024-07-26 21:43:39",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":136,"num_ratings":25,"last_updated":137,"tested_up_to":66,"requires_at_least":138,"requires_php":22,"tags":139,"homepage":143,"download_link":144,"security_score":136,"vuln_count":25,"unpatched_count":13,"last_vuln_date":145,"fetched_at":27},"famethemes-demo-importer","FameTheme Demo Importer","1.1.12","FameThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Ffamethemes\u002F","\u003Cp>Import your demo content, widgets and theme settings with one click for \u003Ca href=\"https:\u002F\u002Fwww.famethemes.com\u002F\" rel=\"nofollow ugc\">FameThemes\u003C\u002Fa> official themes.\u003C\u002Fp>\n\u003Cp>Get free support at \u003Ca href=\"\u002F\u002Fwww.famethemes.com\u002F)\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.famethemes.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fw0OKnqnHYo4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Add Support for your themes.\u003C\u002Fh3>\n\u003Ch3>Change Default Demo GitHub Repository.\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>apply_filters( 'demo_contents_github_repo', self::$git_repo );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Add theme to listing preview\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>apply_filters( 'demo_contents_allowed_authors', array('famethemes' => 'FameThemes','daisy themes' => 'Daisy Themes'};\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Support demo for a theme.\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create new theme demo dir in GitHub repo  \u003Ccode>username\u002Frepo-name\u002Ftheme-name\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support multiple demos for a theme.\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create new theme demo dir in GitHub repo \u003Ccode>username\u002Frepo-name\u002Ftheme-name\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Create new json file and name it  \u003Ccode>demos.json\u003C\u002Fcode>, add list demos here.\u003C\u002Fli>\n\u003Cli>Crate new demo dir and name it \u003Ccode>demos\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Add your new demo in new dir \u003Ccode>child-demo\u003C\u002Fcode>, so we have full path like this: \u003Ccode>username\u002Frepo-name\u002Ftheme-name\u002Fdemos\u002Fchild-demo\u003C\u002Fcode> and put file \u003Ccode>dummy-data.xml\u003C\u002Fcode> and \u003Ccode>config.json\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Export Demo XML\u003C\u002Fh3>\n\u003Cp>In Admin screen go to Tools -> Export\u003C\u002Fp>\n\u003Ch3>Export config.json\u003C\u002Fh3>\n\u003Cp>In Admin if user has cap \u003Ccode>export\u003C\u002Fcode>, add ?demo_contents_export in current url.\u003Cbr \u002F>\nExample: https:\u002F\u002Fexample.com\u002Fwp-admin\u002F?demo_contents_export\u003C\u002Fp>\n","FameThemes Demo importer",30000,883463,100,"2026-04-03T14:33:00.000Z","4.5",[140,141,20,142],"demo-data","famethemes","oneclick","https:\u002F\u002Fgithub.com\u002FFameThemes\u002Ffamethemes-demo-importer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffamethemes-demo-importer.zip","2024-04-26 00:00:00",{"slug":147,"name":148,"version":149,"author":150,"author_profile":151,"description":152,"short_description":153,"active_installs":154,"downloaded":155,"rating":136,"num_ratings":25,"last_updated":156,"tested_up_to":66,"requires_at_least":157,"requires_php":158,"tags":159,"homepage":160,"download_link":161,"security_score":136,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":27},"ansar-import","Ansar Import – One Click Demo Import for WordPress Themes","2.1.0","themeansar","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeansar\u002F","\u003Cp>Ansar Import is a simple yet powerful one-click demo importer plugin for WordPress. Whether you’re using a block-based Full Site Editing (FSE) theme, a classic theme, or a page builder like Elementor, Ansar Import makes it effortless to set up your theme just like the demo — in seconds.\u003C\u002Fp>\n\u003Cp>Perfect for theme users and agencies alike, Ansar Import helps you skip manual setups by importing demo content, widgets, menus, settings, templates, and theme customizations automatically.\u003C\u002Fp>\n\u003Cp>🚀 Key Features:\u003Cbr \u002F>\n✅ One Click Import – Quickly set up your site just like the theme demo.\u003C\u002Fp>\n\u003Cp>🧱 Supports FSE & Block Themes – Seamless with Full Site Editing and Gutenberg.\u003C\u002Fp>\n\u003Cp>🎨 Elementor Compatible – Easily import Elementor demo layouts and settings.\u003C\u002Fp>\n\u003Cp>🔄 Reusable Templates – Import custom templates, patterns, and starter designs.\u003C\u002Fp>\n\u003Cp>📦 Media & Content – Import pages, posts, images, menus, and widgets.\u003C\u002Fp>\n\u003Cp>🧑‍💻 Developer-Friendly Hooks – Extend or customize import logic easily.\u003C\u002Fp>\n\u003Cp>🧑‍💼 Who Is It For?\u003Cbr \u002F>\nWeb Designers & Agencies – Quickly scaffold websites from starter kits.\u003C\u002Fp>\n\u003Cp>DIY Website Owners – Set up your website like the preview in minutes.\u003C\u002Fp>\n\u003Cp>📚 How It Works:\u003Cbr \u002F>\nInstall and activate Ansar Import.\u003C\u002Fp>\n\u003Cp>Go to Appearance > Ansar Import.\u003C\u002Fp>\n\u003Cp>Select a demo and click “Import.”\u003C\u002Fp>\n\u003Cp>Your site is ready with demo content and layout.\u003C\u002Fp>\n","Easily import theme demos in one click. Simplifies starter sites setup.",20000,465163,"2026-01-05T05:24:00.000Z","6.6","7.4",[19,96,97,98],"https:\u002F\u002Fthemeansar.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fansar-import.zip",{"attackSurface":163,"codeSignals":382,"taintFlows":470,"riskAssessment":496,"analyzedAt":507},{"hooks":164,"ajaxHandlers":337,"restRoutes":379,"shortcodes":380,"cronEvents":381,"entryPointCount":271,"unprotectedCount":224},[165,171,176,178,180,182,184,186,192,197,201,204,208,211,216,220,225,229,232,234,237,240,242,245,247,249,251,254,256,258,261,263,265,268,274,278,281,284,288,292,295,300,304,308,312,314,317,321,326,330,334],{"type":166,"name":167,"callback":168,"file":169,"line":170},"action","admin_notices","dtdsi_old_php_admin_error_notice","di-themes-demo-site-importer.php",32,{"type":172,"name":173,"callback":174,"file":169,"line":175},"filter","upload_mimes","dtdsi_allow_svg_mime_types",65,{"type":172,"name":173,"callback":174,"file":169,"line":177},80,{"type":172,"name":173,"callback":174,"file":169,"line":179},95,{"type":172,"name":173,"callback":174,"file":169,"line":181},110,{"type":172,"name":173,"callback":174,"file":169,"line":183},125,{"type":172,"name":173,"callback":174,"file":169,"line":185},140,{"type":166,"name":187,"callback":188,"priority":189,"file":190,"line":191},"admin_menu","add_page",999,"inc\\di-multipurpose\\class-install-demos.php",15,{"type":166,"name":193,"callback":194,"file":195,"line":196},"admin_init","init","inc\\di-multipurpose\\demos.php",35,{"type":166,"name":198,"callback":199,"file":195,"line":200},"admin_enqueue_scripts","scripts",36,{"type":172,"name":173,"callback":202,"file":195,"line":203},"allow_xml_uploads",37,{"type":166,"name":205,"callback":206,"file":195,"line":207},"admin_footer","popup",38,{"type":172,"name":173,"callback":209,"file":195,"line":210},"allow_svg_mime_types",1684,{"type":172,"name":212,"callback":213,"file":214,"line":215},"import_post_meta_key","is_valid_meta_key","inc\\di-multipurpose\\importers\\class-wordpress-importer.php",120,{"type":172,"name":217,"callback":218,"file":214,"line":219},"http_request_timeout","bump_request_timeout",121,{"type":172,"name":221,"callback":222,"file":223,"line":224},"pt-ocdi\u002Fdisable_pt_branding","__return_true","inc\\di-themes\\di-blog\\import-settings.php",3,{"type":172,"name":226,"callback":227,"file":223,"line":228},"pt-ocdi\u002Fimport_files","dtdsi_di_blog_ocdi_import_files",19,{"type":166,"name":230,"callback":231,"file":223,"line":177},"pt-ocdi\u002Fafter_import","dtdsi_di_blog_after_import_setup",{"type":172,"name":221,"callback":222,"file":233,"line":224},"inc\\di-themes\\di-business\\import-settings.php",{"type":172,"name":226,"callback":235,"file":233,"line":236},"dtdsi_di_business_ocdi_import_files",23,{"type":166,"name":230,"callback":238,"file":233,"line":239},"dtdsi_di_business_after_import_setup",83,{"type":172,"name":221,"callback":222,"file":241,"line":224},"inc\\di-themes\\di-ecommerce\\import-settings.php",{"type":172,"name":226,"callback":243,"file":241,"line":244},"dtdsi_di_ecommerce_ocdi_import_files",24,{"type":166,"name":230,"callback":246,"file":241,"line":239},"dtdsi_di_ecommerce_after_import_setup",{"type":172,"name":221,"callback":222,"file":248,"line":224},"inc\\di-themes\\di-magazine\\import-settings.php",{"type":172,"name":226,"callback":250,"file":248,"line":236},"dtdsi_di_magazine_import_files",{"type":166,"name":230,"callback":252,"file":248,"line":253},"dtdsi_di_magazine_after_import_setup",48,{"type":172,"name":221,"callback":222,"file":255,"line":224},"inc\\di-themes\\di-responsive\\import-settings.php",{"type":172,"name":226,"callback":257,"file":255,"line":236},"dtdsi_di_responsive_ocdi_import_files",{"type":166,"name":230,"callback":259,"file":255,"line":260},"dtdsi_di_responsive_after_import_setup",85,{"type":172,"name":221,"callback":222,"file":262,"line":224},"inc\\di-themes\\di-restaurant\\import-settings.php",{"type":172,"name":226,"callback":264,"file":262,"line":244},"dtdsi_di_restaurant_ocdi_import_files",{"type":166,"name":230,"callback":266,"file":262,"line":267},"dtdsi_di_restaurant_after_import_setup",82,{"type":166,"name":269,"callback":270,"priority":271,"file":272,"line":273},"pt-ocdi\u002Fbefore_content_import_execution","before_content_import_action",10,"inc\\ocdi\\inc\\ImportActions.php",17,{"type":166,"name":275,"callback":276,"priority":271,"file":272,"line":277},"pt-ocdi\u002Fafter_content_import_execution","before_widget_import_action",20,{"type":166,"name":275,"callback":279,"priority":277,"file":272,"line":280},"widgets_import",21,{"type":166,"name":275,"callback":282,"priority":48,"file":272,"line":283},"redux_import",22,{"type":166,"name":285,"callback":286,"priority":271,"file":272,"line":287},"pt-ocdi\u002Fcustomizer_import_execution","customizer_import",25,{"type":166,"name":289,"callback":290,"priority":271,"file":272,"line":291},"pt-ocdi\u002Fafter_all_import_execution","after_import_action",28,{"type":166,"name":293,"callback":294,"file":272,"line":170},"pt-ocdi\u002Fwidget_settings_array","fix_custom_menu_widget_ids",{"type":172,"name":296,"callback":297,"file":298,"line":299},"wxr_importer.pre_process.user","__return_false","inc\\ocdi\\inc\\Importer.php",126,{"type":172,"name":301,"callback":302,"file":298,"line":303},"wxr_importer.pre_process.post","new_ajax_request_maybe",129,{"type":172,"name":305,"callback":306,"file":298,"line":307},"intermediate_image_sizes_advanced","__return_null",133,{"type":166,"name":187,"callback":309,"file":310,"line":311},"create_plugin_page","inc\\ocdi\\inc\\OneClickDemoImport.php",105,{"type":166,"name":198,"callback":198,"file":310,"line":313},106,{"type":166,"name":315,"callback":316,"file":310,"line":181},"after_setup_theme","setup_plugin_with_filter_data",{"type":166,"name":318,"callback":319,"file":310,"line":320},"plugins_loaded","load_textdomain",111,{"type":172,"name":322,"callback":323,"file":324,"line":325},"pt-ocdi\u002Ftime_for_one_ajax_call","closure","inc\\ocdi\\inc\\WPCLICommands.php",190,{"type":172,"name":327,"callback":328,"priority":271,"file":329,"line":291},"wxr_importer.pre_process.term","woocommerce_product_attributes_registration","inc\\ocdi\\inc\\WXRImporter.php",{"type":166,"name":167,"callback":331,"file":332,"line":333},"old_php_admin_error_notice","inc\\ocdi\\one-click-demo-import.php",31,{"type":166,"name":193,"callback":335,"file":332,"line":336},"set_plugin_version_constant",78,[338,343,347,351,355,359,363,367,371,375],{"action":339,"nopriv":45,"callback":340,"hasNonce":341,"hasCapCheck":341,"file":195,"line":342},"dmdi_ajax_get_demo_data","ajax_demo_data",true,53,{"action":344,"nopriv":45,"callback":345,"hasNonce":45,"hasCapCheck":341,"file":195,"line":346},"dmdi_ajax_required_plugins_activate","ajax_required_plugins_activate",54,{"action":348,"nopriv":45,"callback":349,"hasNonce":341,"hasCapCheck":341,"file":195,"line":350},"dmdi_ajax_get_import_data","ajax_get_import_data",57,{"action":352,"nopriv":45,"callback":353,"hasNonce":341,"hasCapCheck":341,"file":195,"line":354},"dmdi_ajax_import_xml","ajax_import_xml",60,{"action":356,"nopriv":45,"callback":357,"hasNonce":341,"hasCapCheck":341,"file":195,"line":358},"dmdi_ajax_import_theme_settings","ajax_import_theme_settings",63,{"action":360,"nopriv":45,"callback":361,"hasNonce":341,"hasCapCheck":341,"file":195,"line":362},"dmdi_ajax_import_widgets","ajax_import_widgets",66,{"action":364,"nopriv":45,"callback":365,"hasNonce":341,"hasCapCheck":341,"file":195,"line":366},"dmdi_after_import","ajax_after_import",69,{"action":368,"nopriv":45,"callback":369,"hasNonce":45,"hasCapCheck":45,"file":310,"line":370},"ocdi_import_demo_data","import_demo_data_ajax_callback",107,{"action":372,"nopriv":45,"callback":373,"hasNonce":45,"hasCapCheck":45,"file":310,"line":374},"ocdi_import_customizer_data","import_customizer_data_ajax_callback",108,{"action":376,"nopriv":45,"callback":377,"hasNonce":45,"hasCapCheck":45,"file":310,"line":378},"ocdi_after_import_data","after_all_import_data_ajax_callback",109,[],[],[],{"dangerousFunctions":383,"sqlUsage":392,"outputEscaping":395,"fileOperations":280,"externalRequests":393,"nonceChecks":468,"capabilityChecks":468,"bundledLibraries":469},[384,388],{"fn":385,"file":386,"line":287,"context":387},"unserialize","inc\\di-multipurpose\\importers\\class-settings-importer.php","$data = @unserialize( $raw );",{"fn":385,"file":389,"line":390,"context":391},"inc\\ocdi\\inc\\CustomizerImporter.php",87,"$data = unserialize( $raw );",{"prepared":393,"raw":13,"locations":394},4,[],{"escaped":396,"rawEcho":196,"locations":397},164,[398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442,444,446,448,450,452,454,456,458,460,462,464,466],{"file":190,"line":102,"context":399},"raw output",{"file":195,"line":401,"context":399},1377,{"file":195,"line":403,"context":399},1381,{"file":195,"line":405,"context":399},1557,{"file":195,"line":407,"context":399},1610,{"file":195,"line":409,"context":399},1730,{"file":195,"line":411,"context":399},1765,{"file":214,"line":413,"context":399},149,{"file":214,"line":415,"context":399},150,{"file":214,"line":417,"context":399},158,{"file":214,"line":419,"context":399},193,{"file":214,"line":421,"context":399},194,{"file":214,"line":423,"context":399},209,{"file":214,"line":425,"context":399},213,{"file":214,"line":427,"context":399},222,{"file":214,"line":429,"context":399},276,{"file":214,"line":431,"context":399},278,{"file":214,"line":433,"context":399},324,{"file":214,"line":435,"context":399},334,{"file":214,"line":437,"context":399},337,{"file":214,"line":439,"context":399},345,{"file":214,"line":441,"context":399},354,{"file":214,"line":443,"context":399},405,{"file":214,"line":445,"context":399},457,{"file":214,"line":447,"context":399},502,{"file":214,"line":449,"context":399},557,{"file":214,"line":451,"context":399},750,{"file":214,"line":453,"context":399},783,{"file":214,"line":455,"context":399},1267,{"file":214,"line":457,"context":399},1289,{"file":214,"line":459,"context":399},1290,{"file":461,"line":200,"context":399},"inc\\di-multipurpose\\importers\\parsers\\class-wxr-parser.php",{"file":461,"line":463,"context":399},39,{"file":461,"line":465,"context":399},42,{"file":461,"line":467,"context":399},43,9,[],[471,488],{"entryPoint":472,"graph":473,"unsanitizedCount":13,"severity":487},"ajax_demo_data (inc\\di-multipurpose\\demos.php:1348)",{"nodes":474,"edges":485},[475,480],{"id":476,"type":477,"label":478,"file":195,"line":479},"n0","source","$_GET (x2)",1365,{"id":481,"type":482,"label":483,"file":195,"line":401,"wp_function":484},"n1","sink","echo() [XSS]","echo",[486],{"from":476,"to":481,"sanitized":341},"low",{"entryPoint":489,"graph":490,"unsanitizedCount":13,"severity":487},"\u003Cdemos> (inc\\di-multipurpose\\demos.php:0)",{"nodes":491,"edges":494},[492,493],{"id":476,"type":477,"label":478,"file":195,"line":479},{"id":481,"type":482,"label":483,"file":195,"line":401,"wp_function":484},[495],{"from":476,"to":481,"sanitized":341},{"summary":497,"deductions":498},"The \"di-themes-demo-site-importer\" plugin v1.2 presents a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements, a robust number of nonce and capability checks relative to its entry points, and a low percentage of improperly escaped outputs. Taint analysis shows no critical or high severity vulnerabilities and no unsanitized paths, indicating a generally good effort in preventing common injection flaws.\n\nHowever, significant concerns remain. The presence of two instances of the dangerous `unserialize` function, especially in the context of an importer plugin, poses a notable risk for object injection vulnerabilities if not handled with extreme care and proper sanitization. Furthermore, the plugin exposes 3 AJAX handlers without any authentication checks. This lack of authorization on these entry points is a critical flaw, potentially allowing unauthenticated users to trigger sensitive actions.\n\nThe plugin's vulnerability history reveals a past medium-severity vulnerability, specifically Cross-Site Request Forgery (CSRF). While this was not a critical or high severity issue, the fact that one medium vulnerability is currently unpatched is a direct concern. The overall pattern suggests that while the developers are addressing some security aspects, oversight in critical areas like authentication on AJAX endpoints and the safe handling of serialized data needs improvement. The plugin's strengths in SQL and output escaping are overshadowed by the direct risks of unprotected AJAX actions and the potential for object injection via `unserialize`.",[499,502,504],{"reason":500,"points":501},"Unpatched CVEs",18,{"reason":503,"points":191},"Unprotected AJAX handlers",{"reason":505,"points":506},"Dangerous function: unserialize",12,"2026-03-16T18:59:45.526Z",{"wat":509,"direct":527},{"assetPaths":510,"generatorPatterns":524,"scriptPaths":525,"versionParams":526},[511,512,513,514,515,516,517,518,519,520,521,522,523],"\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Focdi\u002Fone-click-demo-import.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-themes\u002Fdi-business\u002Fimport-settings.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-themes\u002Fdi-blog\u002Fimport-settings.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-themes\u002Fdi-responsive\u002Fimport-settings.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-themes\u002Fdi-ecommerce\u002Fimport-settings.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-themes\u002Fdi-magazine\u002Fimport-settings.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-themes\u002Fdi-restaurant\u002Fimport-settings.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-multipurpose\u002Fdemos.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-multipurpose\u002Fimporters\u002Fclass-wordpress-importer.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-multipurpose\u002Fimporters\u002Fparsers\u002Fclass-wxr-parser.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-multipurpose\u002Fimporters\u002Fparsers\u002Fclass-wxr-parser-simplexml.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-multipurpose\u002Fimporters\u002Fparsers\u002Fclass-wxr-parser-xml.php","\u002Fwp-content\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Finc\u002Fdi-multipurpose\u002Fimporters\u002Fparsers\u002Fclass-wxr-parser-regex.php",[],[],[],{"cssClasses":528,"htmlComments":529,"htmlAttributes":530,"restEndpoints":531,"jsGlobals":532,"shortcodeOutput":533},[],[],[],[],[],[],{"error":341,"url":535,"statusCode":536,"statusMessage":537,"message":537},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdi-themes-demo-site-importer\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":103,"versions":539},[540,546],{"version":6,"download_url":23,"svn_tag_url":541,"released_at":35,"has_diff":45,"diff_files_changed":542,"diff_lines":35,"trac_diff_url":543,"vulnerabilities":544,"is_current":341},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdi-themes-demo-site-importer\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdi-themes-demo-site-importer%2Ftags%2F1.1.7&new_path=%2Fdi-themes-demo-site-importer%2Ftags%2F1.2",[545],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35},{"version":108,"download_url":547,"svn_tag_url":548,"released_at":35,"has_diff":45,"diff_files_changed":549,"diff_lines":35,"trac_diff_url":35,"vulnerabilities":550,"is_current":45},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdi-themes-demo-site-importer.1.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdi-themes-demo-site-importer\u002Ftags\u002F1.1.7\u002F",[],[551],{"id":31,"url_slug":32,"title":33,"severity":37,"cvss_score":38,"vuln_type":40,"patched_in_version":35}]