WP-Safety

Easy Demo Importer – A Modern One-Click Demo Import Solution Security & Risk Analysis

wordpress.org/plugins/easy-demo-importer

A one-click, user-friendly WordPress plugin for effortlessly importing theme demos and customizing your website in no time.

2K active installs v1.1.6 PHP 7.4+ WP 5.5+ Updated Feb 27, 2026
content-import-plugindemo-importerone-click-demo-importertheme-demo-importerwordpress-demo-importer
99
A · Safe
CVEs total1
Unpatched0
Last CVEOct 3, 2024
Plugin page Download
Safety Verdict

Is Easy Demo Importer – A Modern One-Click Demo Import Solution Safe to Use in 2026?

Generally Safe

Score 99/100

Easy Demo Importer – A Modern One-Click Demo Import Solution has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 3, 2024Updated 1mo ago
Risk Assessment

The "easy-demo-importer" plugin version 1.1.6 exhibits a mixed security posture. While it demonstrates good practices in terms of output escaping and utilizing prepared statements for SQL queries, significant concerns arise from its attack surface. A total of 12 AJAX handlers are exposed, all of which lack authentication checks, presenting a substantial risk of unauthorized actions. The presence of the "unserialize" function, a known source of vulnerabilities if not handled with extreme care, is also a point of concern, although no critical or high severity taint flows were detected in static analysis, suggesting it may be used in a controlled manner or the taint analysis was limited.

The plugin's vulnerability history indicates a past medium severity Cross-Site Scripting (XSS) vulnerability, which was addressed. The absence of currently unpatched CVEs is positive, but the past vulnerability highlights potential weaknesses in input sanitization or output escaping in other areas not fully captured by the static analysis. The lack of any identified taint flows is promising, but it is crucial to consider the large number of unprotected entry points as a primary risk vector. In conclusion, while the plugin has strengths in output handling and SQL security, the extensive unprotected AJAX endpoints and the presence of "unserialize" introduce notable risks that require careful attention and potential mitigation.

Key Concerns

  • 12 AJAX handlers without auth checks
  • Presence of unserialize function
  • 1 medium severity CVE in history
Vulnerabilities
1

Easy Demo Importer – A Modern One-Click Demo Import Solution Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-9071medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Demo Importer – A Modern One-Click Demo Import Solution <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Oct 3, 2024 Patched in 1.1.3 (1d)
Code Analysis
Analyzed Mar 16, 2026

Easy Demo Importer – A Modern One-Click Demo Import Solution Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
41 prepared
Unescaped Output
0
90 escaped
Nonce Checks
5
Capability Checks
8
File Operations
10
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserializereturn @unserialize( $serialized_string );inc\Common\Models\DBSearchReplace.php:457

SQL Query Safety

98% prepared42 total queries

Output Escaping

100% escaped90 total outputs
Attack Surface
12 unprotected

Easy Demo Importer – A Modern One-Click Demo Import Solution Attack Surface

Entry Points12
Unprotected12

AJAX Handlers 12

authwp_ajax_sd_edi_activate_pluginsinc\App\Ajax\Backend\ActivatePlugins.php:79
authwp_ajax_sd_edi_import_customizerinc\App\Ajax\Backend\CustomizerImport.php:56
authwp_ajax_sd_edi_download_demo_filesinc\App\Ajax\Backend\DownloadFiles.php:55
authwp_ajax_sd_edi_finalize_demoinc\App\Ajax\Backend\Finalize.php:55
authwp_ajax_sd_edi_import_fluent_formsinc\App\Ajax\Backend\ImportFluentForms.php:58
authwp_ajax_sd_edi_import_menusinc\App\Ajax\Backend\ImportMenus.php:55
authwp_ajax_sd_edi_import_rev_sliderinc\App\Ajax\Backend\ImportRevSlider.php:55
authwp_ajax_sd_edi_import_settingsinc\App\Ajax\Backend\ImportSettings.php:55
authwp_ajax_sd_edi_import_widgetsinc\App\Ajax\Backend\ImportWidgets.php:56
authwp_ajax_sd_edi_install_demoinc\App\Ajax\Backend\Initialize.php:56
authwp_ajax_sd_edi_import_xmlinc\App\Ajax\Backend\InstallDemo.php:56
authwp_ajax_sd_edi_install_pluginsinc\App\Ajax\Backend\InstallPlugins.php:82
WordPress Hooks 22
actioniniteasy-demo-importer.php:66
filterintermediate_image_sizes_advancedinc\App\Ajax\Backend\InstallDemo.php:137
filterwp_generate_attachment_metadatainc\App\Ajax\Backend\InstallDemo.php:138
actionadmin_initinc\App\Backend\DeactivateNotice.php:92
actionadmin_initinc\App\Backend\DeactivateNotice.php:93
actionadmin_enqueue_scriptsinc\App\Backend\Enqueue.php:67
actionadmin_initinc\App\Backend\Pages.php:128
actioninitinc\App\General\Hooks.php:67
actionsd/edi/importer_initinc\App\General\Hooks.php:70
actionsd/edi/after_plugin_activationinc\App\General\Hooks.php:73
actionsd/edi/before_importinc\App\General\Hooks.php:76
actionsd/edi/after_importinc\App\General\Hooks.php:79
filterupload_mimesinc\App\General\Hooks.php:91
filterwp_handle_upload_prefilterinc\App\General\Hooks.php:94
filterwp_check_filetype_and_extinc\App\General\Hooks.php:97
actionrest_api_initinc\App\Rest\RestEndpoints.php:70
filterbig_image_size_thresholdinc\Common\Functions\Actions.php:116
actionafter_setup_themeinc\Common\Functions\Functions.php:68
actionadmin_menuinc\Common\Models\AdminPage.php:59
actionadmin_initinc\Common\Utils\Errors.php:47
actionadmin_noticesinc\Common\Utils\Notice.php:77
filtersd/edi/importer/configsamples\sample-config.php:24
Maintenance & Trust

Easy Demo Importer – A Modern One-Click Demo Import Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 27, 2026
PHP min version7.4
Downloads16K

Community Trust

Rating100/100
Number of ratings2
Active installs2K
Alternatives

Easy Demo Importer – A Modern One-Click Demo Import Solution Alternatives

Scintilla Demo Importer

Scintilla Demo Importer

scintilla-demo-importer

A
100

Imports a demo category and 5 sample blog posts with random titles.

10 No CVEs
Simple Theme Demo Importer Plugin

Simple Theme Demo Importer Plugin

simple-theme-demo-importer

A
85

Simple Theme Demo Importer plugin will help to import the theme demo content based on the Demos are available. Easily customizable for the Theme Devel &hellip;

70 No CVEs
Blaze Demo Importer

Blaze Demo Importer

blaze-demo-importer

A
96

Blaze Demo Importer can be used in all the official themes developed by BlazeThemes.

8K 2 CVEs
Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

cozy-essential-addons

A
100

Cozy Essential Addons is the free WordPress plugin for Custom post type and provides basic skeletal for custom post type list.

7K No CVEs
HashThemes Demo Importer

HashThemes Demo Importer

hashthemes-demo-importer

A
99

Transforming website setups from headache to 'click, click, done!

6K 1 CVE
Developer Profile

Easy Demo Importer – A Modern One-Click Demo Import Solution Developer Profile

Sigma Devs

1 plugin · 2K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Easy Demo Importer – A Modern One-Click Demo Import Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-demo-importer/build/app.js/wp-content/plugins/easy-demo-importer/build/app.css
Script Paths
/wp-content/plugins/easy-demo-importer/build/app.js
Version Parameters
easy-demo-importer/build/app.js?ver=easy-demo-importer/build/app.css?ver=

HTML / DOM Fingerprints

JS Globals
sd_edi
REST Endpoints
/wp-json/sd/edi/v1/import/list/wp-json/sd/edi/v1/plugin/list/wp-json/sd/edi/v1/server/status
FAQ

Frequently Asked Questions about Easy Demo Importer – A Modern One-Click Demo Import Solution