Does EnvoThemes Demo Import have any unpatched vulnerabilities?

No. All known vulnerabilities in EnvoThemes Demo Import have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EnvoThemes Demo Import compatible with WordPress 6.1.10?

According to WordPress.org data, EnvoThemes Demo Import 1.3.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is EnvoThemes Demo Import compatible with PHP 5.4.0+?

EnvoThemes Demo Import requires PHP 5.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is EnvoThemes Demo Import updated?

EnvoThemes Demo Import was last updated on Dec 9, 2022. Frequent updates are generally a positive security signal.

What is EnvoThemes Demo Import's security score?

EnvoThemes Demo Import has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EnvoThemes Demo Import Security & Risk Analysis

wordpress.org/plugins/envothemes-demo-import

Import EnvoThemes official themes demo content, widgets and theme settings with just one click.

3K active installs v1.3.0 PHP 5.4.0+ WP 4.5+ Updated Dec 9, 2022

contentdatademoimportwordpress

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is EnvoThemes Demo Import Safe to Use in 2026?

Generally Safe

Score 85/100

EnvoThemes Demo Import has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The plugin "envothemes-demo-import" v1.3.0 exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history is a significant positive indicator, suggesting a well-maintained and secure codebase. The plugin also demonstrates good practices with 100% of SQL queries using prepared statements and a respectable 71% of output properly escaped. Furthermore, the presence of numerous capability and nonce checks across its entry points is commendable.

However, there are a few areas of concern. The presence of the `unserialize` function, while not explicitly shown to be vulnerable in this analysis, is a known attack vector if not handled with extreme caution and sanitization, especially when dealing with user-supplied input. The taint analysis revealing "flows with unsanitized paths" is also a red flag, even if no critical or high severity issues were identified. This indicates potential pathways for malicious data to enter the application without proper validation, which could lead to unexpected behavior or vulnerabilities in other contexts. The total number of file operations (21) is also notable and warrants careful review in conjunction with the unsanitized paths.

In conclusion, while the plugin has a strong foundation with no known exploitable vulnerabilities and good coding practices for SQL and output handling, the `unserialize` function and the identified unsanitized paths represent potential weaknesses. These areas, if not rigorously secured and monitored, could become points of exploitation. The lack of historical vulnerabilities is a good sign, but the static analysis signals these specific code patterns require continued scrutiny.

Key Concerns

Dangerous function unserialize present
Flows with unsanitized paths found

Vulnerabilities

None known

EnvoThemes Demo Import Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

EnvoThemes Demo Import Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

175 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = @unserialize( $raw );includes\panel\classes\importers\class-settings-importer.php:25

SQL Query Safety

100% prepared4 total queries

Output Escaping

71% escaped246 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

10 flows3 with unsanitized paths

envothemes_review_notice_message (includes\notify\notify.php:45)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

EnvoThemes Demo Import Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 8

authwp_ajax_envo_ajax_get_demo_dataincludes\panel\demos.php:56

authwp_ajax_envo_ajax_required_plugins_activateincludes\panel\demos.php:57

authwp_ajax_envo_ajax_get_import_dataincludes\panel\demos.php:60

authwp_ajax_envo_ajax_import_xmlincludes\panel\demos.php:63

authwp_ajax_envo_ajax_import_theme_settingsincludes\panel\demos.php:66

authwp_ajax_envo_ajax_import_widgetsincludes\panel\demos.php:69

authwp_ajax_envo_after_importincludes\panel\demos.php:72

authwp_ajax_envo_wizard_ajax_get_demo_dataincludes\wizard\classes\WizardAjax.php:9

WordPress Hooks 21

actioninitenvothemes-demo-import.php:100

actionadmin_enqueue_scriptsenvothemes-demo-import.php:103

actionadmin_initenvothemes-demo-import.php:214

actionadmin_noticesincludes\notify\notify.php:36

actionadmin_initincludes\notify\notify.php:40

actionadmin_noticesincludes\notify\notify.php:153

actionadmin_initincludes\notify\notify.php:157

actionadmin_noticesincludes\notify\notify.php:239

actionadmin_initincludes\notify\notify.php:244

actionadmin_menuincludes\panel\classes\class-install-demos.php:21

filterimport_post_meta_keyincludes\panel\classes\importers\class-wordpress-importer.php:123

filterhttp_request_timeoutincludes\panel\classes\importers\class-wordpress-importer.php:124

actionadmin_initincludes\panel\demos.php:36

actionadmin_enqueue_scriptsincludes\panel\demos.php:39

filterupload_mimesincludes\panel\demos.php:42

actionadmin_footerincludes\panel\demos.php:45

actionadmin_menuincludes\wizard\wizard.php:35

actionadmin_initincludes\wizard\wizard.php:36

actionwp_loadedincludes\wizard\wizard.php:37

actionadmin_print_stylesincludes\wizard\wizard.php:38

actionadd_second_noticeincludes\wizard\wizard.php:39

Scheduled Events 2

add_second_notice

Maintenance & Trust

EnvoThemes Demo Import Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedDec 9, 2022

PHP min version5.4.0

Downloads408K

Community Trust

Rating100/100

Number of ratings1

Active installs3K

Alternatives

EnvoThemes Demo Import Alternatives

Rara One Click Demo Import

rara-one-click-demo-import

Make your website look like the live demo of the theme with a click!

20K 1 CVE

TutorMate

tutormate

100

TutorMate is a Tutor Starter theme companion plugin to import predesigned stylish demo pages to eLearning sites powered by Tutor LMS plugin.

10K No CVEs

SKT Themes Demo Import

skt-themes-demo-importer

100

Live demo content can be imported quickly in just one click including all widgets and settings.

5K No CVEs

Theme Demo Import

theme-demo-import

Quickly import demo content, widgets and settings in one click. Made for theme authors to simplify importing demo content for their users.

5K 2 unpatched

Fable Extra

fable-extra

Used for WP Fable Themes.

4K 3 CVEs

Developer Profile

EnvoThemes Demo Import Developer Profile

EnvoThemes

16 plugins · 90K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

27 days

View full developer profile

Detection Fingerprints

How We Detect EnvoThemes Demo Import

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/envothemes-demo-import/includes/panel/assets/css/notify.css

HTML / DOM Fingerprints

CSS Classes

install-demos

FAQ