[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flDMdVbSKNbjOFXLMgopggAWWupftyS77mP4b-cchnzw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":14,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":47,"crawl_stats":36,"alternatives":54,"analysis":145,"fingerprints":374},"famethemes-demo-importer","FameTheme Demo Importer","1.1.11","FameThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Ffamethemes\u002F","\u003Cp>Import your demo content, widgets and theme settings with one click for \u003Ca href=\"https:\u002F\u002Fwww.famethemes.com\u002F\" rel=\"nofollow ugc\">FameThemes\u003C\u002Fa> official themes.\u003C\u002Fp>\n\u003Cp>Get free support at \u003Ca href=\"\u002F\u002Fwww.famethemes.com\u002F)\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.famethemes.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fw0OKnqnHYo4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Add Support for your themes.\u003C\u002Fh3>\n\u003Ch3>Change Default Demo GitHub Repository.\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>apply_filters( 'demo_contents_github_repo', self::$git_repo );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Add theme to listing preview\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>apply_filters( 'demo_contents_allowed_authors', array('famethemes' => 'FameThemes','daisy themes' => 'Daisy Themes'};\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Support demo for a theme.\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create new theme demo dir in GitHub repo  \u003Ccode>username\u002Frepo-name\u002Ftheme-name\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support multiple demos for a theme.\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create new theme demo dir in GitHub repo \u003Ccode>username\u002Frepo-name\u002Ftheme-name\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Create new json file and name it  \u003Ccode>demos.json\u003C\u002Fcode>, add list demos here.\u003C\u002Fli>\n\u003Cli>Crate new demo dir and name it \u003Ccode>demos\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Add your new demo in new dir \u003Ccode>child-demo\u003C\u002Fcode>, so we have full path like this: \u003Ccode>username\u002Frepo-name\u002Ftheme-name\u002Fdemos\u002Fchild-demo\u003C\u002Fcode> and put file \u003Ccode>dummy-data.xml\u003C\u002Fcode> and \u003Ccode>config.json\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Export Demo XML\u003C\u002Fh3>\n\u003Cp>In Admin screen go to Tools -> Export\u003C\u002Fp>\n\u003Ch3>Export config.json\u003C\u002Fh3>\n\u003Cp>In Admin if user has cap \u003Ccode>export\u003C\u002Fcode>, add ?demo_contents_export in current url.\u003Cbr \u002F>\nExample: https:\u002F\u002Fexample.com\u002Fwp-admin\u002F?demo_contents_export\u003C\u002Fp>\n","FameThemes Demo importer",30000,869929,100,1,"2025-04-16T01:01:00.000Z","6.8.5","4.5","",[20,21,22,23],"demo-data","famethemes","import","oneclick","https:\u002F\u002Fgithub.com\u002FFameThemes\u002Ffamethemes-demo-importer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffamethemes-demo-importer.zip",99,0,"2024-04-26 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2024-33679","fametheme-demo-importer-cross-site-request-forgery","FameTheme Demo Importer \u003C= 1.1.5 - Cross-Site Request Forgery","The FameTheme Demo Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the ajax_import function. This makes it possible for unauthenticated attackers to import demo content and change the active theme, including invalid themes, resulting in Denial of Service, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.1.5","1.1.6","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-06-05 19:35:07",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F09f450bb-28c1-4c1e-ae13-afd53759e02f?source=api-prod",41,{"slug":21,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},5,104300,91,23,88,"2026-04-04T14:04:45.250Z",[55,71,91,107,124],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":27,"num_ratings":27,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":66,"tags":67,"homepage":18,"download_link":70,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"keon-toolset","Keon Toolset","2.4.5","keonthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeonthemes\u002F","\u003Cp>A demo importer plugin that makes importing starter sites effortless for building your website!\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fpxhere.com\u002Fen\u002Flicense [CCO License]\u003C\u002Fp>\n","Import dummy data for themes developed by Keon Themes.",1490109,"2026-01-07T05:31:00.000Z","6.9.4","4.6",[20,68,69],"demo-data-importer","one-click-demo-import","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeon-toolset.2.4.5.zip",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":27,"num_ratings":27,"last_updated":81,"tested_up_to":16,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":18,"download_link":90,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"acme-demo-setup","Acme Demo Setup","2.1.2","Acme Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Facmethemes\u002F","\u003Cp>Setup your site theme from \u003Ca href=\"https:\u002F\u002Fwww.acmethemes.com\u002F\" rel=\"nofollow ugc\">Acme Themes\u003C\u002Fa> site with template library dummy data easily. Import settings, widgets and content with one click. Acme Demo Setup requires \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-import\u002F\" rel=\"ugc\">Advanced Import\u003C\u002Fa> Plugin to work normally.\u003C\u002Fp>\n\u003Cp>While you use Acme Demo Setup to import demo starter site, Images and demo files are fetches from respected theme Demo Sites form Acme Themes. This helps you to import starter dmeo site with a single click. You must accept \u003Ca href=\"https:\u002F\u002Fwww.acmethemes.com\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">terms\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.acmethemes.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">privacy\u003C\u002Fa> to use Acme Demo Setup Plugin.\u003C\u002Fp>\n","Easily set up your site with dummy data. Import settings, widgets, and content in one click using Advanced Import.",10000,625996,"2025-04-18T07:00:00.000Z","4.8","5.6.20",[85,86,87,88,89],"acmethemes","advanced-import","demo-import","dummydata","oneclick-demo-import","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facme-demo-setup.2.1.2.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":79,"downloaded":99,"rating":27,"num_ratings":27,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":103,"tags":104,"homepage":18,"download_link":105,"security_score":106,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"cyclone-demo-importer","Cyclone Demo Importer","2.9.60","Cyclone Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyclonetheme\u002F","\u003Cp>A easy plugin to import dummy data for themes by Cyclone Themes.\u003C\u002Fp>\n","Import Dummy data for themes developed by Cyclone Themes.",537787,"2024-06-18T09:59:00.000Z","6.5.8","4.9","5.6",[20,69],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcyclone-demo-importer.2.9.60.zip",92,{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":27,"num_ratings":27,"last_updated":117,"tested_up_to":65,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":18,"download_link":123,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"blockskit","Blockskit","1.2.2","BlockskitDev","https:\u002F\u002Fprofiles.wordpress.org\u002Fblockskitdev\u002F","\u003Cp>An easy plugin to import starter sites and add different effects to the image.\u003C\u002Fp>\n","An easy plugin to import starter sites and add different effects to the image.",8000,88023,"2025-12-21T10:23:00.000Z","5.9","7.4.9",[121,20,68,122,69],"block","image-block","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblockskit.1.2.2.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":13,"num_ratings":14,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":103,"tags":137,"homepage":142,"download_link":143,"security_score":50,"vuln_count":14,"unpatched_count":27,"last_vuln_date":144,"fetched_at":29},"sparkle-demo-importer","Sparkle Demo Importer","1.4.8","Sparkle WP","https:\u002F\u002Fprofiles.wordpress.org\u002Fsparklewpthemes\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002F\" rel=\"nofollow ugc\">Home\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdocs.sparklewpthemes.com\u002F\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fthemes\u002Fpremium-wordpress-theme\u002F\" rel=\"nofollow ugc\">Premium\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fthemes\u002F\" rel=\"nofollow ugc\">All themes\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fplugins\u002F\" rel=\"nofollow ugc\">Plugins\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fblogs\" rel=\"nofollow ugc\">Blog\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FPJMDFKG52C4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Sparkle Demo Importer imports sparkle themes full demo with just one click. It is specially developed for demo import purpose. This plugin works for theme developed by SparleThemes and if other themes wants to use then they have to use \u003Cstrong>action\u003C\u002Fstrong> filter to work.\u003C\u002Fp>\n\u003Cp>You just need to define the array that includes the location of the demo zip files and other related info.\u003C\u002Fp>\n\u003Ch3>Get the outstanding themes from Sparkle Themes\u003C\u002Fh3>\n\u003Cp>__ Check all of our \u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fthemes\u002Ffree-wordpress-theme\u002F\" rel=\"nofollow ugc\">Free\u003C\u002Fa> themes __\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Feducation-wordpress-theme\u002F\" rel=\"nofollow ugc\">Educenter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fconstruction-wordpress-theme\u002F\" rel=\"nofollow ugc\">Construction Light\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fappzend-multipurpose-business-wordpress-themes\u002F\" rel=\"nofollow ugc\">AppZend\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Ffree-ecommerce-wordpress-theme\u002F\" rel=\"nofollow ugc\">Sparkle Store\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fecommerce-online-shopping\u002F\" rel=\"nofollow ugc\">BuzzStore\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fecommerce-wordpress-theme\u002F\" rel=\"nofollow ugc\">MetroStore\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fonline-estore-details\u002F\" rel=\"nofollow ugc\">Online eStore\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Ffree-education-wordpress-theme\u002F\" rel=\"nofollow ugc\">Educenter Xpert\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>__ Check all of our \u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fthemes\u002Fpremium-wordpress-theme\u002F\" rel=\"nofollow ugc\">Premium\u003C\u002Fa> plugins __\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fconstructionlightpro\u002F\" rel=\"nofollow ugc\">Construction Plus\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fappzend-multipurpose-business-wordpress-themes\u002F\" rel=\"nofollow ugc\">AppZend Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Feducenterpro\u002F\" rel=\"nofollow ugc\">Educenter Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fsparklestorepro\u002F\" rel=\"nofollow ugc\">Sparkle Store Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fonline-estore-pro-multipurpose-woocommerce-theme\u002F\" rel=\"nofollow ugc\">Online eStore Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fchankhe-plus-multipurpose-wordpress-theme\u002F\" rel=\"nofollow ugc\">Chankhe Plus\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fbuzzstorepro\u002F\" rel=\"nofollow ugc\">BuzzStore Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Ffitnessparkpro\u002F\" rel=\"nofollow ugc\">FitnessPark Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fbloggerbuzzpro\u002F\" rel=\"nofollow ugc\">Blogger Buzz Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fmedicalheedpro\u002F\" rel=\"nofollow ugc\">Medical Heed  Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsparklewpthemes.com\u002Fwordpress-themes\u002Fmetrostorepro\u002F\" rel=\"nofollow ugc\">MetroStore Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Import Complete Demo Data\u003C\u002Fli>\n\u003Cli>Automatic Install Required Plugins\u003C\u002Fli>\n\u003Cli>Import Widgets Data\u003C\u002Fli>\n\u003Cli>Import Customizer Data\u003C\u002Fli>\n\u003Cli>Reset Site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>* Forked from HashThemes Demo Importer Plugin\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Sparkle Demo Importer imports sparkle themes full demo with just one click. It is specially developed for demo import purpose.",6000,233020,"2024-06-20T05:11:00.000Z","6.2.9","4.0",[20,138,139,140,141],"demo-importer","importer","sparkle-demo","sparkle-demo-data","https:\u002F\u002Fgithub.com\u002Fsparklewpthemes\u002Fsparkle-demo-importer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsparkle-demo-importer.zip","2024-06-21 11:04:07",{"attackSurface":146,"codeSignals":295,"taintFlows":338,"riskAssessment":365,"analyzedAt":373},{"hooks":147,"ajaxHandlers":286,"restRoutes":292,"shortcodes":293,"cronEvents":294,"entryPointCount":14,"unprotectedCount":27},[148,154,158,163,168,173,177,180,185,188,192,197,201,205,207,209,213,217,220,224,227,230,234,238,241,244,247,250,254,257,261,263,266,270,274,276,281],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","init","export","famethemes-demo-importer.php",47,{"type":149,"name":155,"callback":156,"file":152,"line":157},"plugins_loaded","demo_contents__init",519,{"type":149,"name":159,"callback":160,"priority":161,"file":152,"line":162},"activated_plugin","demo_contents_importer_plugin_activate",90,562,{"type":164,"name":165,"callback":166,"file":152,"line":167},"filter","upload_mimes","demo_contents_custom_upload_xml",566,{"type":149,"name":169,"callback":170,"file":171,"line":172},"admin_menu","add_menu","inc\\class-dashboard.php",19,{"type":149,"name":174,"callback":175,"file":171,"line":176},"admin_footer","preview_template",21,{"type":149,"name":178,"callback":179,"file":171,"line":51},"admin_enqueue_scripts","scripts",{"type":149,"name":181,"callback":182,"priority":183,"file":171,"line":184},"theme_demo_import_content_tab","wellcome",10,32,{"type":149,"name":181,"callback":186,"priority":187,"file":171,"line":46},"listing_themes",35,{"type":149,"name":189,"callback":190,"file":171,"line":191},"current_screen","setup_screen",42,{"type":149,"name":178,"callback":193,"priority":194,"file":195,"line":196},"checking_plugins",900,"inc\\class-progress.php",22,{"type":149,"name":150,"callback":198,"priority":48,"file":199,"line":200},"load_textdomain","inc\\class-tgm-plugin-activation.php",268,{"type":164,"name":202,"callback":203,"priority":183,"file":199,"line":204},"load_textdomain_mofile","overload_textdomain_mofile",269,{"type":149,"name":150,"callback":150,"file":199,"line":206},272,{"type":149,"name":169,"callback":169,"file":199,"line":208},421,{"type":149,"name":210,"callback":211,"file":199,"line":212},"admin_head","dismiss",422,{"type":164,"name":214,"callback":215,"file":199,"line":216},"install_plugin_complete_actions","actions",425,{"type":164,"name":218,"callback":215,"file":199,"line":219},"update_plugin_complete_actions",426,{"type":149,"name":221,"callback":222,"file":199,"line":223},"admin_notices","notices",429,{"type":149,"name":225,"callback":225,"priority":14,"file":199,"line":226},"admin_init",430,{"type":149,"name":178,"callback":228,"file":199,"line":229},"thickbox",431,{"type":149,"name":231,"callback":232,"priority":14,"file":199,"line":233},"load-plugins.php","add_plugin_action_link_filters",436,{"type":149,"name":235,"callback":236,"file":199,"line":237},"switch_theme","flush_plugins_cache",439,{"type":149,"name":235,"callback":239,"file":199,"line":240},"update_dismiss",442,{"type":149,"name":225,"callback":242,"file":199,"line":243},"force_activation",447,{"type":149,"name":235,"callback":245,"file":199,"line":246},"force_deactivation",452,{"type":149,"name":202,"callback":248,"priority":183,"file":199,"line":249},"correct_plugin_mofile",475,{"type":164,"name":251,"callback":252,"priority":14,"file":199,"line":253},"upgrader_source_selection","maybe_adjust_source_dir",889,{"type":149,"name":155,"callback":255,"file":199,"line":256},"load_tgm_plugin_activation",2112,{"type":164,"name":258,"callback":259,"file":199,"line":260},"tgmpa_table_data_items","sort_table_items",2236,{"type":164,"name":251,"callback":252,"priority":14,"file":199,"line":262},2977,{"type":149,"name":225,"callback":264,"file":199,"line":265},"tgmpa_load_bulk_installer",3147,{"type":149,"name":267,"callback":268,"file":199,"line":269},"upgrader_process_complete","populate_file_path",3242,{"type":164,"name":271,"callback":272,"priority":183,"file":199,"line":273},"upgrader_post_install","auto_activate",3301,{"type":164,"name":271,"callback":272,"priority":183,"file":199,"line":275},3446,{"type":164,"name":277,"callback":278,"file":279,"line":280},"http_request_timeout","_bumpHttpRequestTimeout","inc\\merlin-wp\\includes\\class-merlin-importer.php",260,{"type":149,"name":282,"callback":283,"file":284,"line":285},"tgmpa_register","demo_contents_register_required_plugins","inc\\theme-supports.php",3,[287],{"action":288,"nopriv":289,"callback":290,"hasNonce":291,"hasCapCheck":291,"file":195,"line":176},"demo_contents__import",false,"ajax_import",true,[],[],[],{"dangerousFunctions":296,"sqlUsage":297,"outputEscaping":306,"fileOperations":27,"externalRequests":48,"nonceChecks":335,"capabilityChecks":336,"bundledLibraries":337},[],{"prepared":48,"raw":285,"locations":298},[299,302,304],{"file":279,"line":300,"context":301},1260,"$wpdb->get_results() with variable interpolation",{"file":279,"line":303,"context":301},1279,{"file":279,"line":305,"context":301},1304,{"escaped":307,"rawEcho":308,"locations":309},106,12,[310,313,315,317,319,321,323,325,327,329,331,333],{"file":152,"line":311,"context":312},464,"raw output",{"file":171,"line":314,"context":312},604,{"file":171,"line":316,"context":312},616,{"file":171,"line":318,"context":312},619,{"file":199,"line":320,"context":312},920,{"file":199,"line":322,"context":312},1072,{"file":199,"line":324,"context":312},1083,{"file":199,"line":326,"context":312},1092,{"file":199,"line":328,"context":312},2626,{"file":199,"line":330,"context":312},2773,{"file":199,"line":332,"context":312},3001,{"file":199,"line":334,"context":312},3027,6,17,[],[339,356],{"entryPoint":340,"graph":341,"unsanitizedCount":14,"severity":39},"url_exists (famethemes-demo-importer.php:474)",{"nodes":342,"edges":354},[343,348],{"id":344,"type":345,"label":346,"file":152,"line":347},"n0","source","$_COOKIE",491,{"id":349,"type":350,"label":351,"file":152,"line":352,"wp_function":353},"n1","sink","wp_remote_get() [SSRF]",498,"wp_remote_get",[355],{"from":344,"to":349,"sanitized":289},{"entryPoint":357,"graph":358,"unsanitizedCount":27,"severity":364},"\u003Cfamethemes-demo-importer> (famethemes-demo-importer.php:0)",{"nodes":359,"edges":362},[360,361],{"id":344,"type":345,"label":346,"file":152,"line":347},{"id":349,"type":350,"label":351,"file":152,"line":352,"wp_function":353},[363],{"from":344,"to":349,"sanitized":291},"low",{"summary":366,"deductions":367},"The 'famethemes-demo-importer' plugin, version 1.1.11, exhibits a generally strong security posture based on the static analysis results. The plugin demonstrates good practices by implementing nonce checks and capability checks for its entry points, and a high percentage of its SQL queries utilize prepared statements and its outputs are properly escaped. The absence of file operations and bundled libraries further reduces potential attack vectors. However, the presence of one flow with an unsanitized path, even without a critical or high severity rating, warrants attention as it indicates a potential weakness in how data is handled and could be exploited in specific scenarios, though its low severity suggests a limited immediate threat.\n\nThe vulnerability history shows one known medium-severity CVE related to Cross-Site Request Forgery (CSRF). While this vulnerability is currently patched (0 unpatched), the pattern of past vulnerabilities, particularly CSRF, suggests a recurring area of concern that the developers need to continue addressing. The fact that it's a medium severity and already patched is positive, but it highlights the need for ongoing vigilance in this area. Overall, the plugin is well-implemented with a low attack surface and good use of security features, but the taint analysis and historical vulnerability pattern indicate areas where meticulous code review and testing should be prioritized to maintain a robust security profile.",[368,371],{"reason":369,"points":370},"Flow with unsanitized path identified",8,{"reason":372,"points":308},"Past medium severity CVE (CSRF)","2026-03-16T17:24:12.288Z",{"wat":375,"direct":384},{"assetPaths":376,"generatorPatterns":379,"scriptPaths":380,"versionParams":381},[377,378],"\u002Fwp-content\u002Fplugins\u002Ffamethemes-demo-importer\u002Fassets\u002Fcss\u002Ffamethemes-demo-importer.css","\u002Fwp-content\u002Fplugins\u002Ffamethemes-demo-importer\u002Fassets\u002Fjs\u002Ffamethemes-demo-importer.js",[],[378],[382,383],"famethemes-demo-importer\u002Fassets\u002Fcss\u002Ffamethemes-demo-importer.css?ver=","famethemes-demo-importer\u002Fassets\u002Fjs\u002Ffamethemes-demo-importer.js?ver=",{"cssClasses":385,"htmlComments":389,"htmlAttributes":392,"restEndpoints":394,"jsGlobals":396,"shortcodeOutput":398},[386,387,388],"famethemes-demo-importer-button","famethemes-demo-importer-import-form","famethemes-demo-importer-list-item",[390,391],"\u003C!-- FameThemes Demo Importer -->","\u003C!-- End FameThemes Demo Importer -->",[393],"data-plugin-path",[395],"\u002Fwp-json\u002Ffamethemes-demo-importer\u002Fv1\u002Fimport",[397],"famethemesDemoImporter",[399],"[famethemes_demo_importer]"]