WP-Safety

HashThemes Demo Importer Security & Risk Analysis

wordpress.org/plugins/hashthemes-demo-importer

Transforming website setups from headache to 'click, click, done!

6K active installs v1.4.1 PHP 7.2+ WP 6.3+ Updated Dec 7, 2025
demo-importerhashthemesimportone-click-import
99
A · Safe
CVEs total1
Unpatched0
Last CVEOct 26, 2021
Plugin page Download
Safety Verdict

Is HashThemes Demo Importer Safe to Use in 2026?

Generally Safe

Score 99/100

HashThemes Demo Importer has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Oct 26, 2021Updated 5mo ago
Risk Assessment

The "hashthemes-demo-importer" v1.4.1 plugin exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and output escaping, with a high percentage of prepared statements and properly escaped outputs, there are significant concerns regarding its attack surface. The presence of 16 AJAX handlers, one of which lacks authentication checks, presents a direct vulnerability. This could allow unauthenticated users to trigger potentially harmful actions, especially when combined with file operations, though no specific taint flows with unsanitized paths were identified in the static analysis.

The plugin's vulnerability history, including one high severity CVE recorded in 2021, points to a past pattern of security weaknesses, specifically missing authorization. While this specific CVE is currently patched, the historical data suggests a recurring need for diligent review of authorization mechanisms. The absence of critical or high severity taint flows in the current analysis is a positive sign, indicating improvements. However, the unprotected AJAX endpoint remains a critical weakness that needs immediate attention, as it directly exposes functionality to potential abuse.

Key Concerns

  • AJAX handler without authentication check
  • Past high severity CVE (missing authorization)
Vulnerabilities
1 published

HashThemes Demo Importer Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2021-39333high · 8.1Missing Authorization

HashThemes Demo Importer <= 1.1.1 - Missing Authorization to Database Wipe

Oct 26, 2021 Patched in 1.1.2 (819d)
Version History

HashThemes Demo Importer Release Timeline

v1.4.1Current
v1.4.0
v1.3.9
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.9
v1.2.8
v1.2.7
v1.2.6
v1.2.5
v1.2.4
v1.2.3
v1.2.2
Code Analysis
Analyzed Mar 16, 2026

HashThemes Demo Importer Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
6 prepared
Unescaped Output
36
138 escaped
Nonce Checks
17
Capability Checks
15
File Operations
22
External Requests
3
Bundled Libraries
0

SQL Query Safety

86% prepared7 total queries

Output Escaping

79% escaped174 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
import_theme_option_process (hashthemes-demo-importer.php:594)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

HashThemes Demo Importer Attack Surface

Entry Points16
Unprotected1

AJAX Handlers 16

authwp_ajax_plugin_installerclasses\class-demo-importer.php:36
authwp_ajax_plugin_offline_installerclasses\class-demo-importer.php:39
authwp_ajax_plugin_activationclasses\class-demo-importer.php:42
authwp_ajax_plugin_deactivationclasses\class-demo-importer.php:45
authwp_ajax_hdi_install_demohashthemes-demo-importer.php:77
authwp_ajax_hdi_install_pluginhashthemes-demo-importer.php:78
authwp_ajax_hdi_activate_pluginhashthemes-demo-importer.php:79
authwp_ajax_hdi_download_fileshashthemes-demo-importer.php:80
authwp_ajax_hdi_import_xmlhashthemes-demo-importer.php:81
authwp_ajax_hdi_import_customizerhashthemes-demo-importer.php:82
authwp_ajax_hdi_import_menuhashthemes-demo-importer.php:83
authwp_ajax_hdi_import_theme_optionhashthemes-demo-importer.php:84
authwp_ajax_hdi_import_widgethashthemes-demo-importer.php:85
authwp_ajax_hdi_import_hashformhashthemes-demo-importer.php:86
authwp_ajax_hdi_import_revsliderhashthemes-demo-importer.php:87
authwp_ajax_hdi_custom_import_hookhashthemes-demo-importer.php:88
WordPress Hooks 8
actioninithashthemes-demo-importer.php:57
actionadmin_menuhashthemes-demo-importer.php:60
actionadmin_enqueue_scriptshashthemes-demo-importer.php:63
actionadmin_inithashthemes-demo-importer.php:66
filterupload_mimeshashthemes-demo-importer.php:69
actionafter_setup_themehashthemes-demo-importer.php:1214
filterimport_post_meta_keywordpress-importer\class-wp-import.php:80
filterhttp_request_timeoutwordpress-importer\class-wp-import.php:81
Maintenance & Trust

HashThemes Demo Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 7, 2025
PHP min version7.2
Downloads219K

Community Trust

Rating0/100
Number of ratings0
Active installs6K
Alternatives

HashThemes Demo Importer Alternatives

Blaze Demo Importer

Blaze Demo Importer

blaze-demo-importer

A
96

Blaze Demo Importer can be used in all the official themes developed by BlazeThemes.

8K 2 CVEs
Flash Demo Import

Flash Demo Import

flash-demo-import

A
85

Import themes demo content, widgets and theme settings with just one click which themes support this plugin. Themes it currently supports only for 99c &hellip;

30 No CVEs
Novex Demo Importer

Novex Demo Importer

novex-demo-importer

A
100

One click demo import for Novex themes — instantly import free & premium Elementor sites to launch a fully designed WordPress site in seconds.

0 No CVEs
Starter Templates & Sites Pack by ThemeGrill

Starter Templates & Sites Pack by ThemeGrill

themegrill-demo-importer

A
93

Premium starter sites and website templates by ThemeGrill. Import demo content, widgets, and theme settings with one click.

80K 2 CVEs
Ansar Import – One Click Demo Import for WordPress Themes

Ansar Import – One Click Demo Import for WordPress Themes

ansar-import

A
100

Easily import theme demos in one click. Simplifies starter sites setup.

20K No CVEs
Developer Profile

HashThemes Demo Importer Developer Profile

hashthemes

19 plugins · 66K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
91 days
View full developer profile
Detection Fingerprints

How We Detect HashThemes Demo Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hashthemes-demo-importer/assets/css/backend.css/wp-content/plugins/hashthemes-demo-importer/assets/js/backend.js/wp-content/plugins/hashthemes-demo-importer/assets/js/backend-script.js
Script Paths
/wp-content/plugins/hashthemes-demo-importer/assets/js/backend.js/wp-content/plugins/hashthemes-demo-importer/assets/js/backend-script.js
Version Parameters
hashthemes-demo-importer/assets/css/backend.css?ver=hashthemes-demo-importer/assets/js/backend.js?ver=hashthemes-demo-importer/assets/js/backend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
hdi-demo-importer-wraphdi-tab-filterhdi-clearfixhdi-demos-listhdi-single-demohdi-demo-thumbnailhdi-demo-contenthdi-demo-title+13 more
Data Attributes
data-demo-slugdata-demo-namedata-demo-screenshotdata-demo-descriptiondata-demo-required-pluginsdata-demo-optional-plugins+18 more
JS Globals
hdi_demoshdi_import_datahdi_pluginshdi_plugin_status
REST Endpoints
/wp-json/hashthemes-demo-importer/v1/demos/wp-json/hashthemes-demo-importer/v1/plugins/install/wp-json/hashthemes-demo-importer/v1/plugins/activate/wp-json/hashthemes-demo-importer/v1/import/content/wp-json/hashthemes-demo-importer/v1/import/customizer/wp-json/hashthemes-demo-importer/v1/import/widgets/wp-json/hashthemes-demo-importer/v1/import/options/wp-json/hashthemes-demo-importer/v1/import/revslider/wp-json/hashthemes-demo-importer/v1/import/hashform
FAQ

Frequently Asked Questions about HashThemes Demo Importer