Does Hoot Import have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Hoot Import compatible with WordPress 6.9.4?

According to WordPress.org data, Hoot Import 1.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Hoot Import compatible with PHP 7.4+?

Hoot Import requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hoot Import updated?

Hoot Import was last updated on Dec 26, 2025. Frequent updates are generally a positive security signal.

What is Hoot Import's security score?

Hoot Import has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hoot Import Security & Risk Analysis

wordpress.org/plugins/hoot-import

Hoot Import lets you import demo content for WordPress themes by wpHoot.

1K active installs v1.8 PHP 7.4+ WP 6.0+ Updated Dec 26, 2025

demo-contentdemoshootimportwphoot

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Hoot Import Safe to Use in 2026?

Generally Safe

Score 100/100

Hoot Import has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The hoot-import plugin v1.8 exhibits a generally good security posture, with no recorded vulnerabilities in its history and a positive indication from the taint analysis, which found no unsanitized flows. The code analysis also shows strong adherence to security best practices, with all SQL queries using prepared statements and a high percentage of output properly escaped. Nonce and capability checks are present for its entry points.

However, the presence of the `unserialize` function is a significant concern. If this function is used with user-supplied data that is not rigorously validated, it could lead to Remote Code Execution (RCE) vulnerabilities. While the static analysis did not identify any immediate issues with `unserialize`, its mere presence warrants caution and further investigation into how it's implemented. The limited attack surface and lack of critical issues in historical data are positive, but the potential risk posed by `unserialize` cannot be overlooked.

Key Concerns

Use of unserialize function

Vulnerabilities

None known

Hoot Import Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Hoot Import Release Timeline

v1.8Current

v1.7.1

Code Analysis

Analyzed Mar 16, 2026

Hoot Import Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

141 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$hybridmenuicon = unserialize( $hybridmenuicon );include\importers\class-wxr-importer.php:993

unserialize$hootmenuicon = unserialize( $hootmenuicon );include\importers\class-wxr-importer.php:999

SQL Query Safety

100% prepared4 total queries

Output Escaping

85% escaped165 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

render_admin (include\class-admin.php:272)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Hoot Import Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_hootimport_ratedinclude\class-admin.php:60

authwp_ajax_hootimport_processinclude\class-importer.php:59

WordPress Hooks 30

actionplugins_loadedhoot-import.php:76

actioninithoot-import.php:97

actionadmin_menuinclude\class-admin.php:49

actionadmin_headinclude\class-admin.php:52

actionadmin_enqueue_scriptsinclude\class-admin.php:55

actionadmin_enqueue_scriptsinclude\class-admin.php:56

filteradmin_footer_textinclude\class-admin.php:59

actioncurrent_screeninclude\class-admin.php:63

actionadmin_menuinclude\class-admin.php:67

filterwoocommerce_enable_setup_wizardinclude\class-admin.php:227

actionhootimport_plugin_activatedinclude\class-importer.php:103

filterhootimport_wp_import_term_metainclude\class-importer.php:328

filterhootimport_wp_import_post_metainclude\class-importer.php:330

filterhootimport_wp_import_comment_metainclude\class-importer.php:332

actionhootimport_wp_import_menu_iteminclude\class-importer.php:334

actionhootimport_wp_import_items_processedinclude\class-importer.php:337

actionhootimport_wp_import_terms_beforeinclude\class-importer.php:339

actionhootimport_wp_import_menu_item_customurlinclude\class-importer.php:341

filterhootimport_wp_import_term_metainclude\class-importer.php:353

filterhootimport_wp_import_post_metainclude\class-importer.php:354

filterhootimport_wp_import_comment_metainclude\class-importer.php:355

actionhootimport_wp_import_menu_iteminclude\class-importer.php:356

actionhootimport_wp_import_items_processedinclude\class-importer.php:358

filterhootimport_wp_import_termsinclude\class-importer.php:359

actionhootimport_wp_import_terms_beforeinclude\class-importer.php:360

filterhootimport_wp_import_menu_item_menu_idinclude\class-importer.php:361

actionhootimport_wp_import_menu_item_customurlinclude\class-importer.php:362

filterhootimport_widget_settings_arrayinclude\class-importer.php:371

filterhootimport_import_post_meta_keyinclude\importers\class-wxr-importer.php:104

filterhttp_request_timeoutinclude\importers\class-wxr-importer.php:105

Maintenance & Trust

Hoot Import Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 26, 2025

PHP min version7.4

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

Hoot Import Alternatives

HootKit

hootkit

100

HootKit is a great companion plugin for WordPress themes by wpHoot.

8K No CVEs

Starter Templates & Sites Pack by ThemeGrill

themegrill-demo-importer

Premium starter sites and website templates by ThemeGrill. Import demo content, widgets, and theme settings with one click.

80K 2 CVEs

aThemes Starter Sites

athemes-starter-sites

We've got a full and ever-growing library stocked with ready-made templates for any kind of business.

40K 1 CVE

Ansar Import – One Click Demo Import for WordPress Themes

ansar-import

100

Easily import theme demos in one click. Simplifies starter sites setup.

20K No CVEs

Woostify Sites Library

woostify-sites-library

A collection of simple, beautiful demo sites for Woostify.

20K 2 CVEs

Developer Profile

Hoot Import Developer Profile

wpHoot

34 plugins · 18K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hoot Import

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hoot-import/assets/css/admin.css/wp-content/plugins/hoot-import/assets/js/admin.js/wp-content/plugins/hoot-import/assets/js/vendor/select2.min.js

Script Paths

/wp-content/plugins/hoot-import/assets/js/admin.js/wp-content/plugins/hoot-import/assets/js/vendor/select2.min.js

Version Parameters

hoot-import/assets/css/admin.css?ver=hoot-import/assets/js/admin.js?ver=hoot-import/assets/js/vendor/select2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

hoot-import-admin-pagehootimport-notices-wrapperhoot-import-theme-optionshoot-import-demo-install-trigger

HTML Comments

Data Attributes

data-demo-slugdata-action-url

JS Globals

hootImportAdminhootImportAdminDatahootImportLocalize

REST Endpoints

/wp-json/hootimport/v1/install-demo

FAQ