Does Productive Demo Importer have any unpatched vulnerabilities?

No. All known vulnerabilities in Productive Demo Importer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Productive Demo Importer compatible with WordPress 6.9.4?

According to WordPress.org data, Productive Demo Importer 1.1.39 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Productive Demo Importer compatible with PHP 7.0+?

Productive Demo Importer requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Productive Demo Importer updated?

Productive Demo Importer was last updated on Mar 2, 2026. Frequent updates are generally a positive security signal.

What is Productive Demo Importer's security score?

Productive Demo Importer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Productive Demo Importer Security & Risk Analysis

wordpress.org/plugins/productive-demo-importer

Easily import demo data to test our themes' functionality and performance.

10 active installs v1.1.39 PHP 7.0+ WP 5.4+ Updated Mar 2, 2026

demo-data-importtest-data-for-themetheme-support

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Productive Demo Importer Safe to Use in 2026?

Generally Safe

Score 100/100

Productive Demo Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "productive-demo-importer" plugin, version 1.1.39, exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, there are notable areas of concern. The presence of two AJAX handlers without authentication checks creates a significant attack surface, potentially allowing unauthorized users to trigger plugin functionality. Additionally, the use of the `unserialize` function, although not immediately flagged as a critical taint flow, poses a latent risk of deserialization vulnerabilities if the input to this function is not rigorously sanitized, especially given the existence of unsanitized path flows.

The plugin's vulnerability history is currently clear, with no known CVEs. This, coupled with the absence of bundled libraries and external HTTP requests, suggests a generally well-maintained codebase regarding known exploits and dependencies. However, the lack of past vulnerabilities could also indicate a lack of extensive security auditing or testing, which means that underlying weaknesses, like the unprotected AJAX endpoints, may have gone unnoticed. In conclusion, while the plugin has strengths in its handling of database queries and output escaping, the unprotected AJAX endpoints and the use of `unserialize` represent critical security weaknesses that require immediate attention.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize
Flows with unsanitized paths

Vulnerabilities

None known

Productive Demo Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Productive Demo Importer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

308

1230 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize'option_value'=> unserialize($item['option_value']),includes\db\db_transactions.php:101

Output Escaping

80% escaped1538 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

productive_demo_importer_save_demo_importer (includes\db\db_transactions.php:14)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Productive Demo Importer Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 7

authwp_ajax_productiveminds_wp_ajax_install_pluginadmin\common\options\global\db-admin\global-transactions.php:16

noprivwp_ajax_productiveminds_wp_ajax_install_pluginadmin\common\options\global\db-admin\global-transactions.php:17

authwp_ajax_productive_global_do_activate_plugin_ajaxadmin\common\options\global\db-admin\global-transactions.php:86

noprivwp_ajax_productive_global_do_activate_plugin_ajaxadmin\common\options\global\db-admin\global-transactions.php:87

authwp_ajax_productive_global_do_notice_dismissal_ajaxadmin\common\options\global\db-admin\global-transactions.php:147

noprivwp_ajax_productive_global_do_notice_dismissal_ajaxadmin\common\options\global\db-admin\global-transactions.php:148

authwp_ajax_productive_demo_importer_save_demo_importerincludes\db\db_transactions.php:50

WordPress Hooks 28

actioncustomize_registeradmin\common\options\global\customiser\productive-global-customiser-cc-palette-overrides.php:185

actioncustomize_registeradmin\common\options\global\customiser\productive-global-customiser-common.php:189

actioncustomize_registeradmin\common\options\global\customiser\productive-global-customiser-custom-color-palette.php:363

actioninitadmin\common\options\global\global-settings-admin.php:172

actionadmin_enqueue_scriptsadmin\common\options\global\global-settings-admin.php:729

actionproductive_global_render_content_wrapper_full_full_topadmin\common\options\global\global-settings-admin.php:2941

actionproductive_global_render_content_wrapper_full_full_bottomadmin\common\options\global\global-settings-admin.php:2952

actionproductive_global_render_content_wrapper_full_topadmin\common\options\global\global-settings-admin.php:2966

actionproductive_global_render_content_wrapper_full_bottomadmin\common\options\global\global-settings-admin.php:2979

actionproductive_global_render_content_wrapper_full_without_uno_topadmin\common\options\global\global-settings-admin.php:2992

actionproductive_global_render_content_wrapper_full_without_uno_bottomadmin\common\options\global\global-settings-admin.php:3004

actionproductive_global_render_content_wrapper_standard_topadmin\common\options\global\global-settings-admin.php:3017

actionproductive_global_render_content_wrapper_standard_bottomadmin\common\options\global\global-settings-admin.php:3029

actionproductive_global_render_hero_content_titleadmin\common\options\global\global-settings-admin.php:3127

actionproductive_global_render_hero_content_mainadmin\common\options\global\global-settings-admin.php:3137

actionproductive_global_render_hero_content_auxiliaryadmin\common\options\global\global-settings-admin.php:3156

actionproductive_global_render_post_thumbnailadmin\common\options\global\global-settings-admin.php:3308

actionwp_footeradmin\common\options\global\global-settings-admin.php:3611

actionwp_footeradmin\common\options\global\global-settings-admin.php:4280

filterwp_kses_allowed_htmladmin\common\options\global\productiveminds-icons.php:364

actionproductive_global_render_social_sharesadmin\common\options\global\productiveminds-social-share.php:17

actionproductive_global_do_render_the_social_sharesadmin\common\options\global\productiveminds-social-share.php:558

actionwp_loadedadmin\options\settings.php:14

actionadmin_menuadmin\options\settings.php:55

actionadmin_initadmin\options\settings.php:62

actionplugins_loadedincludes\db\db_upgrade.php:19

actionadmin_enqueue_scriptsproductive-demo-importer.php:115

actioninitproductive-demo-importer.php:127

Maintenance & Trust

Productive Demo Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version7.0

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Productive Demo Importer Alternatives

Keon Toolset

keon-toolset

100

Import dummy data for themes developed by Keon Themes.

30K No CVEs

Blockskit

blockskit

100

An easy plugin to import starter sites and add different effects to the image.

8K No CVEs

Kortez Toolset

kortez-toolset

Import dummy data for themes developed by Kortez Themes.

1K No CVEs

Blockskit Import

blockskit-import

A easy plugin to import starter sites.

100 No CVEs

Enable Gutenberg Theme Support

enable-gutenberg-theme-support

This plugin enable gutenberg theme support features to your WordPress theme.

10 No CVEs

Developer Profile

Productive Demo Importer Developer Profile

Productive Minds

9 plugins · 200 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Productive Demo Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/productive-demo-importer/admin/css/admin-style.css/wp-content/plugins/productive-demo-importer/admin/js/admin-plugin.js

Script Paths

/wp-content/plugins/productive-demo-importer/admin/js/admin-plugin.js

Version Parameters

productive-demo-importer/admin/css/admin-style.css?ver=productive-demo-importer/admin/js/admin-plugin.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-tdi-modal-iddata-tdi-modal-titledata-tdi-modal-contentdata-tdi-modal-close-textdata-tdi-modal-confirm-textdata-tdi-modal-cancel-text+2 more

JS Globals

productive_demo_importer_admin_js_url_name

FAQ