Does Rara One Click Demo Import have any unpatched vulnerabilities?

No. All known vulnerabilities in Rara One Click Demo Import have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Rara One Click Demo Import compatible with WordPress 6.7.5?

According to WordPress.org data, Rara One Click Demo Import 1.3.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Rara One Click Demo Import compatible with PHP 7.4+?

Rara One Click Demo Import requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Rara One Click Demo Import updated?

Rara One Click Demo Import was last updated on Nov 21, 2024. Frequent updates are generally a positive security signal.

What is Rara One Click Demo Import's security score?

Rara One Click Demo Import has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Rara One Click Demo Import Security & Risk Analysis

wordpress.org/plugins/rara-one-click-demo-import

Make your website look like the live demo of the theme with a click!

20K active installs v1.3.4 PHP 7.4+ WP 6.0+ Updated Nov 21, 2024

contentdatademoimportwidgets

A · Safe

CVEs total1

Unpatched0

Last CVEApr 21, 2022

Plugin page Download

Safety Verdict

Is Rara One Click Demo Import Safe to Use in 2026?

Generally Safe

Score 91/100

Rara One Click Demo Import has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 21, 2022Updated 1yr ago

Risk Assessment

The plugin 'rara-one-click-demo-import' version 1.3.4 exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation (71% prepared) and output escaping (90% escaped), several significant concerns emerge from the static analysis. The presence of two AJAX handlers without authentication checks creates a direct attack vector, significantly increasing the risk of unauthorized actions. The lack of any taint analysis results is also noteworthy, although this may indicate robust sanitization or simply that the analysis was not comprehensive enough to detect potential flows.

The vulnerability history reveals a past high-severity Cross-Site Request Forgery (CSRF) vulnerability, which, although currently patched, suggests a historical weakness in handling user-initiated actions securely. The absence of any currently unpatched vulnerabilities is a positive sign, indicating that past issues have been addressed. However, the combination of unprotected entry points and historical CSRF issues warrants caution. The plugin has a relatively small attack surface, but the unprotected AJAX handlers are a critical vulnerability that needs immediate attention.

In conclusion, 'rara-one-click-demo-import' v1.3.4 has strengths in its handling of SQL and output but significant weaknesses in its authentication for AJAX endpoints. The historical CSRF vulnerability serves as a warning sign. The overall security can be considered moderate, with a critical need to address the unprotected AJAX handlers to move towards a more robust security posture.

Key Concerns

AJAX handlers without authentication checks
Past high severity CVE

Vulnerabilities

Rara One Click Demo Import Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2022-29451high · 8.8Cross-Site Request Forgery (CSRF)

Rara One Click Demo Import <= 1.2.9 - Cross-Site Request Forgery to Arbitrary File Upload

Apr 21, 2022 Patched in 1.3.0 (641d)

Code Analysis

Analyzed Mar 16, 2026

Rara One Click Demo Import Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

71% prepared7 total queries

Output Escaping

90% escaped49 total outputs

Attack Surface

2 unprotected

Rara One Click Demo Import Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_rrdi_import_demo_dataincludes\class-rrdi-main.php:80

authwp_ajax_dismiss-noticeincludes\class-rrdi-main.php:84

WordPress Hooks 11

actionadmin_noticesincludes\class-rrdi-init.php:27

actioninitincludes\class-rrdi-main.php:71

actionadmin_menuincludes\class-rrdi-main.php:76

actionadmin_enqueue_scriptsincludes\class-rrdi-main.php:79

actioninitincludes\class-rrdi-main.php:81

actionplugins_loadedincludes\class-rrdi-main.php:82

filterwxr_importer.pre_process.userincludes\class-rrdi-main.php:570

filterwxr_importer.pre_process.postincludes\class-rrdi-main.php:573

filterintermediate_image_sizes_advancedincludes\class-rrdi-main.php:577

filterimport_post_meta_keyincludes\extras\class-wxr-importer.php:321

filterhttp_request_timeoutincludes\extras\class-wxr-importer.php:322

Maintenance & Trust

Rara One Click Demo Import Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 21, 2024

PHP min version7.4

Downloads879K

Community Trust

Rating54/100

Number of ratings7

Active installs20K

Alternatives

Rara One Click Demo Import Alternatives

SKT Themes Demo Import

skt-themes-demo-importer

100

Live demo content can be imported quickly in just one click including all widgets and settings.

5K No CVEs

Theme Demo Import

theme-demo-import

Quickly import demo content, widgets and settings in one click. Made for theme authors to simplify importing demo content for their users.

5K 2 unpatched

Fable Extra

fable-extra

Used for WP Fable Themes.

4K 3 CVEs

Starter Templates by Gradient Themes

gradient-starter-templates

100

Setup you site with dummy data easily. Import settings, widgets and content with one click. Your dummy data must have ZIP file of xml, dat and wie fi …

3K No CVEs

Flawless Themes Demo Importer

flawless-themes-demo-importer

100

Flawless Themes Demo Importer plugin helps you import demo content for various free themes of flawlessthemes . Flawless Themes are dedicated to creati …

1K No CVEs

Developer Profile

Rara One Click Demo Import Developer Profile

Rara Themes

76 plugins · 74K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

151 days

View full developer profile

Detection Fingerprints

How We Detect Rara One Click Demo Import

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rara-one-click-demo-import/assets/css/rrdi-admin.css/wp-content/plugins/rara-one-click-demo-import/assets/css/rrdi-frontend.css/wp-content/plugins/rara-one-click-demo-import/assets/js/rrdi-admin.js/wp-content/plugins/rara-one-click-demo-import/assets/js/rrdi-frontend.js

Generator Patterns

RARA One Click Demo ImportRARA One Click Demo Import v1.3.4

Script Paths

/wp-content/plugins/rara-one-click-demo-import/assets/js/rrdi-admin.js/wp-content/plugins/rara-one-click-demo-import/assets/js/rrdi-frontend.js

Version Parameters

rara-one-click-demo-import/assets/css/rrdi-admin.css?ver=rara-one-click-demo-import/assets/css/rrdi-frontend.css?ver=rara-one-click-demo-import/assets/js/rrdi-admin.js?ver=rara-one-click-demo-import/assets/js/rrdi-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

rrdi-content-wrapperrrdi-main-contentrrdi-preloaderrrdi-noticerrdi-demo-import-wraprrdi-theme-noticerrdi-install-btnrrdi-import-data-wrap+1 more

HTML Comments

+9 more

Data Attributes

data-demo-iddata-titledata-filedata-parent

JS Globals

rrdi_admin_optionsrrdi_ajax_object

REST Endpoints

/wp-json/rrdi/v1/import-demo

FAQ