Does Selective Importers have any unpatched vulnerabilities?

No. All known vulnerabilities in Selective Importers have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Selective Importers compatible with WordPress 3.4.2?

According to WordPress.org data, Selective Importers 1.0 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Selective Importers updated?

Selective Importers was last updated on Jun 21, 2012. Frequent updates are generally a positive security signal.

What is Selective Importers's security score?

Selective Importers has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Selective Importers Security & Risk Analysis

wordpress.org/plugins/selective-importers

Importers that put the incoming content into a queue, where you can select which posts to import.

10 active installs v1.0 PHP + WP 3.3+ Updated Jun 21, 2012

bloggerimportimportertumblr

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Selective Importers Safe to Use in 2026?

Generally Safe

Score 85/100

Selective Importers has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "selective-importers" plugin v1.0 exhibits a generally positive security posture, with a lack of known vulnerabilities and a commendable number of security checks in place. The plugin demonstrates good practices by utilizing prepared statements for a majority of its SQL queries and implementing output escaping for a significant portion of its outputs. The presence of nonce checks and capability checks further strengthens its defenses against common web attacks.

However, the analysis did reveal a critical concern within the code: the presence of the `unserialize` function without apparent sanitization or validation. This function is notoriously dangerous when processing untrusted input, as it can lead to remote code execution vulnerabilities. The taint analysis further highlights this risk by identifying a flow with an unsanitized path, suggesting that the input to `unserialize` might be controllable by an attacker. While the static analysis did not find any immediate critical severity taint flows or raw SQL queries, the potential for exploitation via `unserialize` is a significant risk that overshadows the plugin's other strengths.

Given the absence of any recorded vulnerabilities, it's possible that the dangerous function is either not exposed to user input or is adequately secured by other means not captured by this specific static analysis. Nonetheless, the presence of `unserialize` as a 'dangerous function' without further context warrants caution. In conclusion, while the plugin has a solid foundation in secure coding practices and a clean vulnerability history, the `unserialize` function represents a notable weakness that requires careful review and potential remediation.

Key Concerns

Dangerous function 'unserialize' detected
Flow with unsanitized path detected
SQL queries not fully using prepared statements
Output escaping not fully implemented

Vulnerabilities

None known

Selective Importers Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Selective Importers Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

69 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$val = unserialize( (string) $tpost->{'video-source'} );tumblr-importer.php:706

SQL Query Safety

67% prepared12 total queries

Output Escaping

62% escaped112 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<tumblr-importer> (tumblr-importer.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Selective Importers Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 21

actionadmin_headblogger-importer.php:902

actioninitblogger-importer.php:1104

filtercron_schedulesclass-wp-importer-cron.php:30

actionwp_cron_importer_hookclass-wp-importer-cron.php:33

actioninitselective-importers.php:17

actionadmin_footerselective-importers.php:72

actionload-edit.phpselective-importers.php:103

filterwp_insert_post_dataselective-importers.php:106

filterredirect_post_locationselective-importers.php:109

filterredirect_post_locationselective-importers.php:111

filterpost_updated_messagesselective-importers.php:118

filterpost_updated_messagesselective-importers.php:124

filtermanage_edit-import_columnsselective-importers.php:139

actionmanage_posts_custom_columnselective-importers.php:169

actionrestrict_manage_postsselective-importers.php:192

actionadmin_head-edit.phpselective-importers.php:210

actionselective_import_check_queueselective-importers.php:241

actioninittumblr-importer.php:30

filterimport_post_meta_keywordpress-importer.php:98

filterhttp_request_timeoutwordpress-importer.php:99

actionadmin_initwordpress-importer.php:1094

Scheduled Events 2

wp_cron_importer_hook

selective_import_check_queue

Maintenance & Trust

Selective Importers Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedJun 21, 2012

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Selective Importers Alternatives

Blogger Importer

blogger-importer

Imports posts, images, comments, and categories (blogger tags) from a Blogger blog then migrates authors to WordPress users.

60K 1 CVE

Blogger Importer Extended

blogger-importer-extended

100

Easily move your blog from Blogger to WordPress. Import all your content and setup 301 redirects automatically.

4K No CVEs

BtW Importer – Free Blogger/Blogspot Migration

btw-importer

100

Import your Blogger .atom file from Google Takeout and migrate to WordPress, free and automatic.

300 No CVEs

Import Wizard for Blogspot – Free Blogger to WordPress importer

import-wizard-blogspot

100

Import posts & pages from Blogspot to WordPress while preserving SEO, images, and formatting.

100 No CVEs

IntenseDebate XML Importer (Blogger to WordPress)

intensedebate-xml-importer-blogger-to-wordpress

Import all comments from Blogger Intense Debate account to WordPress.

10 No CVEs

Developer Profile

Selective Importers Developer Profile

Stephanie Leary

16 plugins · 17K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

2856 days

View full developer profile

Detection Fingerprints

How We Detect Selective Importers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/selective-importers/js/selective-importers.js

Version Parameters

selective-importers/js/selective-importers.js?ver=

HTML / DOM Fingerprints

HTML Comments

Hack to add a custom bulk action. Necessary until http://core.trac.wordpress.org/ticket/16031 is resolved.DEBUGActivate radio buttons only if checkbox for the row has been checked.

Data Attributes

name="post[value="import_wp_selective"name="action"name="action2"name="post[name="import_post_type"+4 more

JS Globals

selective_import_wp_selective

FAQ