WP-Safety

Sirat Demo Importer Security & Risk Analysis

wordpress.org/plugins/sirat-demo-importer

Sirat Demo Importer

10 active installs v0.0.1 PHP 7.2+ WP 5.2+ Updated Unknown
elementorone-click-demo-importpage-buildertemplateswebsite-builder
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Sirat Demo Importer Safe to Use in 2026?

Generally Safe

Score 100/100

Sirat Demo Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The sirat-demo-importer plugin, version 0.0.1, exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. The plugin also includes nonce and capability checks for a significant number of its entry points, and importantly, has no recorded vulnerability history, suggesting a generally safe development approach.

However, significant concerns arise from the attack surface analysis. The plugin exposes 8 AJAX handlers, with 5 of them lacking authentication checks. This is a critical weakness that could allow unauthenticated users to trigger these handlers. Furthermore, the taint analysis reveals 2 flows with unsanitized paths, even though they are not classified as critical or high severity in this specific analysis. The presence of file operations and external HTTP requests, while not inherently dangerous, could become vectors for exploitation if combined with the unauthenticated AJAX handlers.

In conclusion, while the plugin benefits from a clean vulnerability history and good coding practices in areas like SQL and output handling, the high number of unprotected AJAX endpoints represents a substantial risk. The unsanitized path flows, though not critical here, warrant attention. Addressing the unprotected AJAX handlers should be the immediate priority to improve the plugin's overall security.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
Vulnerabilities
None known

Sirat Demo Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Sirat Demo Importer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
8
158 escaped
Nonce Checks
8
Capability Checks
17
File Operations
3
External Requests
3
Bundled Libraries
0

Output Escaping

95% escaped166 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
sirat_demo_importer_setup_elementor (whizzie\sirat_demo_importer_whizzie.php:194)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Sirat Demo Importer Attack Surface

Entry Points8
Unprotected5

AJAX Handlers 8

authwp_ajax_sirat_demo_importer_setup_pluginswhizzie\sirat_demo_importer_whizzie.php:157
authwp_ajax_sirat_demo_importer_setup_themeswhizzie\sirat_demo_importer_whizzie.php:158
authwp_ajax_wz_activate_sirat_demo_importerwhizzie\sirat_demo_importer_whizzie.php:162
authwp_ajax_sirat_demo_importer_step_popupwhizzie\sirat_demo_importer_whizzie.php:170
authwp_ajax_sirat_demo_importer_get_the_key_statuswhizzie\sirat_demo_importer_whizzie.php:171
authwp_ajax_sirat_demo_importer_setup_plugins_step_popupwhizzie\sirat_demo_importer_whizzie.php:172
authwp_ajax_sirat_demo_importer_install_and_activate_pluginwhizzie\sirat_demo_importer_whizzie.php:173
authwp_ajax_sirat_demo_importer_setup_elementorwhizzie\sirat_demo_importer_whizzie.php:174
WordPress Hooks 35
actionactivated_pluginwhizzie\sirat_demo_importer_whizzie.php:145
actioninitwhizzie\sirat_demo_importer_whizzie.php:148
actioninitwhizzie\sirat_demo_importer_whizzie.php:149
actionadmin_menuwhizzie\sirat_demo_importer_whizzie.php:152
actionadmin_initwhizzie\sirat_demo_importer_whizzie.php:153
filtersirat_demo_importer_tgmpa_loadwhizzie\sirat_demo_importer_whizzie.php:156
actionadmin_enqueue_scriptswhizzie\sirat_demo_importer_whizzie.php:159
actionadmin_enqueue_scriptswhizzie\sirat_demo_importer_whizzie.php:160
filterwoocommerce_prevent_automatic_wizard_redirectwhizzie\sirat_demo_importer_whizzie.php:164
actionwp_enqueue_scriptswhizzie\sirat_demo_importer_whizzie.php:178
actionsirat_demo_importer_tgmpa_registerwhizzie\tgmpa\required-plugins.php:36
actioninitwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:268
filterload_textdomain_mofilewhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:269
actioninitwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:272
actionadmin_menuwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:421
actionadmin_headwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:422
filterinstall_plugin_complete_actionswhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:425
filterupdate_plugin_complete_actionswhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:426
actionadmin_noticeswhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:429
actionadmin_initwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:430
actionadmin_enqueue_scriptswhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:431
actionload-plugins.phpwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:436
actionswitch_themewhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:439
actionswitch_themewhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:442
actionadmin_initwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:447
actionswitch_themewhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:452
actionload_textdomain_mofilewhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:475
filterupgrader_source_selectionwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:889
actionplugins_loadedwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:2112
filtertgmpa_table_data_itemswhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:2236
filterupgrader_source_selectionwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:2977
actionadmin_initwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:3147
actionupgrader_process_completewhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:3242
filterupgrader_post_installwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:3301
filterupgrader_post_installwhizzie\tgmpa\sirat-demo-importer-class-tgm-plugin-activation.php:3446
Maintenance & Trust

Sirat Demo Importer Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedUnknown
PHP min version7.2
Downloads952

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Sirat Demo Importer Alternatives

Ibtana – WordPress Website Builder

Ibtana – WordPress Website Builder

ibtana-visual-editor

B
74

Build your dream WordPress website with Ibtana, a powerful website builder with customizable templates and drag-and-drop elements for customization.

20K 1 unpatched
Easy Demo Import for Omega Themes

Easy Demo Import for Omega Themes

easy-demo-import-for-omega-themes

A
100

A lightweight One-Click Demo Import plugin built specifically for Omega Themes. Easily import demo content, widgets, and settings with a single click.

300 No CVEs
HT Mega Addons for Elementor – Elementor Widgets & Template Builder

HT Mega Addons for Elementor – Elementor Widgets & Template Builder

ht-mega-for-elementor

B
82

Elementor addon offering 135+ widgets — Mega Menu, Ready Templates, Page Builder, Slider, Gallery, Post Grid, AI Writer & more.

80K 32 CVEs
SKT Templates – 100% Free Templates for Elementor & Gutenberg

SKT Templates – 100% Free Templates for Elementor & Gutenberg

skt-templates

A
99

Import professionally designed Elementor and Gutenberg website templates with one click. Build websites faster without coding.

20K 1 CVE
Demo Importer Plus

Demo Importer Plus

demo-importer-plus

A
90

Import the demo content, widgets, customizer settings and theme settings with a single click without any hassle.

10K 5 CVEs
Developer Profile

Sirat Demo Importer Developer Profile

VW THEMES

213 plugins · 66K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
206 days
View full developer profile
Detection Fingerprints

How We Detect Sirat Demo Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sirat-demo-importer/whizzie/assets/css/main.css/wp-content/plugins/sirat-demo-importer/whizzie/assets/css/wizard.css/wp-content/plugins/sirat-demo-importer/whizzie/assets/js/wizard.js/wp-content/plugins/sirat-demo-importer/whizzie/assets/js/plugins.js
Script Paths
/wp-content/plugins/sirat-demo-importer/whizzie/assets/js/wizard.js/wp-content/plugins/sirat-demo-importer/whizzie/assets/js/plugins.js
Version Parameters
sirat-demo-importer/whizzie/assets/css/main.css?ver=sirat-demo-importer/whizzie/assets/css/wizard.css?ver=sirat-demo-importer/whizzie/assets/js/wizard.js?ver=sirat-demo-importer/whizzie/assets/js/plugins.js?ver=

HTML / DOM Fingerprints

CSS Classes
sirat-demo-importer-wizard-bodysdi-install-pluginssdi-install-themesdi-demo-titlesdi-demo-descsdi-demo-imagesdi-import-btnsdi-activate-btn+8 more
HTML Comments
<!-- TGMPA --><!-- /TGMPA --><!-- Demo Content Install Start --><!-- Demo Content Install End -->
Data Attributes
data-plugin-slugdata-plugin-namedata-plugin-versiondata-theme-slugdata-theme-name
JS Globals
SiratDemoImporterWizardsirat_demo_importer_ajax_objectsirat_demo_importer_paramssdi_importer_obj
REST Endpoints
/wp-json/sirat-demo-importer/v1/install-plugin/wp-json/sirat-demo-importer/v1/activate-plugin/wp-json/sirat-demo-importer/v1/install-theme/wp-json/sirat-demo-importer/v1/get-plugin-status/wp-json/sirat-demo-importer/v1/get-theme-status
FAQ

Frequently Asked Questions about Sirat Demo Importer