WP-Safety

Smart One Click Setup – Complete Demo Import & Export Security & Risk Analysis

wordpress.org/plugins/smart-one-click-setup

Import and export complete WordPress demos, Elementor layouts, plugin settings, and full site configurations in one click.

100 active installs v1.4.3 PHP 7.4+ WP 5.5+ Updated Dec 30, 2025
elementorexportimportone-click-demo-importtheme-options
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Smart One Click Setup – Complete Demo Import & Export Safe to Use in 2026?

Generally Safe

Score 100/100

Smart One Click Setup – Complete Demo Import & Export has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "smart-one-click-setup" plugin v1.4.3 exhibits a generally good security posture with several strengths, including 100% output escaping and a substantial adoption of prepared statements for SQL queries. The absence of recorded CVEs and vulnerability history further suggests a history of secure development or effective patching. The plugin also demonstrates good practices by implementing nonce and capability checks for most of its entry points.

However, the analysis reveals specific areas of concern that warrant attention. The presence of two AJAX handlers without proper authentication checks represents a significant attack surface that could be exploited by unauthenticated users. While no critical or high severity taint flows were identified, the use of the `unserialize` function, especially if handling user-supplied data without proper sanitization, poses a potential risk for remote code execution. The static analysis also noted file operations and external HTTP requests, which, without context, could be potential vectors for further exploits if not handled securely.

In conclusion, while the plugin has strong fundamental security practices in place, the unprotected AJAX endpoints are a clear vulnerability. The potential risk associated with `unserialize` should also be investigated further. Addressing these specific weaknesses would significantly enhance the overall security of the "smart-one-click-setup" plugin.

Key Concerns

  • AJAX handlers without auth checks
  • Presence of unserialize function
Vulnerabilities
None known

Smart One Click Setup – Complete Demo Import & Export Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Smart One Click Setup – Complete Demo Import & Export Code Analysis

Dangerous Functions
1
Raw SQL Queries
3
12 prepared
Unescaped Output
0
252 escaped
Nonce Checks
13
Capability Checks
8
File Operations
8
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = unserialize( $raw , array( 'allowed_classes' => false ) );inc\CustomizerImporter.php:163

SQL Query Safety

80% prepared15 total queries

Output Escaping

100% escaped252 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
import_predefined_zip_ajax_callback (inc\SmartOneClickSetup.php:1638)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Smart One Click Setup – Complete Demo Import & Export Attack Surface

Entry Points8
Unprotected2

AJAX Handlers 8

authwp_ajax_smartocs_upload_manual_import_filesinc\SmartOneClickSetup.php:141
authwp_ajax_smartocs_import_demo_datainc\SmartOneClickSetup.php:142
authwp_ajax_smartocs_import_customizer_datainc\SmartOneClickSetup.php:143
authwp_ajax_smartocs_after_import_datainc\SmartOneClickSetup.php:144
authwp_ajax_smartocs_export_datainc\SmartOneClickSetup.php:145
authwp_ajax_smartocs_import_zip_fileinc\SmartOneClickSetup.php:146
authwp_ajax_smartocs_import_predefined_zipinc\SmartOneClickSetup.php:147
authwp_ajax_smartocs_clear_cacheinc\SmartOneClickSetup.php:148
WordPress Hooks 40
filterimport_post_meta_keyinc\CustomWXRImporter.php:349
filterhttp_request_timeoutinc\CustomWXRImporter.php:350
actionadmin_initinc\ExportCleanup.php:37
filterupload_mimesinc\Helpers.php:915
actionsmartocs/before_content_import_executioninc\ImportActions.php:56
actionsmartocs/after_content_import_executioninc\ImportActions.php:59
actionsmartocs/after_content_import_executioninc\ImportActions.php:60
actionsmartocs/after_content_import_executioninc\ImportActions.php:61
actionsmartocs/after_content_import_executioninc\ImportActions.php:62
actionsmartocs/after_content_import_executioninc\ImportActions.php:63
actionsmartocs/after_content_import_executioninc\ImportActions.php:64
actionsmartocs/customizer_import_executioninc\ImportActions.php:67
actionsmartocs/customizer_import_executioninc\ImportActions.php:68
actionsmartocs/after_all_import_executioninc\ImportActions.php:71
actionsmartocs/after_all_import_executioninc\ImportActions.php:72
actionsmartocs/widget_settings_arrayinc\ImportActions.php:76
filterwxr_importer.pre_process.userinc\Importer.php:148
filterwxr_importer.pre_process.postinc\Importer.php:151
filterwxr_importer.pre_process.postinc\Importer.php:154
filterwxr_importer.pre_process.postinc\Importer.php:158
filterintermediate_image_sizes_advancedinc\Importer.php:162
actionadmin_menuinc\SmartOneClickSetup.php:139
actionadmin_enqueue_scriptsinc\SmartOneClickSetup.php:140
actionafter_setup_themeinc\SmartOneClickSetup.php:149
actionuser_admin_noticesinc\SmartOneClickSetup.php:150
actionadmin_noticesinc\SmartOneClickSetup.php:151
actionadmin_noticesinc\SmartOneClickSetup.php:152
actionall_admin_noticesinc\SmartOneClickSetup.php:153
actionadmin_initinc\SmartOneClickSetup.php:154
actionset_object_termsinc\SmartOneClickSetup.php:155
filterwxr_importer.pre_process.postinc\SmartOneClickSetup.php:156
actionwxr_importer.process_failed.postinc\SmartOneClickSetup.php:157
actionwp_import_insert_postinc\SmartOneClickSetup.php:158
actionsmartocs/after_importinc\SmartOneClickSetup.php:159
filtersmartocs/predefined_import_filesinc\SmartOneClickSetup.php:171
actionsmartocs/after_importinc\SmartOneClickSetup.php:1722
filtersmartocs/time_for_one_ajax_callinc\WPCLICommands.php:195
filterwxr_importer.pre_process.terminc\WXRImporter.php:33
actionadmin_noticessmart-one-click-setup.php:34
actionadmin_initsmart-one-click-setup.php:123
Maintenance & Trust

Smart One Click Setup – Complete Demo Import & Export Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 30, 2025
PHP min version7.4
Downloads770

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Smart One Click Setup – Complete Demo Import & Export Alternatives

Demo Importer Plus

Demo Importer Plus

demo-importer-plus

A
90

Import the demo content, widgets, customizer settings and theme settings with a single click without any hassle.

10K 5 CVEs
Easy Demo Import for Omega Themes

Easy Demo Import for Omega Themes

easy-demo-import-for-omega-themes

A
100

A lightweight One-Click Demo Import plugin built specifically for Omega Themes. Easily import demo content, widgets, and settings with a single click.

300 No CVEs
Template Porter for Elementor

Template Porter for Elementor

template-porter-for-elementor

A
100

Export and import Elementor templates WITH images bundled. No more broken image links!

50 No CVEs
Sirat Demo Importer

Sirat Demo Importer

sirat-demo-importer

A
100

Sirat Demo Importer

10 No CVEs
All-in-One WP Migration and Backup

All-in-One WP Migration and Backup

all-in-one-wp-migration

A
90

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs
Developer Profile

Smart One Click Setup – Complete Demo Import & Export Developer Profile

Chiranjit Hazarika

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Smart One Click Setup – Complete Demo Import & Export

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smart-one-click-setup/assets/css/frontend.css/wp-content/plugins/smart-one-click-setup/assets/css/backend.css/wp-content/plugins/smart-one-click-setup/assets/js/frontend.js/wp-content/plugins/smart-one-click-setup/assets/js/backend.js
Version Parameters
smart-one-click-setup/assets/css/frontend.css?ver=smart-one-click-setup/assets/css/backend.css?ver=smart-one-click-setup/assets/js/frontend.js?ver=smart-one-click-setup/assets/js/backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
smartocs-spinnersmartocs-import-buttonsmartocs-button-importsmartocs-button-exportsmartocs-settings-page
Data Attributes
data-smartocs-actiondata-smartocs-nonce
JS Globals
smartocs_frontend_paramssmartocs_backend_params
REST Endpoints
/wp-json/smartocs/v1/import/wp-json/smartocs/v1/export
FAQ

Frequently Asked Questions about Smart One Click Setup – Complete Demo Import & Export