Does Sparkle Demo Importer have any unpatched vulnerabilities?

No. All known vulnerabilities in Sparkle Demo Importer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sparkle Demo Importer compatible with WordPress 6.2.9?

According to WordPress.org data, Sparkle Demo Importer 1.4.8 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is Sparkle Demo Importer compatible with PHP 5.6+?

Sparkle Demo Importer requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sparkle Demo Importer updated?

Sparkle Demo Importer was last updated on Jun 20, 2024. Frequent updates are generally a positive security signal.

What is Sparkle Demo Importer's security score?

Sparkle Demo Importer has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sparkle Demo Importer Security & Risk Analysis

wordpress.org/plugins/sparkle-demo-importer

Sparkle Demo Importer imports sparkle themes full demo with just one click. It is specially developed for demo import purpose.

6K active installs v1.4.8 PHP 5.6+ WP 4.0+ Updated Jun 20, 2024

demo-datademo-importerimportersparkle-demosparkle-demo-data

A · Safe

CVEs total1

Unpatched0

Last CVEJun 21, 2024

Plugin page Download

Safety Verdict

Is Sparkle Demo Importer Safe to Use in 2026?

Generally Safe

Score 91/100

Sparkle Demo Importer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 21, 2024Updated 1yr ago

Risk Assessment

The sparkle-demo-importer plugin v1.4.8 exhibits a mixed security posture. While it demonstrates strong practices in areas like SQL query sanitization and a lack of critical taint flow issues, there are notable areas of concern. The presence of an unprotected AJAX handler represents a direct entry point for potential attackers, bypassing authentication. This, coupled with a history of past vulnerabilities, specifically a medium-severity one that was recently patched, suggests a pattern of past security oversights. The plugin does employ nonces and capability checks for many of its entry points, which is a positive sign of good development practices. However, the single unprotected AJAX handler is a significant weakness that must be addressed. Overall, the plugin has strengths in secure data handling but requires immediate attention to its authentication mechanisms for its exposed entry points.

Key Concerns

1 unprotected AJAX handler
1 medium severity vulnerability history
73% output escaping (27% unescaped)

Vulnerabilities

Sparkle Demo Importer Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-6120medium · 6.5Missing Authorization

Sparkle Demo Importer <= 1.4.7 - Missing Authorization to Authorized(Subscriber+) Post/Pages/Attachements Deletion and Demo Data Import

Jun 21, 2024 Patched in 1.4.8 (1d)

Code Analysis

Analyzed Mar 16, 2026

Sparkle Demo Importer Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

174 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

73% escaped239 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

sparkle_demo_import_theme_option (sparkle-demo-importer.php:619)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Sparkle Demo Importer Attack Surface

Entry Points13

Unprotected1

AJAX Handlers 12

authwp_ajax_plugin_installerclasses\class-demo-importer.php:35

authwp_ajax_plugin_offline_installerclasses\class-demo-importer.php:38

authwp_ajax_plugin_activationclasses\class-demo-importer.php:41

authwp_ajax_plugin_deactivationclasses\class-demo-importer.php:44

authwp_ajax_sparkle_demo_import_install_demosparkle-demo-importer.php:72

authwp_ajax_sparkle_demo_import_install_pluginsparkle-demo-importer.php:73

authwp_ajax_sparkle_demo_import_download_filessparkle-demo-importer.php:74

authwp_ajax_sparkle_demo_import_import_xmlsparkle-demo-importer.php:75

authwp_ajax_sparkle_demo_import_customizer_importsparkle-demo-importer.php:76

authwp_ajax_sparkle_demo_import_menu_importsparkle-demo-importer.php:77

authwp_ajax_sparkle_demo_import_theme_optionsparkle-demo-importer.php:78

authwp_ajax_sparkle_demo_import_importing_widgetsparkle-demo-importer.php:79

Shortcodes 1

[construction-customizer-slider] sparkle-demo-importer.php:1169

WordPress Hooks 9

actionadmin_menusparkle-demo-importer.php:66

actionadmin_enqueue_scriptssparkle-demo-importer.php:69

filterwp_import_post_metasparkle-demo-importer.php:85

filterwxr_importer.pre_process.post_metasparkle-demo-importer.php:86

actionafter_setup_themesparkle-demo-importer.php:1163

filterimport_post_meta_keywordpress-importer\class-wp-import.php:77

filterhttp_request_timeoutwordpress-importer\class-wp-import.php:78

filterimport_post_meta_keywordpress-importer\wordpress-importer.php:80

filterhttp_request_timeoutwordpress-importer\wordpress-importer.php:81

Maintenance & Trust

Sparkle Demo Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJun 20, 2024

PHP min version5.6

Downloads233K

Community Trust

Rating100/100

Number of ratings1

Active installs6K

Alternatives

Sparkle Demo Importer Alternatives

Keon Toolset

keon-toolset

100

Import dummy data for themes developed by Keon Themes.

30K No CVEs

Blaze Demo Importer

blaze-demo-importer

Blaze Demo Importer can be used in all the official themes developed by BlazeThemes.

8K 2 CVEs

Blockskit

blockskit

100

An easy plugin to import starter sites and add different effects to the image.

8K No CVEs

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

cozy-essential-addons

100

Cozy Essential Addons is the free WordPress plugin for Custom post type and provides basic skeletal for custom post type list.

7K No CVEs

HashThemes Demo Importer

hashthemes-demo-importer

Transforming website setups from headache to 'click, click, done!

6K 1 CVE

Developer Profile

Sparkle Demo Importer Developer Profile

Sparkle WP

36 plugins · 14K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

193 days

View full developer profile

Detection Fingerprints

How We Detect Sparkle Demo Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sparkle-demo-importer/assets/css/sparkle-demo-importer.css/wp-content/plugins/sparkle-demo-importer/assets/js/sparkle-demo-importer.js

Script Paths

/wp-content/plugins/sparkle-demo-importer/assets/js/sparkle-demo-importer.js

Version Parameters

sparkle-demo-importer/assets/css/sparkle-demo-importer.css?ver=sparkle-demo-importer/assets/js/sparkle-demo-importer.js?ver=

HTML / DOM Fingerprints

CSS Classes

sparkle-demo-importersparkle-theme-tab-filteravailable-categoriesavailable-categories-listssparkle-theme-tab-groupsparkle-theme-tabsparkle-theme-activecat-count+1 more

Data Attributes

data-filter-groupdata-filter

JS Globals

SparkleDemoImporter

REST Endpoints

/wp-json/sparkle-demo-importer/v1/get-demos/wp-json/sparkle-demo-importer/v1/install-demo/wp-json/sparkle-demo-importer/v1/install-plugin/wp-json/sparkle-demo-importer/v1/download-files/wp-json/sparkle-demo-importer/v1/import-xml/wp-json/sparkle-demo-importer/v1/customizer-import/wp-json/sparkle-demo-importer/v1/menu-import/wp-json/sparkle-demo-importer/v1/theme-option/wp-json/sparkle-demo-importer/v1/importing-widget

FAQ