WP-Safety

ST Demo Importer Security & Risk Analysis

wordpress.org/plugins/st-demo-importer

ST Demo Importer is a WordPress plugin for Elementor, enabling fast import of pre-designed themes and templates, saving time in website creation.

700 active installs v0.2.4 PHP 7.4+ WP 5.2+ Updated Nov 18, 2025
one-click-demo-importtemplateswebsite-builder
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ST Demo Importer Safe to Use in 2026?

Generally Safe

Score 100/100

ST Demo Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "st-demo-importer" plugin v0.2.4 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices regarding SQL queries, exclusively using prepared statements, and has a very high rate of properly escaped output. Furthermore, the plugin has no recorded vulnerabilities or CVEs, suggesting a history of stable and secure development. However, a significant concern arises from its attack surface. The plugin exposes 5 AJAX handlers, with a concerning 4 of them lacking authentication checks. This could allow unauthenticated users to trigger potentially sensitive operations.

The static analysis reveals no dangerous functions or critical taint flows, which is a positive indicator. The presence of nonce and capability checks in some areas is also good, but the lack of these on a majority of AJAX endpoints is a notable weakness. The plugin performs a moderate number of external HTTP requests, which in isolation is not a security issue, but could be a vector for other types of attacks if an attacker can control the URLs or data sent in these requests.

Overall, while the lack of known vulnerabilities and strong SQL/output practices are strengths, the large number of unprotected AJAX endpoints represents a clear and present risk. The absence of taint flow issues and dangerous functions mitigates some of the potential impact, but an attacker could still leverage the unprotected AJAX endpoints for denial-of-service or other unintended actions if not properly secured by the theme or other plugins. The plugin's security is heavily reliant on the surrounding WordPress environment to enforce access controls on these entry points.

Key Concerns

  • 4 unprotected AJAX handlers
  • Moderate number of external HTTP requests
Vulnerabilities
None known

ST Demo Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ST Demo Importer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
230 escaped
Nonce Checks
7
Capability Checks
16
File Operations
2
External Requests
14
Bundled Libraries
0

Output Escaping

96% escaped239 total outputs
Attack Surface
4 unprotected

ST Demo Importer Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 5

authwp_ajax_install_free_themeclasses\free_templates.php:10
authwp_ajax_setup_pluginstheme-wizard\st_demo_importer_whizzie.php:152
authwp_ajax_setup_widgetstheme-wizard\st_demo_importer_whizzie.php:153
authwp_ajax_wz_activate_st_demo_importer_protheme-wizard\st_demo_importer_whizzie.php:154
authwp_ajax_st_demo_importer_setup_elementortheme-wizard\st_demo_importer_whizzie.php:155
WordPress Hooks 39
filterposts_whereclasses\elementor_import.php:362
actionadmin_initclasses\free_templates.php:11
actioninitst-demo-importer.php:20
actionactivated_plugintheme-wizard\st_demo_importer_whizzie.php:143
actioninittheme-wizard\st_demo_importer_whizzie.php:145
actioninittheme-wizard\st_demo_importer_whizzie.php:146
actionadmin_enqueue_scriptstheme-wizard\st_demo_importer_whizzie.php:148
actionadmin_menutheme-wizard\st_demo_importer_whizzie.php:149
actionadmin_inittheme-wizard\st_demo_importer_whizzie.php:150
filterst_demo_importer_tgmpa_loadtheme-wizard\st_demo_importer_whizzie.php:151
actionadmin_menutheme-wizard\st_demo_importer_whizzie.php:156
actionadmin_menutheme-wizard\st_demo_importer_whizzie.php:157
actioninittheme-wizard\tgm\class-tgm-plugin-activation.php:265
actionadmin_menutheme-wizard\tgm\class-tgm-plugin-activation.php:414
actionadmin_headtheme-wizard\tgm\class-tgm-plugin-activation.php:415
filterinstall_plugin_complete_actionstheme-wizard\tgm\class-tgm-plugin-activation.php:418
filterupdate_plugin_complete_actionstheme-wizard\tgm\class-tgm-plugin-activation.php:419
actionadmin_noticestheme-wizard\tgm\class-tgm-plugin-activation.php:422
actionadmin_inittheme-wizard\tgm\class-tgm-plugin-activation.php:423
actionadmin_enqueue_scriptstheme-wizard\tgm\class-tgm-plugin-activation.php:424
actionload-plugins.phptheme-wizard\tgm\class-tgm-plugin-activation.php:429
actionswitch_themetheme-wizard\tgm\class-tgm-plugin-activation.php:432
actionswitch_themetheme-wizard\tgm\class-tgm-plugin-activation.php:435
actionadmin_inittheme-wizard\tgm\class-tgm-plugin-activation.php:440
actionswitch_themetheme-wizard\tgm\class-tgm-plugin-activation.php:445
filterupgrader_source_selectiontheme-wizard\tgm\class-tgm-plugin-activation.php:792
actionplugins_loadedtheme-wizard\tgm\class-tgm-plugin-activation.php:2015
filtertgmpa_table_data_itemstheme-wizard\tgm\class-tgm-plugin-activation.php:2139
filterupgrader_source_selectiontheme-wizard\tgm\class-tgm-plugin-activation.php:2880
actionadmin_inittheme-wizard\tgm\class-tgm-plugin-activation.php:3053
actionupgrader_process_completetheme-wizard\tgm\class-tgm-plugin-activation.php:3148
filterupgrader_post_installtheme-wizard\tgm\class-tgm-plugin-activation.php:3207
filterupgrader_post_installtheme-wizard\tgm\class-tgm-plugin-activation.php:3352
actionst_demo_importer_tgmpa_registertheme-wizard\tgm\tgm.php:47
actionwp_dashboard_setupwidgets\dashboard-widgets.php:10
actionwp_dashboard_setupwidgets\dashboard-widgets.php:56
actionadmin_noticeswidgets\dashboard-widgets.php:70
actionadmin_enqueue_scriptswidgets\dashboard-widgets.php:81
actionadmin_headwidgets\dashboard-widgets.php:83
Maintenance & Trust

ST Demo Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 18, 2025
PHP min version7.4
Downloads11K

Community Trust

Rating80/100
Number of ratings4
Active installs700
Alternatives

ST Demo Importer Alternatives

Ibtana – WordPress Website Builder

Ibtana – WordPress Website Builder

ibtana-visual-editor

B
74

Build your dream WordPress website with Ibtana, a powerful website builder with customizable templates and drag-and-drop elements for customization.

20K 1 unpatched
WPElemento Importer

WPElemento Importer

wpelemento-importer

A
99

Effortlessly set up WordPress themes with WPelemento Importer. One-click demo imports, Elementor compatibility, and support for diverse themes.

10K 1 CVE
Mizan Demo Importer

Mizan Demo Importer

mizan-demo-importer

A
99

Easily import demo data for Mizan Themes with one click. Fully Elementor compatible, it sets up plugins, images, content, and settings seamlessly!

1K 1 CVE
Easy Demo Import for Omega Themes

Easy Demo Import for Omega Themes

easy-demo-import-for-omega-themes

A
100

A lightweight One-Click Demo Import plugin built specifically for Omega Themes. Easily import demo content, widgets, and settings with a single click.

300 No CVEs
Sirat Demo Importer

Sirat Demo Importer

sirat-demo-importer

A
100

Sirat Demo Importer

10 No CVEs
Developer Profile

ST Demo Importer Developer Profile

Kristyna Bennett

30 plugins · 2K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ST Demo Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/st-demo-importer/theme-wizard/assets/css/templates.css/wp-content/plugins/st-demo-importer/theme-wizard/assets/js/admin-script.js/wp-content/plugins/st-demo-importer/theme-wizard/assets/css/bootstrap.min.css/wp-content/plugins/st-demo-importer/theme-wizard/assets/css/theme-wizard-style.css/wp-content/plugins/st-demo-importer/theme-wizard/assets/js/theme-wizard-script.js/wp-content/plugins/st-demo-importer/theme-wizard/assets/js/tab.js/wp-content/plugins/st-demo-importer/theme-wizard/assets/js/notify.min.js/wp-content/plugins/st-demo-importer/theme-wizard/assets/js/bootstrap.bundle.min.js+1 more
Script Paths
/wp-content/plugins/st-demo-importer/theme-wizard/assets/js/admin-script.js/wp-content/plugins/st-demo-importer/theme-wizard/assets/js/theme-wizard-script.js/wp-content/plugins/st-demo-importer/theme-wizard/assets/js/tab.js/wp-content/plugins/st-demo-importer/theme-wizard/assets/js/notify.min.js/wp-content/plugins/st-demo-importer/theme-wizard/assets/js/bootstrap.bundle.min.js
Version Parameters
st-demo-importer/theme-wizard/assets/css/templates.css?ver=st-demo-importer/theme-wizard/assets/js/admin-script.js?ver=st-demo-importer/theme-wizard/assets/css/bootstrap.min.css?ver=st-demo-importer/theme-wizard/assets/css/theme-wizard-style.css?ver=st-demo-importer/theme-wizard/assets/js/theme-wizard-script.js?ver=st-demo-importer/theme-wizard/assets/js/tab.js?ver=st-demo-importer/theme-wizard/assets/js/notify.min.js?ver=st-demo-importer/theme-wizard/assets/js/bootstrap.bundle.min.js?ver=st-demo-importer/theme-wizard/assets/css/getstart.css?ver=

HTML / DOM Fingerprints

CSS Classes
st-demo-importer-font
JS Globals
stdi_admin_paramsst_demo_importer_pro_whizzie_params
FAQ

Frequently Asked Questions about ST Demo Importer