Does Starter Sites have any unpatched vulnerabilities?

No. All known vulnerabilities in Starter Sites have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Starter Sites compatible with WordPress 6.9.4?

According to WordPress.org data, Starter Sites 2.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Starter Sites compatible with PHP 7.4+?

Starter Sites requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Starter Sites updated?

Starter Sites was last updated on Feb 19, 2026. Frequent updates are generally a positive security signal.

What is Starter Sites's security score?

Starter Sites has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Starter Sites Security & Risk Analysis

wordpress.org/plugins/starter-sites

Import website demos, full pages of block editor content, posts, products, images, global styles, templates, template parts, patterns and fonts.

1K active installs v2.5 PHP 7.4+ WP 6.6+ Updated Feb 19, 2026

contentdemoimportstarter-sitewebsite

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Starter Sites Safe to Use in 2026?

Generally Safe

Score 100/100

Starter Sites has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'starter-sites' v2.5 plugin exhibits a generally strong security posture, characterized by robust use of prepared statements for SQL queries, ample nonce and capability checks, and a high percentage of properly escaped output. The absence of known vulnerabilities in its history is also a positive indicator. However, a significant concern arises from the taint analysis, which identified three flows with unsanitized paths. While no critical or high severity issues were flagged by the taint analysis, these unsanitized paths represent potential vectors for unexpected behavior or security weaknesses if not thoroughly reviewed and handled. The plugin's attack surface is small and, based on the data, appears to be protected, but the presence of unsanitized paths within the taint flows warrants careful attention.

Key Concerns

Unsanitized paths in taint flows

Vulnerabilities

None known

Starter Sites Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Starter Sites Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

260 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

85% escaped307 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

admin_page (inc\main.php:471)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Starter Sites Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_starter_sites_review_notice_dismissinc\admin-notice.php:24

authwp_ajax_starter_sites_update_screen_prefsinc\main.php:26

authwp_ajax_starter_sites_re_apply_stylesinc\main.php:27

WordPress Hooks 18

filterintermediate_image_sizes_advancedinc\activate.php:1756

filterbig_image_size_thresholdinc\activate.php:1757

filterupload_mimesinc\activate.php:1916

filterupload_dirinc\activate.php:1918

actionadmin_noticesinc\admin-notice.php:11

filterwoocommerce_enable_setup_wizardinc\main.php:14

filterwoocommerce_prevent_automatic_wizard_redirectinc\main.php:15

filteradmin_body_classinc\main.php:16

actionadmin_menuinc\main.php:23

actionadmin_initinc\main.php:24

actionadmin_enqueue_scriptsinc\main.php:25

actionupdated_optioninc\main.php:28

actionadded_optioninc\main.php:29

actioninitinc\main.php:30

actioninitinc\patterns.php:91

filterplugin_row_metastarter-sites.php:70

actionplugins_loadedstarter-sites.php:77

actionadmin_initstarter-sites.php:78

Maintenance & Trust

Starter Sites Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 19, 2026

PHP min version7.4

Downloads49K

Community Trust

Rating60/100

Number of ratings2

Active installs1K

Alternatives

Starter Sites Alternatives

Novex Demo Importer

novex-demo-importer

100

One click demo import for Novex themes — instantly import free & premium Elementor sites to launch a fully designed WordPress site in seconds.

0 No CVEs

Ibtana – WordPress Website Builder

ibtana-visual-editor

Build your dream WordPress website with Ibtana, a powerful website builder with customizable templates and drag-and-drop elements for customization.

20K 1 unpatched

Rara One Click Demo Import

rara-one-click-demo-import

Make your website look like the live demo of the theme with a click!

20K 1 CVE

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress

af-companion

100

Quickly import live demo content, widgets and settings with one click

10K 1 CVE

TutorMate

tutormate

100

TutorMate is a Tutor Starter theme companion plugin to import predesigned stylish demo pages to eLearning sites powered by Tutor LMS plugin.

10K No CVEs

Developer Profile

Starter Sites Developer Profile

tuxlog

38 plugins · 12K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

368 days

View full developer profile

Detection Fingerprints

How We Detect Starter Sites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/starter-sites/css/starter-sites-admin.css/wp-content/plugins/starter-sites/css/starter-sites-frontend.css/wp-content/plugins/starter-sites/js/starter-sites-admin.js/wp-content/plugins/starter-sites/js/starter-sites-frontend.js/wp-content/plugins/starter-sites/js/starter-sites-react.js

Script Paths

/wp-content/plugins/starter-sites/js/starter-sites-admin.js/wp-content/plugins/starter-sites/js/starter-sites-frontend.js/wp-content/plugins/starter-sites/js/starter-sites-react.js

Version Parameters

starter-sites/css/starter-sites-admin.css?ver=starter-sites/css/starter-sites-frontend.css?ver=starter-sites/js/starter-sites-admin.js?ver=starter-sites/js/starter-sites-frontend.js?ver=starter-sites/js/starter-sites-react.js?ver=

HTML / DOM Fingerprints

CSS Classes

starter-sites-admin-wrapstarter-sites-frontend-wrapstarter-sites-containerstarter-sites-modalstarter-sites-site-preview

HTML Comments

Data Attributes

data-starter-sites-site-iddata-starter-sites-modal-closedata-starter-sites-site-import-button

JS Globals

window.starterSitesAdminwindow.starterSitesFrontendwindow.starterSitesReact

REST Endpoints

/wp-json/starter-sites/v1/sites/wp-json/starter-sites/v1/import/wp-json/starter-sites/v1/settings

Shortcode Output

[starter_sites_gallery][starter_sites_import_button][starter_sites_site_preview]

FAQ