Does Theme Demo Import have any unpatched vulnerabilities?

Yes — Theme Demo Import currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Theme Demo Import compatible with WordPress 6.5.8?

According to WordPress.org data, Theme Demo Import 1.1.3 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Theme Demo Import compatible with PHP 5.6+?

Theme Demo Import requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Theme Demo Import updated?

Theme Demo Import was last updated on Jul 3, 2024. Frequent updates are generally a positive security signal.

What is Theme Demo Import's security score?

Theme Demo Import has a WP-Safety security score of 49/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Theme Demo Import Security & Risk Analysis

wordpress.org/plugins/theme-demo-import

Quickly import demo content, widgets and settings in one click. Made for theme authors to simplify importing demo content for their users.

5K active installs v1.1.3 PHP 5.6+ WP 4.7+ Updated Jul 3, 2024

contentdatademoimportwidgets

D · High Risk

CVEs total2

Unpatched2

Last CVEAug 9, 2023

Plugin page Download

Safety Verdict

Is Theme Demo Import Safe to Use in 2026?

High Risk

Score 49/100

Theme Demo Import carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Aug 9, 2023Updated 1yr ago

Risk Assessment

The theme-demo-import plugin, version 1.1.3, presents a significant security risk due to its history of high-severity vulnerabilities, specifically related to unrestricted file uploads. The static analysis reveals an unprotected AJAX handler as a critical entry point for potential attacks. While the plugin demonstrates good practices in output escaping and utilizes prepared statements for most SQL queries, the presence of the `unserialize` function is a concern, especially when combined with untrusted user input, which could lead to Remote Code Execution if not handled with extreme caution. The vulnerability history is particularly alarming, with two currently unpatched high-severity CVEs, both related to unrestricted file uploads. This pattern strongly suggests a recurring weakness in input validation and file handling mechanisms, demanding immediate attention. Despite the positive aspects of output sanitization and SQL preparation, the unprotected AJAX endpoint and the persistent vulnerability history overshadow these strengths, leading to a high-risk assessment.

Key Concerns

Unprotected AJAX handler
Presence of unserialize function
2 high severity unpatched CVEs
Vulnerability type: Unrestricted Upload

Vulnerabilities

Theme Demo Import Security Vulnerabilities

CVEs by Year

1 CVE in 2022 · unpatched

2022

1 CVE in 2023 · unpatched

2023

Patched Has unpatched

Severity Breakdown

High

2 total CVEs

CVE-2023-28170high · 7.2Unrestricted Upload of File with Dangerous Type

Theme Demo Import <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload

Aug 9, 2023Unpatched

CVE-2022-1538high · 7.2Unrestricted Upload of File with Dangerous Type

Theme Demo Import <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload

Nov 8, 2022Unpatched

Code Analysis

Analyzed Mar 16, 2026

Theme Demo Import Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

17 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize( $raw );inc\class-tdi-customizer-importer.php:50

SQL Query Safety

71% prepared7 total queries

Output Escaping

100% escaped17 total outputs

Attack Surface

1 unprotected

Theme Demo Import Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_TDI_import_demo_datainc\class-tdi-main.php:55

WordPress Hooks 10

actionadmin_menuinc\class-tdi-main.php:53

actionadmin_enqueue_scriptsinc\class-tdi-main.php:54

actionafter_setup_themeinc\class-tdi-main.php:56

actionplugins_loadedinc\class-tdi-main.php:57

filterwxr_importer.pre_process.userinc\class-tdi-main.php:390

filterwxr_importer.pre_process.postinc\class-tdi-main.php:393

filterintermediate_image_sizes_advancedinc\class-tdi-main.php:397

filterimport_post_meta_keyinc\importer\class-wxr-importer.php:321

filterhttp_request_timeoutinc\importer\class-wxr-importer.php:322

actionadmin_noticestheme-demo-import.php:35

Maintenance & Trust

Theme Demo Import Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJul 3, 2024

PHP min version5.6

Downloads258K

Community Trust

Rating60/100

Number of ratings4

Active installs5K

Alternatives

Theme Demo Import Alternatives

Rara One Click Demo Import

rara-one-click-demo-import

Make your website look like the live demo of the theme with a click!

20K 1 CVE

SKT Themes Demo Import

skt-themes-demo-importer

100

Live demo content can be imported quickly in just one click including all widgets and settings.

5K No CVEs

Fable Extra

fable-extra

Used for WP Fable Themes.

4K 3 CVEs

Starter Templates by Gradient Themes

gradient-starter-templates

100

Setup you site with dummy data easily. Import settings, widgets and content with one click. Your dummy data must have ZIP file of xml, dat and wie fi …

3K No CVEs

Flawless Themes Demo Importer

flawless-themes-demo-importer

100

Flawless Themes Demo Importer plugin helps you import demo content for various free themes of flawlessthemes . Flawless Themes are dedicated to creati …

1K No CVEs

Developer Profile

Theme Demo Import Developer Profile

themely

4 plugins · 6K total installs

trust score

Avg Security Score

76/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Theme Demo Import

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/theme-demo-import/css/tdi_admin.css/wp-content/plugins/theme-demo-import/js/tdi_admin.js/wp-content/plugins/theme-demo-import/js/tdi_importer.js

Script Paths

/wp-content/plugins/theme-demo-import/js/tdi_admin.js/wp-content/plugins/theme-demo-import/js/tdi_importer.js

Version Parameters

theme-demo-import/css/tdi_admin.css?ver=theme-demo-import/js/tdi_admin.js?ver=theme-demo-import/js/tdi_importer.js?ver=

HTML / DOM Fingerprints

CSS Classes

tdiTDI__intro-noticeTDI__intro-textTDI__file-upload-containerTDI__file-uploadTDI__content-file-uploadTDI__widget-file-uploadTDI__customizer-file-upload+7 more

Data Attributes

id="TDI__content-file-upload"id="TDI__widget-file-upload"id="TDI__customizer-file-upload"id="TDI__demo-import-files"data-tdi-progressdata-tdi-import-id+2 more

JS Globals

var TDI_admin

FAQ