[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fC6H5WYdliADHTxUWn-ATd0KbEeYFc53mctICHSYEaDE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":140,"fingerprints":299},"themegrill-demo-importer","Starter Templates & Sites Pack by ThemeGrill","2.0.0.6","ThemeGrill","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemegrill\u002F","\u003Cp>Discover a vast collection of premium starter sites and website templates. Instantly import complete demo content, widgets, and theme settings with a single click. Ideal for business websites, online courses, portfolios, blogs, and more β€” giving you a professional, ready-to-launch website in minutes.\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>You can contribute to the source code in our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthemegrill\u002Fthemegrill-demo-importer\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> page.\u003C\u002Fp>\n","Premium starter sites and website templates by ThemeGrill. Import demo content, widgets, and theme settings with one click.",80000,5470783,94,197,"2025-11-13T07:01:00.000Z","6.8.5","5.7","8.1.0",[20,21,22,23,24],"demo","importer","one-click-import","theme-demos","themegrill","https:\u002F\u002Fthemegrill.com\u002Fdemo-importer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthemegrill-demo-importer.2.0.0.6.zip",98,1,0,"2020-02-16 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2020-36837","themegrill-demo-importer-authorization-bypass-to-site-reset","ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset","The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.",null,">=1.3.4 \u003C=1.6.1","1.6.2","critical",9.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:H\u002FA:H","Missing Authorization","2024-10-16 06:43:36",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8c0dc694-854e-4f96-8c2d-7251c41a3ee9?source=api-prod",1704,{"slug":24,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},31,251700,97,184,77,"2026-04-03T20:01:18.686Z",[57,75,89,106,123],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":28,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":73,"download_link":74,"security_score":67,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"ansar-import","Ansar Import – One Click Demo Import for WordPress Themes","2.1.0","themeansar","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeansar\u002F","\u003Cp>Ansar Import is a simple yet powerful one-click demo importer plugin for WordPress. Whether you’re using a block-based Full Site Editing (FSE) theme, a classic theme, or a page builder like Elementor, Ansar Import makes it effortless to set up your theme just like the demo β€” in seconds.\u003C\u002Fp>\n\u003Cp>Perfect for theme users and agencies alike, Ansar Import helps you skip manual setups by importing demo content, widgets, menus, settings, templates, and theme customizations automatically.\u003C\u002Fp>\n\u003Cp>πŸš€ Key Features:\u003Cbr \u002F>\nβœ… One Click Import – Quickly set up your site just like the theme demo.\u003C\u002Fp>\n\u003Cp>🧱 Supports FSE & Block Themes – Seamless with Full Site Editing and Gutenberg.\u003C\u002Fp>\n\u003Cp>🎨 Elementor Compatible – Easily import Elementor demo layouts and settings.\u003C\u002Fp>\n\u003Cp>πŸ”„ Reusable Templates – Import custom templates, patterns, and starter designs.\u003C\u002Fp>\n\u003Cp>πŸ“¦ Media & Content – Import pages, posts, images, menus, and widgets.\u003C\u002Fp>\n\u003Cp>πŸ§‘β€πŸ’» Developer-Friendly Hooks – Extend or customize import logic easily.\u003C\u002Fp>\n\u003Cp>πŸ§‘β€πŸ’Ό Who Is It For?\u003Cbr \u002F>\nWeb Designers & Agencies – Quickly scaffold websites from starter kits.\u003C\u002Fp>\n\u003Cp>DIY Website Owners – Set up your website like the preview in minutes.\u003C\u002Fp>\n\u003Cp>πŸ“š How It Works:\u003Cbr \u002F>\nInstall and activate Ansar Import.\u003C\u002Fp>\n\u003Cp>Go to Appearance > Ansar Import.\u003C\u002Fp>\n\u003Cp>Select a demo and click β€œImport.”\u003C\u002Fp>\n\u003Cp>Your site is ready with demo content and layout.\u003C\u002Fp>\n","Easily import theme demos in one click. Simplifies starter sites setup.",20000,460921,100,"2026-01-05T05:24:00.000Z","6.9.4","6.6","7.4",[20,21,22,23],"https:\u002F\u002Fthemeansar.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fansar-import.zip",{"slug":76,"name":77,"version":78,"author":61,"author_profile":62,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":69,"requires_at_least":70,"requires_php":86,"tags":87,"homepage":86,"download_link":88,"security_score":67,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"icyclub","Icyclub","2.7","\u003Cp>Icyclub plugin for all Themeansar Theme\u003C\u002Fp>\n\u003Cp>The Icyclub plugin features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Beautiful pre-build homepage layouts\u003C\u002Fli>\n\u003Cli>Drag and drop page customization\u003C\u002Fli>\n\u003Cli>Predefined usefull sections\u003C\u002Fli>\n\u003Cli>Live content editing \u003C\u002Fli>\n\u003Cli>and many other features\u003C\u002Fli>\n\u003C\u002Ful>\n","Icyclub plugin for Provided a readymade template for all Themeansar Theme",10000,409518,60,2,"2026-01-05T05:38:00.000Z","",[20,21,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ficyclub.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":67,"num_ratings":28,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":86,"download_link":104,"security_score":105,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"thememiles-toolset","Thememiles Toolset","1.1.2","thememiles","https:\u002F\u002Fprofiles.wordpress.org\u002Fthememiles\u002F","\u003Cp>Import \u003Ca href=\"https:\u002F\u002Fwww.thememiles.com\u002Fthemes\u002F\" rel=\"nofollow ugc\">ThemeMiles\u003C\u002Fa> official themes demo content, widgets and theme settings with just one click.\u003C\u002Fp>\n\u003Cp>Get \u003Ca href=\"https:\u002F\u002Fwww.thememiles.com\u002Fsupports\u002F\" rel=\"nofollow ugc\">free support\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n\u003Col>\n\u003Cli>https:\u002F\u002Fpxhere.com\u002Fen\u002Flicense [CCO License]\u003C\u002Fli>\n\u003C\u002Fol>\n","Import ThemeMiles Official Themes Demo Content, Widgets and Theme settings with just one click.",600,29713,"2023-06-11T21:12:00.000Z","6.2.9","5.0","7.0.0",[20,21,22,23,93],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthememiles-toolset.zip",85,{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":29,"num_ratings":29,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":121,"download_link":122,"security_score":105,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"theme-one-click-demo-import","Theme One Click Demo Importer","2.1","theme404","https:\u002F\u002Fprofiles.wordpress.org\u002Ftheme404\u002F","\u003Cp>Theme404 One Click Demo Import is the right tool to import inbuilt demos into your business sites within a click. It displays predefined features like demo content, widgets, and theme settings within a single click. If you are having problems implementing various features available in the theme, here it will reinforce you to get all with just one tap.\u003Cbr \u002F>\nOnce you install and activate any of the demos from Theme404 templates, you can download or manually install this plugin. It is compatible with WordPress 5.0 or higher version and only supports PHP 7.0 or later.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or Higher.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fauthor\u002Ftheme404\u002F\" rel=\"ugc\">Theme404 Official Themes\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Import Theme404 official themes demo content, widgets and theme settings with just one click.",500,49870,"2020-10-13T03:16:00.000Z","5.5.18","5.2","7.0",[21,22,23,110],"https:\u002F\u002Ftheme404.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-one-click-demo-import.2.1.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":29,"num_ratings":29,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":119,"tags":136,"homepage":138,"download_link":139,"security_score":105,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"aarambha-demo-sites","Aarambha Demo Sites","1.1.7","aarambhathemes","https:\u002F\u002Fprofiles.wordpress.org\u002Faarambhathemes\u002F","\u003Cp>Aarambha Demo Sites – it is the perfect plugin to import already inbuilt theme’s demos into your business websites within a click. It shows predefined features like demo content, widgets, and theme settings within a single click. If you are having problems implementing various features available in the theme, here it will reinforce you to get all with just one tap.\u003Cbr \u002F>\nOnce you install and activate any of the themes from Aarambha Themes, you can download or manually install this plugin. It is compatible with WordPress 5.0 or higher version and only supports PHP 7.0 or later.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=BTcMS1mvN-w\" rel=\"nofollow ugc\">Video\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 5.0 or Higher.\u003C\u002Fli>\n\u003Cli>This plugin doesn’t work with any other themes besides our official themes available @ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fauthor\u002Faarambhathemes\u002F\" rel=\"ugc\">AarambhaThemes Official Themes\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Notice\u003C\u002Fh4>\n\u003Cp>Aarambha Demo Sites uses third party service (API) at (https:\u002F\u002Fdemo.aarambhathemes.com) to query the demo listings, download & install the demos. In order to perform this action, the plugin only sends theme slug to our server and not any of your other details. Please check our \u003Ca href=\"https:\u002F\u002Faarambhathemes.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> for further information. If you are not OK with this, you may uninstall this plugin and contact us through our forum to get further assistance.\u003C\u002Fp>\n","Import Aarambha Themes inbuilt themes demo content, widgets and its all settings with one click.",200,16736,"2023-11-22T03:31:00.000Z","6.4.8","5.9",[127,137,21,22,23],"demo-templates","https:\u002F\u002Faarambhathemes.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faarambha-demo-sites.1.1.7.zip",{"attackSurface":141,"codeSignals":268,"taintFlows":288,"riskAssessment":289,"analyzedAt":298},{"hooks":142,"ajaxHandlers":264,"restRoutes":265,"shortcodes":266,"cronEvents":267,"entryPointCount":29,"unprotectedCount":29},[143,149,153,157,162,166,170,175,179,183,187,191,195,200,203,205,208,211,214,217,219,221,224,227,229,231,233,237,240,243,246,249,252,256,260,262],{"type":144,"name":145,"callback":145,"priority":146,"file":147,"line":148},"action","admin_menu",12,"src\\Admin.php",25,{"type":144,"name":150,"callback":151,"file":147,"line":152},"admin_enqueue_scripts","enqueue_scripts",26,{"type":144,"name":154,"callback":155,"file":147,"line":156},"current_screen","woocommerce_disable_setup_wizard",29,{"type":158,"name":159,"callback":160,"priority":28,"file":147,"line":161},"filter","woocommerce_enable_setup_wizard","__return_false",132,{"type":144,"name":163,"callback":164,"file":165,"line":50},"init","load_plugin_textdomain","src\\App.php",{"type":158,"name":167,"callback":167,"priority":168,"file":165,"line":169},"plugin_row_meta",10,34,{"type":158,"name":171,"callback":172,"file":173,"line":174},"import_post_meta_key","is_valid_meta_key","src\\Importers\\WXRImporter\\WXRImporter.php",185,{"type":158,"name":176,"callback":177,"file":173,"line":178},"http_request_timeout","bump_request_timeout",186,{"type":144,"name":180,"callback":181,"file":182,"line":146},"admin_init","tg_update_demo_importer_options","src\\ImportHooks.php",{"type":144,"name":184,"callback":185,"priority":168,"file":182,"line":186},"themegrill_ajax_before_demo_import","reset_widgets",14,{"type":144,"name":184,"callback":188,"priority":189,"file":182,"line":190},"delete_nav_menus",20,15,{"type":144,"name":184,"callback":192,"priority":193,"file":182,"line":194},"remove_theme_mods",30,16,{"type":144,"name":196,"callback":197,"priority":198,"file":182,"line":199},"themegrill_ajax_demo_imported","update_customizer_data",9,18,{"type":144,"name":196,"callback":201,"file":182,"line":202},"update_nav_menu_items",19,{"type":144,"name":196,"callback":204,"file":182,"line":189},"set_elementor_load_fa4_shim",{"type":144,"name":196,"callback":206,"file":182,"line":207},"set_elementor_active_kit",21,{"type":144,"name":196,"callback":209,"file":182,"line":210},"set_wc_pages",22,{"type":144,"name":196,"callback":212,"file":182,"line":213},"set_masteriyo_pages",23,{"type":144,"name":196,"callback":215,"file":182,"line":216},"set_siteorigin_settings",24,{"type":144,"name":196,"callback":218,"priority":168,"file":182,"line":148},"setup_yith_woocommerce_wishlist",{"type":144,"name":196,"callback":220,"priority":168,"file":182,"line":152},"regenerate_elementor_styles",{"type":144,"name":196,"callback":222,"priority":168,"file":182,"line":223},"update_masteriyo_data",27,{"type":144,"name":196,"callback":225,"priority":168,"file":182,"line":226},"update_magazine_blocks_settings",28,{"type":144,"name":196,"callback":228,"priority":168,"file":182,"line":156},"update_blockart_blocks_settings",{"type":144,"name":196,"callback":230,"priority":168,"file":182,"line":193},"update_elementor_settings",{"type":144,"name":196,"callback":232,"file":182,"line":50},"process_evf_posts",{"type":158,"name":234,"callback":235,"priority":168,"file":182,"line":236},"themegrill_widget_import_settings","update_widget_data",33,{"type":158,"name":238,"callback":160,"file":182,"line":239},"masteriyo_enable_setup_wizard",35,{"type":158,"name":241,"callback":160,"file":182,"line":242},"blockart_activation_redirect",38,{"type":144,"name":163,"callback":244,"file":182,"line":245},"closure",39,{"type":158,"name":247,"callback":244,"priority":168,"file":182,"line":248},"themegrill_import_post_data_processed",79,{"type":144,"name":250,"callback":244,"priority":198,"file":182,"line":251},"themegrill_widget_importer_after_widgets_import",92,{"type":144,"name":253,"callback":254,"file":255,"line":213},"rest_api_init","register_api_endpoints","src\\RestApi.php",{"type":144,"name":257,"callback":244,"file":258,"line":259},"admin_notices","themegrill-demo-importer.php",32,{"type":144,"name":180,"callback":244,"file":258,"line":261},42,{"type":144,"name":145,"callback":244,"file":258,"line":263},59,[],[],[],[],{"dangerousFunctions":269,"sqlUsage":270,"outputEscaping":278,"fileOperations":284,"externalRequests":285,"nonceChecks":29,"capabilityChecks":286,"bundledLibraries":287},[],{"prepared":198,"raw":84,"locations":271},[272,275],{"file":173,"line":273,"context":274},1763,"$wpdb->get_results() with variable interpolation",{"file":276,"line":216,"context":277},"uninstall.php","$wpdb->query() with variable interpolation",{"escaped":202,"rawEcho":84,"locations":279},[280,283],{"file":281,"line":223,"context":282},"src\\Importers\\WXRImporter\\WPImporterLoggerServerSentEvents.php","raw output",{"file":281,"line":169,"context":282},5,4,3,[],[],{"summary":290,"deductions":291},"The static analysis of themegrill-demo-importer v2.0.0.6 indicates a generally strong security posture. The plugin has a very small attack surface, with no apparent AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed or unprotected. The code also shows good practices in handling SQL queries with a high percentage using prepared statements and a strong majority of output being properly escaped. File operations and external HTTP requests are present but within expected bounds for a demo importer. However, the complete absence of nonce checks across all entry points and a limited number of capability checks are significant concerns, as these are fundamental security mechanisms for preventing CSRF and unauthorized actions.\n\nThe vulnerability history reveals one past critical CVE related to Missing Authorization. While this vulnerability is currently patched and the latest reported issue was in 2020, the pattern of 'Missing Authorization' as the common vulnerability type is a strong indicator of a historical weakness in access control implementation. This, combined with the current lack of nonce and limited capability checks, suggests a potential for similar authorization bypass vulnerabilities if not carefully managed. The total absence of taint analysis results is neutral, meaning no critical flows were detected in the analyzed paths, but it doesn't entirely rule out potential issues in unanalyzed areas.\n\nIn conclusion, themegrill-demo-importer v2.0.0.6 demonstrates good technical implementation in areas like SQL sanitization and output escaping, and its attack surface is commendably small. Nevertheless, the complete lack of nonce checks and the history of critical authorization vulnerabilities, even if patched, present a significant risk. The plugin's security relies heavily on external systems or the theme's implementation for robust authorization, which is not ideal. Therefore, while its current state appears to have addressed past critical issues, the fundamental lack of built-in security controls like nonces warrants caution.",[292,294,296],{"reason":293,"points":168},"No nonce checks found",{"reason":295,"points":284},"Only 3 capability checks detected",{"reason":297,"points":190},"One past critical CVE (Missing Authorization)","2026-03-16T17:12:49.907Z",{"wat":300,"direct":309},{"assetPaths":301,"generatorPatterns":304,"scriptPaths":305,"versionParams":306},[302,303],"\u002Fwp-content\u002Fplugins\u002Fthemegrill-demo-importer\u002Fdist\u002Fdashboard.js","\u002Fwp-content\u002Fplugins\u002Fthemegrill-demo-importer\u002Fdist\u002Fdashboard.css",[],[302],[307,308],"themegrill-demo-importer\u002Fdist\u002Fdashboard.js?ver=","themegrill-demo-importer\u002Fdist\u002Fdashboard.css?ver=",{"cssClasses":310,"htmlComments":312,"htmlAttributes":313,"restEndpoints":314,"jsGlobals":316,"shortcodeOutput":318},[311],"tg-demo-importer",[],[],[315],"\u002Fwp-json\u002Fthemegrill-demos\u002Fv1",[317],"__TDI_DASHBOARD__",[]]