Does WPElemento Importer have any unpatched vulnerabilities?

No. All known vulnerabilities in WPElemento Importer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPElemento Importer compatible with WordPress 6.9.4?

According to WordPress.org data, WPElemento Importer 0.6.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WPElemento Importer compatible with PHP 7.2+?

WPElemento Importer requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPElemento Importer updated?

WPElemento Importer was last updated on Feb 13, 2026. Frequent updates are generally a positive security signal.

What is WPElemento Importer's security score?

WPElemento Importer has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPElemento Importer Security & Risk Analysis

wordpress.org/plugins/wpelemento-importer

Effortlessly set up WordPress themes with WPelemento Importer. One-click demo imports, Elementor compatibility, and support for diverse themes.

10K active installs v0.6.7 PHP 7.2+ WP 5.2+ Updated Feb 13, 2026

one-click-demo-importtemplateswebsite-builder

A · Safe

CVEs total1

Unpatched0

Last CVEJan 24, 2026

Download

Safety Verdict

Is WPElemento Importer Safe to Use in 2026?

Generally Safe

Score 99/100

WPElemento Importer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 24, 2026Updated 1mo ago

Risk Assessment

The plugin "wpelemento-importer" v0.6.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and has a high percentage of properly escaped output. The plugin also incorporates nonce and capability checks for a significant portion of its entry points. However, a considerable portion of its attack surface, specifically 8 out of 14 AJAX handlers, lacks proper authorization checks, presenting a significant risk.

The static analysis revealed a concerning taint flow with unsanitized paths, indicating a potential for injection vulnerabilities, though it was not classified as critical or high severity. The plugin's vulnerability history shows a single known CVE, which is currently patched. While the past vulnerability was of medium severity and related to missing authorization, the fact that it existed and is now patched is a point of attention. The presence of 12 external HTTP requests could also be a vector for supply chain attacks if not carefully managed.

In conclusion, while the plugin has strengths in data handling and output escaping, the significant number of unprotected AJAX handlers and the existence of a past authorization vulnerability are notable weaknesses. The taint analysis's indication of unsanitized paths warrants further investigation, even if not immediately critical. The overall risk is moderate, with the potential for escalation if the unprotected AJAX endpoints are exploited.

Key Concerns

8 unprotected AJAX handlers
Taint flow with unsanitized paths
1 medium severity CVE history
12 external HTTP requests

Vulnerabilities

WPElemento Importer Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-24996medium · 4.3Missing Authorization

WPElemento Importer <= 0.6.4 - Missing Authorization

Jan 24, 2026 Patched in 0.6.5 (10d)

Code Analysis

Analyzed Mar 16, 2026

WPElemento Importer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

240 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped253 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

wpelemento_importer_free_themes (theme-wizard\elemento_exporter_whizzie.php:303)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

WPElemento Importer Attack Surface

Entry Points14

Unprotected8

AJAX Handlers 14

authwp_ajax_bdi_admin_notice_ignoreclasses\bdi-notice.php:11

authwp_ajax_bdi_get_admin_noticesclasses\bdi-notice.php:12

authwp_ajax_get_collectionsmodal\modal.php:62

noprivwp_ajax_get_collectionsmodal\modal.php:63

authwp_ajax_get_filtered_productsmodal\modal.php:123

noprivwp_ajax_get_filtered_productsmodal\modal.php:124

authwp_ajax_setup_pluginstheme-wizard\elemento_exporter_whizzie.php:121

authwp_ajax_setup_widgetstheme-wizard\elemento_exporter_whizzie.php:122

authwp_ajax_wpelemento_importer_setup_themestheme-wizard\elemento_exporter_whizzie.php:123

authwp_ajax_wz_activate_elemento_exporter_protheme-wizard\elemento_exporter_whizzie.php:124

authwp_ajax_wpelemento_importer_setup_elementortheme-wizard\elemento_exporter_whizzie.php:125

authwp_ajax_templates_api_category_wisetheme-wizard\elemento_exporter_whizzie.php:126

authwp_ajax_wpelemento_importer_install_free_themetheme-wizard\elemento_exporter_whizzie.php:127

authwp_ajax_pagination_load_contenttheme-wizard\elemento_exporter_whizzie.php:128

WordPress Hooks 52

actionadmin_noticesclasses\bdi-notice.php:9

actionadmin_enqueue_scriptsclasses\bdi-notice.php:10

actionadmin_noticesclasses\upsell-notice.php:2

actionadmin_enqueue_scriptsclasses\upsell-notice.php:69

actionelementor/editor/after_enqueue_scriptsmodal\modal.php:2

actionadmin_initplugin.php:16

actioninitplugin.php:40

actionactivated_plugintheme-wizard\elemento_exporter_whizzie.php:111

actioninittheme-wizard\elemento_exporter_whizzie.php:113

actioninittheme-wizard\elemento_exporter_whizzie.php:114

actionadmin_enqueue_scriptstheme-wizard\elemento_exporter_whizzie.php:116

actionadmin_menutheme-wizard\elemento_exporter_whizzie.php:117

actionadmin_inittheme-wizard\elemento_exporter_whizzie.php:118

actionadmin_inittheme-wizard\elemento_exporter_whizzie.php:119

filterwpelemento_importer_tgmpa_loadtheme-wizard\elemento_exporter_whizzie.php:120

actionadmin_enqueue_scriptstheme-wizard\elemento_exporter_whizzie.php:129

actionactivated_plugintheme-wizard\setup-wizard-skip.php:5

actionadmin_inittheme-wizard\setup-wizard-skip.php:12

actionactivated_plugintheme-wizard\setup-wizard-skip.php:19

actionadmin_menutheme-wizard\setup-wizard-skip.php:30

actionadmin_inittheme-wizard\setup-wizard-skip.php:35

actionadmin_menutheme-wizard\setup-wizard-skip.php:44

actionadmin_inittheme-wizard\setup-wizard-skip.php:51

actionactivated_plugintheme-wizard\setup-wizard-skip.php:58

actionadmin_inittheme-wizard\setup-wizard-skip.php:66

filterwoocommerce_prevent_automatic_wizard_redirecttheme-wizard\setup-wizard-skip.php:73

actioninittheme-wizard\tgm\class-tgm-plugin-activation.php:272

filterload_textdomain_mofiletheme-wizard\tgm\class-tgm-plugin-activation.php:273

actioninittheme-wizard\tgm\class-tgm-plugin-activation.php:276

actionadmin_menutheme-wizard\tgm\class-tgm-plugin-activation.php:426

actionadmin_headtheme-wizard\tgm\class-tgm-plugin-activation.php:427

filterinstall_plugin_complete_actionstheme-wizard\tgm\class-tgm-plugin-activation.php:430

filterupdate_plugin_complete_actionstheme-wizard\tgm\class-tgm-plugin-activation.php:431

actionadmin_noticestheme-wizard\tgm\class-tgm-plugin-activation.php:434

actionadmin_inittheme-wizard\tgm\class-tgm-plugin-activation.php:435

actionadmin_enqueue_scriptstheme-wizard\tgm\class-tgm-plugin-activation.php:436

actionload-plugins.phptheme-wizard\tgm\class-tgm-plugin-activation.php:441

actionswitch_themetheme-wizard\tgm\class-tgm-plugin-activation.php:444

actionswitch_themetheme-wizard\tgm\class-tgm-plugin-activation.php:447

actionadmin_inittheme-wizard\tgm\class-tgm-plugin-activation.php:452

actionswitch_themetheme-wizard\tgm\class-tgm-plugin-activation.php:457

actionadmin_headtheme-wizard\tgm\class-tgm-plugin-activation.php:461

actionload_textdomain_mofiletheme-wizard\tgm\class-tgm-plugin-activation.php:483

filterupgrader_source_selectiontheme-wizard\tgm\class-tgm-plugin-activation.php:899

actionplugins_loadedtheme-wizard\tgm\class-tgm-plugin-activation.php:2166

filterwpelemento_importer_tgmpa_table_data_itemstheme-wizard\tgm\class-tgm-plugin-activation.php:2290

filterupgrader_source_selectiontheme-wizard\tgm\class-tgm-plugin-activation.php:3034

actionadmin_inittheme-wizard\tgm\class-tgm-plugin-activation.php:3205

actionupgrader_process_completetheme-wizard\tgm\class-tgm-plugin-activation.php:3300

filterupgrader_post_installtheme-wizard\tgm\class-tgm-plugin-activation.php:3359

filterupgrader_post_installtheme-wizard\tgm\class-tgm-plugin-activation.php:3509

actionwpelemento_importer_tgmpa_registertheme-wizard\tgm\tgm.php:42

Maintenance & Trust

WPElemento Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 13, 2026

PHP min version7.2

Downloads252K

Community Trust

Rating0/100

Number of ratings0

Active installs10K

Alternatives

WPElemento Importer Alternatives

Ibtana – WordPress Website Builder

ibtana-visual-editor

Build your dream WordPress website with Ibtana, a powerful website builder with customizable templates and drag-and-drop elements for customization.

20K 1 unpatched

Mizan Demo Importer

mizan-demo-importer

Easily import demo data for Mizan Themes with one click. Fully Elementor compatible, it sets up plugins, images, content, and settings seamlessly!

1K 1 CVE

ST Demo Importer

st-demo-importer

100

ST Demo Importer is a WordPress plugin for Elementor, enabling fast import of pre-designed themes and templates, saving time in website creation.

700 No CVEs

Easy Demo Import for Omega Themes

easy-demo-import-for-omega-themes

100

A lightweight One-Click Demo Import plugin built specifically for Omega Themes. Easily import demo content, widgets, and settings with a single click.

300 No CVEs

Sirat Demo Importer

sirat-demo-importer

100

Sirat Demo Importer

10 No CVEs

Developer Profile

WPElemento Importer Developer Profile

wpelemento

79 plugins · 19K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

1012 days

View full developer profile

Detection Fingerprints

How We Detect WPElemento Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpelemento-importer/assets/css/bdi-notice.css/wp-content/plugins/wpelemento-importer/assets/js/bdi-notice.js/wp-content/plugins/wpelemento-importer/assets/css/admin-notice-style.css/wp-content/plugins/wpelemento-importer/assets/js/modal-script.js

Version Parameters

wpelemento-importer/assets/css/bdi-notice.css?ver=wpelemento-importer/assets/js/bdi-notice.js?ver=wpelemento-importer/assets/css/admin-notice-style.css?ver=wpelemento-importer/assets/js/modal-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

bdi-admin-noticeupsell-noticeele-banner-mainele-banner-main-contentele-banner-headingele-banner-paraele-banner-buttonele-banner-pre-btn+2 more

Data Attributes

data-id

JS Globals

bdi_notice_paramsWPEI_THEME_LICENCE_ENDPOINTwp_elemento_templates_enqueue_scripts

REST Endpoints

/wp-json/ibtana-licence/v2/get_client_admin_notices_for_client/wp-json/wpelemento-importer/v1/get_elemento_premium_theme_details

FAQ

WPElemento Importer Security & Risk Analysis

Is WPElemento Importer Safe to Use in 2026?

Generally Safe

Key Concerns

WPElemento Importer Security Vulnerabilities

CVEs by Year

Severity Breakdown

WPElemento Importer Code Analysis

Output Escaping

Data Flow Analysis

WPElemento Importer Attack Surface

AJAX Handlers 14

WPElemento Importer Maintenance & Trust

Maintenance Signals

Community Trust

WPElemento Importer Alternatives

Ibtana – WordPress Website Builder

Mizan Demo Importer

ST Demo Importer

Easy Demo Import for Omega Themes

Sirat Demo Importer

WPElemento Importer Developer Profile

How We Detect WPElemento Importer

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WPElemento Importer