WP-Safety

WPHobby Demo Import Security & Risk Analysis

wordpress.org/plugins/wphobby-demo-import

Import Demo content, widgets and theme settings for wphobby themes

10 active installs v1.1.2 PHP + WP 4.0+ Updated Mar 18, 2022
contentdatademoimportwidgets
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPHobby Demo Import Safe to Use in 2026?

Generally Safe

Score 85/100

WPHobby Demo Import has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "wphobby-demo-import" plugin v1.1.2 exhibits a generally good security posture based on the provided static analysis. All identified AJAX endpoints include nonce checks, and all SQL queries utilize prepared statements, which significantly mitigates common vulnerabilities. The high percentage of properly escaped output further strengthens its defense against cross-site scripting (XSS) attacks. However, the presence of dangerous functions like 'ini_set' and 'set_time_limit' within the code signals a potential for configuration manipulation or denial-of-service (DoS) attacks if not handled with extreme care and strict input validation, though no specific exploitable flows were identified in the taint analysis.

The plugin has no recorded vulnerability history, which is a very positive indicator of its past security and the diligence of its developers. This lack of historical issues suggests a consistent effort to maintain security. While the absence of critical or high-severity taint flows is reassuring, the use of potentially dangerous functions without direct evidence of their misuse warrants a slight caution. The overall assessment is positive, but the limited number of dangerous function calls should be monitored for any future updates or potential misconfigurations.

Key Concerns

  • Dangerous functions found (ini_set, set_time_limit)
  • Bundled library (Freemius v1.0) might be outdated
Vulnerabilities
None known

WPHobby Demo Import Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WPHobby Demo Import Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

WPHobby Demo Import Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
15 prepared
Unescaped Output
8
59 escaped
Nonce Checks
18
Capability Checks
15
File Operations
7
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

ini_setini_set( 'output_buffering', 'off' );includes/importers/wxr-importer/class-whdi-wxr-importer.php:198
ini_setini_set( 'zlib.output_compression', false );includes/importers/wxr-importer/class-whdi-wxr-importer.php:199
set_time_limitset_time_limit( 0 );includes/importers/wxr-importer/class-whdi-wxr-importer.php:220

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared15 total queries

Output Escaping

88% escaped67 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

5 flows
import_start (includes/class-whdi-importer.php:84)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPHobby Demo Import Attack Surface

Entry Points15
Unprotected0

AJAX Handlers 15

authwp_ajax_whdi-import-set-site-dataincludes/class-whdi-importer.php:59
authwp_ajax_whdi-import-wpformsincludes/class-whdi-importer.php:60
authwp_ajax_whdi-import-customizer-settingsincludes/class-whdi-importer.php:61
authwp_ajax_whdi-import-prepare-xmlincludes/class-whdi-importer.php:62
authwp_ajax_whdi-import-optionsincludes/class-whdi-importer.php:63
authwp_ajax_whdi-import-widgetsincludes/class-whdi-importer.php:64
authwp_ajax_whdi-import-endincludes/class-whdi-importer.php:65
authwp_ajax_whdi-sites-delete-postsincludes/class-whdi-importer.php:68
authwp_ajax_whdi-sites-delete-wp-formsincludes/class-whdi-importer.php:69
authwp_ajax_whdi-activate-themeincludes/class-whdi-init.php:68
authwp_ajax_whdi-required-pluginsincludes/class-whdi-init.php:69
authwp_ajax_whdi-required-plugin-activateincludes/class-whdi-init.php:70
authwp_ajax_whdi-backup-settingsincludes/class-whdi-init.php:71
authwp_ajax_whdi-set-reset-dataincludes/class-whdi-init.php:72
authwp_ajax_whdi-wxr-importincludes/importers/wxr-importer/class-whdi-wxr-importer.php:54
WordPress Hooks 36
actionadmin_menuincludes/class-whdi-admin.php:51
actionadmin_initincludes/class-whdi-importer-log.php:59
actionwhdi_import_startincludes/class-whdi-importer-log.php:82
actioninitincludes/class-whdi-importer.php:71
actionplugins_loadedincludes/class-whdi-init.php:61
actionadmin_enqueue_scriptsincludes/class-whdi-init.php:62
actionadmin_noticesincludes/class-whdi-init.php:63
filterwp_import_post_metaincludes/compatibility/elementor/class-whdi-compatibility-elementor.php:62
filterwxr_importer.pre_process.post_metaincludes/compatibility/elementor/class-whdi-compatibility-elementor.php:63
actionwhdi_before_delete_imported_postsincludes/compatibility/elementor/class-whdi-compatibility-elementor.php:66
actionwhdi_import_completeincludes/importers/batch-processing/class-whdi-batch-processing.php:72
filtercron_schedulesincludes/importers/batch-processing/helpers/class-wp-background-process.php:65
filterwie_import_dataincludes/importers/class-whdi-helper.php:46
filterwp_prepare_attachment_for_jsincludes/importers/class-whdi-helper.php:47
filterupload_mimesincludes/importers/wxr-importer/class-whdi-wxr-importer.php:53
filterwxr_importer.pre_process.userincludes/importers/wxr-importer/class-whdi-wxr-importer.php:55
filterwxr_importer.pre_process.postincludes/importers/wxr-importer/class-whdi-wxr-importer.php:56
filterwp_check_filetype_and_extincludes/importers/wxr-importer/class-whdi-wxr-importer.php:59
filterwp_check_filetype_and_extincludes/importers/wxr-importer/class-whdi-wxr-importer.php:61
filterwxr_importer.pre_process.userincludes/importers/wxr-importer/class-whdi-wxr-importer.php:228
actionwxr_importer.processed.postincludes/importers/wxr-importer/class-whdi-wxr-importer.php:231
actionwxr_importer.process_failed.postincludes/importers/wxr-importer/class-whdi-wxr-importer.php:232
actionwxr_importer.process_already_imported.postincludes/importers/wxr-importer/class-whdi-wxr-importer.php:233
actionwxr_importer.process_skipped.postincludes/importers/wxr-importer/class-whdi-wxr-importer.php:234
actionwxr_importer.processed.commentincludes/importers/wxr-importer/class-whdi-wxr-importer.php:235
actionwxr_importer.process_already_imported.commentincludes/importers/wxr-importer/class-whdi-wxr-importer.php:236
actionwxr_importer.processed.termincludes/importers/wxr-importer/class-whdi-wxr-importer.php:237
actionwxr_importer.process_failed.termincludes/importers/wxr-importer/class-whdi-wxr-importer.php:238
actionwxr_importer.process_already_imported.termincludes/importers/wxr-importer/class-whdi-wxr-importer.php:239
actionwxr_importer.processed.userincludes/importers/wxr-importer/class-whdi-wxr-importer.php:240
actionwxr_importer.process_failed.userincludes/importers/wxr-importer/class-whdi-wxr-importer.php:241
actionwxr_importer.processed.postincludes/importers/wxr-importer/class-whdi-wxr-importer.php:244
actionwxr_importer.processed.termincludes/importers/wxr-importer/class-whdi-wxr-importer.php:245
filterimport_post_meta_keyincludes/importers/wxr-importer/class-wxr-importer.php:322
filterhttp_request_timeoutincludes/importers/wxr-importer/class-wxr-importer.php:323
actionplugins_loadedwphobby-demo-import.php:51
Maintenance & Trust

WPHobby Demo Import Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedMar 18, 2022
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WPHobby Demo Import Alternatives

Rara One Click Demo Import

Rara One Click Demo Import

rara-one-click-demo-import

A
91

Make your website look like the live demo of the theme with a click!

20K 1 CVE
SKT Themes Demo Import

SKT Themes Demo Import

skt-themes-demo-importer

A
100

Live demo content can be imported quickly in just one click including all widgets and settings.

5K No CVEs
Theme Demo Import

Theme Demo Import

theme-demo-import

D
49

Quickly import demo content, widgets and settings in one click. Made for theme authors to simplify importing demo content for their users.

5K 2 unpatched
Fable Extra

Fable Extra

fable-extra

A
94

Used for WP Fable Themes.

4K 3 CVEs
Starter Templates by Gradient Themes

Starter Templates by Gradient Themes

gradient-starter-templates

A
100

Setup you site with dummy data easily. Import settings, widgets and content with one click. Your dummy data must have ZIP file of xml, dat and wie fi …

3K No CVEs
Developer Profile

WPHobby Demo Import Developer Profile

wphobby

16 plugins · 220 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPHobby Demo Import

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wphobby-demo-import/assets/css/font-awesome.min.css/wp-content/plugins/wphobby-demo-import/assets/css/admin.css/wp-content/plugins/wphobby-demo-import/assets/js/admin.js/wp-content/plugins/wphobby-demo-import/assets/js/notice.js/wp-content/plugins/wphobby-demo-import/assets/js/render-grid.js
Script Paths
wp-content/plugins/wphobby-demo-import/assets/js/admin.jswp-content/plugins/wphobby-demo-import/assets/js/notice.jswp-content/plugins/wphobby-demo-import/assets/js/render-grid.js
Version Parameters
wphobby-demo-import/assets/css/font-awesome.min.css?ver=wphobby-demo-import/assets/css/admin.css?ver=wphobby-demo-import/assets/js/admin.js?ver=wphobby-demo-import/assets/js/notice.js?ver=wphobby-demo-import/assets/js/render-grid.js?ver=

HTML / DOM Fingerprints

CSS Classes
whdi-sites-xml-notice
Data Attributes
data-whdi-ajax-url
JS Globals
WHDIApi
FAQ

Frequently Asked Questions about WPHobby Demo Import