Vulnerabilities and security researches forblaze-demo-importer blaze-demo-importer

Oct 12, 2025

CVE, Research URL: CVE-2025-8446
Home page URL: Security reports for Blaze Demo Importer
Application: Blaze Demo Importer
Date: Sep 16, 2025
Research Description: The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate a limited number of specific plugins. The News Kit Elementor Addons plugin and a BlazeThemes theme must be installed and activated in order to exploit the vulnerability.
Affected versions: max 1.0.13.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-13334
Home page URL: Security reports for Blaze Demo Importer
Application: Blaze Demo Importer
Date: Dec 12, 2025
Research Description: The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze_demo_importer_install_demo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with subscriber level access and above, to reset the database by truncating all tables (except options, usermeta, and users), delete all sidebar widgets, theme modifications, and content of the uploads folder.
Affected versions: max 1.0.14.
Status: vulnerable