| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-2276 | Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation | davidvongries | Ultimate Dashboard – Custom WordPress Dashboard | Medium | 4.3 | 2025-03-25 23:22:01 | Deep Dive |
| CVE-2025-28912 | WordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability | Muntasir Rahman | Custom Dashboard Page | Medium | 4.3 | 2025-03-11 21:00:58 | Deep Dive |
| CVE-2024-13390 | ADFO – Custom data in admin dashboard <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | giuliopanda | ADFO – Custom data in admin dashboard | Medium | 6.4 | 2025-02-19 07:32:07 | Deep Dive |
| CVE-2025-25135 | WordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerability | Victor Barkalov | Custom Links On Admin Dashboard Toolbar | High | 7.1 | 2025-02-07 10:11:52 | Deep Dive |
| CVE-2024-56024 | WordPress Custom Dashboard Widget plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | DuoGeek | Custom Dashboard Widget | High | 7.1 | 2025-01-02 12:01:13 | Deep Dive |
| CVE-2024-51860 | WordPress Custom Dashboard Widget plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability | DuoGeek | Custom Dashboard Widget | Medium | 6.5 | 2024-11-19 16:31:29 | Deep Dive |
| CVE-2024-8959 | WP Adminify – Best WordPress Custom Dashboard Plugin <= 4.0.1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | litonice13 | WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer | Medium | 6.4 | 2024-10-24 11:34:09 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-4104 | ADFO – Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting | giuliopanda | ADFO – Custom data in admin dashboard | Medium | 6.1 | 2024-05-09 20:03:41 | Deep Dive |
| CVE-2024-4103 | ADFO – Custom data in admin dashboard <= 1.9.0 - Cross-Site Request Forgery | giuliopanda | ADFO – Custom data in admin dashboard | Medium | 4.3 | 2024-05-09 20:03:33 | Deep Dive |
| CVE-2024-22290 | WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) | AboZain,O7abeeb,UnitOne | Custom Dashboard Widgets | High | 7.1 | 2024-01-31 11:56:24 | Deep Dive |
| CVE-2023-52128 | WordPress White Label Plugin <= 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF) | WhiteWP | White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard | Medium | 4.3 | 2024-01-05 08:49:17 | Deep Dive |
| CVE-2023-50828 | WordPress Ultimate Dashboard Plugin <= 3.7.11 is vulnerable to Cross Site Scripting (XSS) | David Vongries | Ultimate Dashboard – Custom WordPress Dashboard | Medium | 5.9 | 2023-12-21 14:50:26 | Deep Dive |
| CVE-2023-4726 | Ultimate Dashboard <= 3.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings | davidvongries | Ultimate Dashboard – Custom WordPress Dashboard | Medium | 4.4 | 2023-11-22 15:33:29 | Deep Dive |
| CVE-2021-24944 | Custom Dashboard & Login Page < 7.0 - Admin+ Stored Cross-Site Scripting | Unknown | Custom Dashboard & Login Page – AGCA | 中危 | - | 2022-02-01 12:21:33 | Deep Dive |
| CVE-2021-24658 | Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS) | Libin V Babu | Erident Custom Login and Dashboard | 中危 | - | 2021-08-23 11:10:20 | Deep Dive |