All 3 CVE vulnerabilities found in Ultimate Dashboard – Custom WordPress Dashboard, with AI-generated Chinese analysis, references, and POCs.
Vendor: davidvongries
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-2276 | Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation CWE-862 | 4.3 | Medium | 2025-03-25 |
| CVE-2023-50828 | WordPress Ultimate Dashboard Plugin <= 3.7.11 is vulnerable to Cross Site Scripting (XSS) CWE-79 | 5.9 | Medium | 2023-12-21 |
| CVE-2023-4726 | Ultimate Dashboard <= 3.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CWE-79 | 4.4 | Medium | 2023-11-22 |
All 3 known CVE vulnerabilities affecting Ultimate Dashboard – Custom WordPress Dashboard with full Chinese analysis, references, and POCs where available.