CVE-2026-3140 Ultimate Dashboard <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation

The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'handlemoduleactions' function. This makes it possible for unauthenticated attackers to toggle plugin...

CVE-2026-3140 Ultimate Dashboard <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation

The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'handlemoduleactions' function. This makes it possible for unauthenticated attackers to toggle plugin...

CVE-2026-3140

The Ultimate Dashboard plugin for WordPress is affected by a Cross-Site Request Forgery in versions up to 3.8.14 due to a flawed nonce validation conditional in the handle_module_actions function, enabling unauthenticated attackers to toggle plugin modules by tricking a site administrator into pe...

WordPress Ultimate Dashboard – Custom WordPress Dashboard plugin <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation vulnerability

Cross-Site Request Forgery to Module Activation/Deactivation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Ultimate Dashboard versions = 3.8.14...

CVE-2025-8999

CVE-2025-8999 documents a vulnerability in the WordPress Sydney theme (versions

CVE-2025-2276 Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation

The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlemoduleactions function in all versions up to, and including, 3.8.7. This makes it possible for authenticated attackers, with...