CVE-2025-2276 Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation

The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlemoduleactions function in all versions up to, and including, 3.8.7. This makes it possible for authenticated attackers, with...