Ultimate Dashboard Security Vulnerabilities and Issues — Ultimate Dashboard CVE List

Lucene search

DavidvongriesUltimate Dashboard

5 matches found

CVE•added 2023/11/22 4:15 p.m.•97 views

CVE-2023-4726

The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS4.9AI score0.00101EPSS

CVE•added 2025/04/17 6:15 a.m.•56 views

CVE-2025-1523

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

3.5CVSS5.4AI score0.00046EPSS

CVE•added 2023/12/21 3:15 p.m.•55 views

CVE-2023-50828

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11.

5.9CVSS5.6AI score0.00116EPSS

CVE•added 2025/04/17 6:15 a.m.•53 views

CVE-2025-1525

3.5CVSS5.4AI score0.00046EPSS

CVE•added 2025/04/17 6:15 a.m.•49 views

CVE-2025-1524

3.5CVSS5.4AI score0.00046EPSS