Primary

Context

Ultimate Dashboard WordPress Plugin Missing Authorization Vulnerability in Module Management

Vulnerability

Patched

A vulnerability exists in the Ultimate Dashboard - Custom WordPress Dashboard plugin, affecting all versions through 3.8.7. The issue arises from a lack of proper capability checks in the handle_module_actions function, allowing authenticated attackers with Subscriber-level access or higher to unauthorizedly activate or deactivate plugin modules.

Impact

Exploitation of this vulnerability allows for unauthorized activation or deactivation of plugin modules by authenticated users with Subscriber-level access or above.

Remediation

Users are advised to update the Ultimate Dashboard plugin to version 3.8.8 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ultimate Dashboard WordPress Plugin Missing Authorization Vulnerability in Module Management

Vulnerability

Impact

Remediation

Affected Products

Ultimate Dashboard

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating