Ultimate Dashboard – Custom WordPress Dashboard

Vulnerabilities 11Slug ultimate-dashboardLatest version 3.8.16WordPress.org →

Minimum safe version

3.8.15

Update to 3.8.15 or later to address 11 fixable vulnerabilities

Latest available3.8.16 ✓

Medium 4.3

2026-05-01< 3.8.15

CVE-2026-3140

CVE Wordfence

Low 3.5

2025-04-17< 3.8.6

Ultimate Dashboard <= 3.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

EUVD Wordfence CVE

Low 3.5

2025-04-17< 3.8.6

Ultimate Dashboard <= 3.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

EUVD Wordfence CVE

Low 3.5

2025-04-17< 3.8.6

Ultimate Dashboard <= 3.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

EUVD Wordfence CVE

Medium 4.3

2025-03-25< 3.8.8

WordPress Ultimate Dashboard Plugin <= 3.8.7 is vulnerable to Broken Access Control

Patchstack EUVD Wordfence CVE Wordfence

Medium 5.9

2024-12-19< 3.7.12

WordPress Ultimate Dashboard Plugin <= 3.7.11 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence WPScan

Low 3.7

2024-06-04< 3.7.11

CVE-2023-49822

CVE Patchstack Wordfence WPScan

Medium 4.8

2023-11-22< 3.7.8

CVE-2023-4726

CVE Wordfence Patchstack WPScan

Medium 4.8

2023-06-19< 3.7.6

CVE-2023-2812

CVE WPScan

N/A

2023-05-23< 3.7.6

WordPress Ultimate Dashboard Plugin < 3.7.6 is vulnerable to Cross Site Scripting (XSS)

Patchstack

N/A

2023-05-21< 3.7.6

Ultimate Dashboard <= 3.7.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings

Wordfence