Data Modification Vulnerability in Ultimate Dashboard Plugin for WordPress
CVE-2025-2276
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 26 March 2025
What is CVE-2025-2276?
The Ultimate Dashboard plugin for WordPress is susceptible to unauthorized modifications due to a lack of capability checks in the handle_module_actions function. This flaw affects all versions up to and including 3.8.7, permitting authenticated users with Subscriber-level access or higher to activate or deactivate plugin modules without proper permissions, potentially compromising site functionality and security.
Affected Version(s)
Ultimate Dashboard – Custom WordPress Dashboard * <= 3.8.7