Does Dashboard Commander have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Dashboard Commander compatible with WordPress 6.5.8?

According to WordPress.org data, Dashboard Commander 1.0.3 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Dashboard Commander updated?

Dashboard Commander was last updated on Apr 5, 2024. Frequent updates are generally a positive security signal.

What is Dashboard Commander's security score?

Dashboard Commander has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dashboard Commander Security & Risk Analysis

wordpress.org/plugins/dashboard-commander

Command your admin dashboard. Manage built-in widgets and dynamically registered widgets. Hide widgets depending upon user capabilities.

900 active installs v1.0.3 PHP + WP 2.9.2+ Updated Apr 5, 2024

admincommanddashboardmanagewidgets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Dashboard Commander Safe to Use in 2026?

Generally Safe

Score 85/100

Dashboard Commander has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The plugin "dashboard-commander" v1.0.3 exhibits a generally strong security posture based on the static analysis. The absence of any entry points like AJAX handlers, REST API routes, or shortcodes significantly limits the potential attack surface. Furthermore, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and having no recorded vulnerabilities or CVEs. This history suggests a well-maintained and secure codebase over time.

However, a key concern arises from the output escaping. With only 33% of the 6 total outputs properly escaped, there's a significant risk of Cross-Site Scripting (XSS) vulnerabilities. While the attack surface is minimal, a successful XSS attack could still lead to account compromise, data theft, or other malicious actions, especially if a privileged user triggers it. The presence of only one capability check and zero nonce checks also indicates potential weaknesses in authorization and CSRF protection mechanisms, though the limited attack surface mitigates the immediate impact.

Key Concerns

Low output escaping percentage
No nonce checks
Limited capability checks

Vulnerabilities

None known

Dashboard Commander Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Dashboard Commander Release Timeline

v1.0.3Current

v1.0.2

v1.0.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Dashboard Commander Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

33% escaped6 total outputs

Attack Surface

Dashboard Commander Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionwp_dashboard_setupdashboard-commander.php:28

actionadmin_initdashboard-commander.php:29

actionadmin_menudashboard-commander.php:30

actionadmin_noticesdashboard-commander.php:31

Maintenance & Trust

Dashboard Commander Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedApr 5, 2024

PHP min version

Downloads35K

Community Trust

Rating96/100

Number of ratings8

Active installs900

Alternatives

Dashboard Commander Alternatives

ABD Dashboard Widget Manager

abd-dashboard-widget-manager

Customize your WordPress administrator dashboard. You can choose which admin widgets to display, the user roles, and add your own dashboard content.

300 No CVEs

Admin Notices Manager

admin-notices-manager

Better manage admin notices & never miss important developer messages!

10K 1 CVE

Widget Disable

wp-widget-disable

Disable sidebar and dashboard widgets with an easy to use interface.

10K No CVEs

Dashboard Widget Sidebar

dashboard-widget-sidebar

Enable regulare widgets to be used as Dashboard Widgets in admin.

400 1 unpatched

Remove WP Dashboard Extra Widgets

wp-remove-dashboard-extra-widgets

Removes the WordPress dashboard widgets that are extra and useless for some users i.e. plugins, wp blog news etc

50 No CVEs

Developer Profile

Dashboard Commander Developer Profile

Josh Hartman

3 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Dashboard Commander

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ