Does Dashboard Notepad have any unpatched vulnerabilities?

Yes — Dashboard Notepad currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Dashboard Notepad compatible with WordPress 4.1.42?

According to WordPress.org data, Dashboard Notepad 1.42 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is Dashboard Notepad updated?

Dashboard Notepad was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Dashboard Notepad's security score?

Dashboard Notepad has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dashboard Notepad Security & Risk Analysis

wordpress.org/plugins/dashboard-notepad

The very simplest of notepads for your Dashboard.

10K active installs v1.42 PHP + WP 2.8+ Updated Nov 28, 2017

dashboardnoteswidget

C · Use Caution

CVEs total1

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Dashboard Notepad Safe to Use in 2026?

Use With Caution

Score 63/100

Dashboard Notepad has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 8yr ago

Risk Assessment

The 'dashboard-notepad' plugin exhibits a mixed security posture. While its static analysis shows good practices such as 100% prepared statement usage for SQL queries and capability checks on all identified output points, there are significant concerns. The absence of nonce checks is a notable weakness, potentially leaving the plugin vulnerable to cross-site request forgery attacks, especially given its past vulnerability history. Furthermore, the vulnerability history reveals a concerning pattern of a known unpatched medium severity vulnerability, indicating a lack of ongoing maintenance and security responsiveness. The fact that a CVE exists and is unpatched is a critical flag, outweighing some of the positive static analysis findings. The plugin's attack surface is minimal, which is a positive, but the presence of a single shortcode without explicit nonce checks creates a potential entry point for exploitation.

Key Concerns

Unpatched CVE exists
Missing nonce checks
Medium severity vulnerability history

Vulnerabilities

Dashboard Notepad Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-57927medium · 4.3Cross-Site Request Forgery (CSRF)

Dashboard Notepad <= 1.42 - Cross-Site Request Forgery

Sep 22, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Dashboard Notepad Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

71% escaped7 total outputs

Attack Surface

Dashboard Notepad Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[dashboard_notes] dashboard-notepad.php:179

WordPress Hooks 5

actionadmin_head-index.phpdashboard-notepad.php:66

actionwp_dashboard_setupdashboard-notepad.php:67

filteredit_dashboard_notesdashboard-notepad.php:184

filterread_dashboard_notesdashboard-notepad.php:185

filtermembers_get_capabilitiesdashboard-notepad.php:189

Maintenance & Trust

Dashboard Notepad Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedNov 28, 2017

PHP min version

Downloads93K

Community Trust

Rating92/100

Number of ratings12

Active installs10K

Alternatives

Dashboard Notepad Alternatives

Dashboard Widgets Suite

dashboard-widgets-suite

Adds 9 awesome widgets to your WP Dashboard. Includes User Notes, Social Buttons, System Info, Debug/Error Logs, and more!

4K 3 CVEs

Dashboard Scratch Pad

dashboard-scratch-pad

A plugin that adds a scratch pad to your dashboard

0 No CVEs

Dashboard Welcome for Elementor

dashboard-welcome-for-elementor

100

Replaces the default WordPress dashboard welcome panel with custom designed Elementor template.

20K 1 CVE

Error Log Monitor

error-log-monitor

Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.

20K 1 CVE

WP Dashboard Notes

wp-dashboard-notes

Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user …

20K 3 CVEs

Developer Profile

Dashboard Notepad Developer Profile

Stephanie Leary

16 plugins · 17K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

2856 days

View full developer profile

Detection Fingerprints

How We Detect Dashboard Notepad

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dashboard-notepad/css/dashboard-notepad.css

Version Parameters

dashboard-notepad/css/dashboard-notepad.css?ver=dashboard-notepad/js/dashboard-notepad.js?ver=

HTML / DOM Fingerprints

CSS Classes

dashboard-role-columndashboard-note-clear

Data Attributes

id="dashboard_notepad"name="dashboard_notepad"id="notepad_title"name="notepad_title"id="notepad_size"name="notepad_size"+3 more

Shortcode Output

[dashboard_notes]

FAQ