[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpEj4tZenvzBD1UO2CQyV0zR8zzpVOj-R48tsX6Qes_o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":51,"analysis":154,"fingerprints":230},"dashboard-widget-sidebar","Dashboard Widget Sidebar","1.2.3","Morten Dalgaard Johansen","https:\u002F\u002Fprofiles.wordpress.org\u002Fiosoftgame\u002F","\u003Cp>Enable regulare widgets to be used as Dashboard Widgets in admin.\u003C\u002Fp>\n\u003Cp>This plugin adds a new widget area to the Appearance -> Widgets section in WordPress admin, from where you can add regulare widgets to the WordPress admin dashboard.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n","Enable regulare widgets to be used as Dashboard Widgets in admin.",400,12968,100,8,"2015-04-21T07:32:00.000Z","4.2.39","3.3","",[20,21,22,23,24],"admin","dashboard","dashboard-widget","widget","widgets","http:\u002F\u002Fwww.iosoftgame.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-widget-sidebar.1.2.3.zip",63,1,"2025-06-27 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-53293","dashboard-widget-sidebar-missing-authorization","Dashboard Widget Sidebar \u003C= 1.2.3 - Missing Authorization","The Dashboard Widget Sidebar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.",null,"\u003C=1.2.3","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-07-01 19:37:08",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F02b91de7-3d1f-46c7-9a76-f1200926149a?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"iosoftgame",30,68,"2026-04-05T02:38:56.336Z",[52,75,98,116,137],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":71,"download_link":72,"security_score":73,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"wp-widget-disable","Widget Disable","3.0.1","required","https:\u002F\u002Fprofiles.wordpress.org\u002Fwearerequired\u002F","\u003Cp>This simple plugin allows you to disable any sidebar and dashboard widget for the current WordPress site you are on. It provides a simple user interface available to users with \u003Ccode>edit_theme_options\u003C\u002Fcode> capabilities (usually Administrator role) available under Appearance -> Disable Widgets.\u003Cbr \u002F>\nAfter saving the settings, the sidebar and dashboard widgets are removed from and the user can’t see those widgets anymore.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developer? Get to know the hooks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Have a look at the filters we provide:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp_widget_disable_default_sidebar_widgets\u003C\u002Fcode> – Allows you to exclude certain sidebar widgets from being disabled.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_widget_disable_default_dashboard_widgets\u003C\u002Fcode> – Allows you to exclude certain dashboard widgets from being disabled.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Contributions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you would like to contribute to this plugin, report an issue or anything like that, please note that we develop this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwearerequired\u002FWP-Widget-Disable\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Frequired.com\u002F\" title=\"Team of experienced web professionals from Switzerland & Germany\" rel=\"nofollow ugc\">required\u003C\u002Fa>\u003C\u002Fp>\n","Disable sidebar and dashboard widgets with an easy to use interface.",10000,185111,96,24,"2024-11-18T13:40:00.000Z","6.7.5","6.0","7.4",[20,21,69,70,24],"dashboard-widgets","sidebar-widgets","https:\u002F\u002Frequired.com\u002Fservices\u002Fwordpress-plugins\u002Fwp-widget-disable\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-widget-disable.3.0.1.zip",92,0,{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":67,"tags":90,"homepage":94,"download_link":95,"security_score":96,"vuln_count":28,"unpatched_count":74,"last_vuln_date":97,"fetched_at":30},"error-log-monitor","Error Log Monitor","1.7.12","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>This plugin adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send you email notifications about newly logged errors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically detects error log location.\u003C\u002Fli>\n\u003Cli>Explains how to configure PHP error logging if it’s not enabled yet.\u003C\u002Fli>\n\u003Cli>The number of displayed log entries is configurable.\u003C\u002Fli>\n\u003Cli>Sends you email notifications about logged errors (optional).\u003C\u002Fli>\n\u003Cli>Configurable email address and frequency.\u003C\u002Fli>\n\u003Cli>You can easily clear the log file.\u003C\u002Fli>\n\u003Cli>The dashboard widget is only visible to administrators.\u003C\u002Fli>\n\u003Cli>Optimized to work well even with very large log files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once you’ve installed the plugin, go to the Dashboard and enable the “PHP Error Log” widget through the “Screen Options” panel. The widget should automatically display the last 20 lines from your PHP error log. If you see an error message like “Error logging is disabled” instead, follow the displayed instructions to configure error logging.\u003C\u002Fp>\n\u003Cp>Email notifications are disabled by default. To enable them, click the “Configure” link in the top-right corner of the widget and enter your email address in the “Periodically email logged errors to:” box. If desired, you can also change email frequency by selecting the minimum time interval between emails from the “How often to send email” drop-down.\u003C\u002Fp>\n","Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.",20000,631204,86,48,"2025-10-01T15:12:00.000Z","6.8.5","4.5",[20,91,22,92,93],"administration","error-reporting","php","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2012\u002F07\u002F25\u002Ferror-log-monitor-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ferror-log-monitor.1.7.12.zip",99,"2019-02-25 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":62,"num_ratings":14,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":114,"download_link":115,"security_score":73,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"dashboard-commander","Dashboard Commander","1.0.3","Josh Hartman","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshhartman\u002F","\u003Cp>Command your admin dashboard. Manage built-in widgets (Right Now, Recent Comments, etc.) and dynamically registered widgets (Google Analytics Summary, WP E-Commerce Dashboard, etc.). Hide widgets depending upon user capabilities.\u003C\u002Fp>\n\u003Cp>This plugin is based upon Dave Kinkead’s Dashboard Heaven plugin and extends it to support dynamically registered widgets, such as dashboard widgets that are added by a plugin.\u003C\u002Fp>\n\u003Cp>After installation access to all dashboard widgets is removed, then you can use the options at Settings > Dashboard Commander to configure the minimum access level for each widget.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7YBOm5ov3vs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Command your admin dashboard. Manage built-in widgets and dynamically registered widgets. Hide widgets depending upon user capabilities.",900,34553,"2024-04-05T06:01:00.000Z","6.5.8","2.9.2",[20,112,21,113,24],"command","manage","http:\u002F\u002Fwww.warpconduit.net\u002Fwordpress-plugins\u002Fdashboard-commander\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-commander.1.0.3.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":13,"num_ratings":28,"last_updated":126,"tested_up_to":127,"requires_at_least":17,"requires_php":18,"tags":128,"homepage":134,"download_link":135,"security_score":136,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"abd-dashboard-widget-manager","ABD Dashboard Widget Manager","1.1","abdwebdesign","https:\u002F\u002Fprofiles.wordpress.org\u002Fabdwebdesign\u002F","\u003Cp>Take control of your admin dashboard!\u003C\u002Fp>\n\u003Cp>This plugin gives you an easy way to customize your WordPress administrator dashboard.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Select which user roles you’d like to customize.\u003C\u002Fli>\n\u003Cli>select which admin dashboard widgets you’d like to have displayed. \u003C\u002Fli>\n\u003Cli>You also get the option to show a new ‘custom widget’ which you can then add your desired content. \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This custom widget is a great way to add documentation for your clients or leave notes for yourself right there on the admin dashboard when you or your users logs in. We use it for almost all of our clients so that they have documentation they need to manage their WordPress sites.\u003C\u002Fp>\n","Customize your WordPress administrator dashboard. You can choose which admin widgets to display, the user roles, and add your own dashboard content.",300,11868,"2014-08-10T23:21:00.000Z","3.9.40",[129,130,131,132,133],"admin-dashboard","admin-widgets","custom-dashboard","custom-widget","widget-manager","http:\u002F\u002Faaronbday.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabd-dashboard-widget-manager.zip",85,{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":145,"downloaded":146,"rating":13,"num_ratings":147,"last_updated":148,"tested_up_to":149,"requires_at_least":150,"requires_php":18,"tags":151,"homepage":18,"download_link":153,"security_score":136,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"right-now-reloaded","Right Now Reloaded","2.2","Michael Dance","https:\u002F\u002Fprofiles.wordpress.org\u002Fseventhsteel\u002F","\u003Cp>Sick of the “Right Now” dashboard widget not showing useful information about your site? “Right Now Reloaded” solves that.\u003C\u002Fp>\n\u003Cp>The default Right Now widget shows only information on posts, pages, categories, tags, widgets, and comments. That’s great if you’re running a standard blog, but what if you don’t use comments? What if you have a bunch of custom post types?\u003C\u002Fp>\n\u003Cp>That’s where Right Now Reloaded comes in. It displays an accurate snapshot of your site: all your public post types and taxonomies, plus active plugins, registered users, links, widgets, and menus, all ordered by importance. Don’t use one of those? It won’t show up.\u003C\u002Fp>\n\u003Cp>Some extra notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No configuration required\u003C\u002Fli>\n\u003Cli>Translation-ready\u003C\u002Fli>\n\u003Cli>Strict permissions – users only see what they should be able to see\u003C\u002Fli>\n\u003Cli>Easily customizable with dynamic CSS classes and IDs\u003C\u002Fli>\n\u003Cli>Retains the \u003Ccode>right_now_table_end\u003C\u002Fcode>, \u003Ccode>rightnow_end\u003C\u002Fcode>, and \u003Ccode>activity_box_end\u003C\u002Fcode> hooks so that other plugins can still hook into the widget\u003C\u002Fli>\n\u003C\u002Ful>\n","A more relevant and dynamic version of the \"Right Now\" dashboard widget.",200,7620,2,"2013-07-01T15:10:00.000Z","3.5.2","3.4",[21,22,152,23,24],"right-now","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fright-now-reloaded.2.2.zip",{"attackSurface":155,"codeSignals":182,"taintFlows":192,"riskAssessment":210,"analyzedAt":229},{"hooks":156,"ajaxHandlers":174,"restRoutes":179,"shortcodes":180,"cronEvents":181,"entryPointCount":28,"unprotectedCount":28},[157,163,167,171],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","wp_dashboard_setup","dws_add_dashboard_widgets","dashboard-widget-sidebar.php",129,{"type":158,"name":164,"callback":165,"file":161,"line":166},"admin_enqueue_scripts","dws_enqueue_script",149,{"type":158,"name":168,"callback":169,"file":161,"line":170},"admin_head","dws_admin_head",192,{"type":158,"name":164,"callback":172,"file":161,"line":173},"wpcf7_do_enqueue_scripts",201,[175],{"action":176,"nopriv":177,"callback":176,"hasNonce":177,"hasCapCheck":177,"file":161,"line":178},"dws_ajax_update",false,171,[],[],[],{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":74,"externalRequests":74,"nonceChecks":74,"capabilityChecks":74,"bundledLibraries":191},[],{"prepared":74,"raw":74,"locations":185},[],{"escaped":74,"rawEcho":28,"locations":187},[188],{"file":161,"line":189,"context":190},187,"raw output",[],[193],{"entryPoint":194,"graph":195,"unsanitizedCount":28,"severity":209},"\u003Cdashboard-widget-sidebar> (dashboard-widget-sidebar.php:0)",{"nodes":196,"edges":207},[197,202],{"id":198,"type":199,"label":200,"file":161,"line":201},"n0","source","$_POST",154,{"id":203,"type":204,"label":205,"file":161,"line":189,"wp_function":206},"n1","sink","echo() [XSS]","echo",[208],{"from":198,"to":203,"sanitized":177},"low",{"summary":211,"deductions":212},"The 'dashboard-widget-sidebar' plugin, version 1.2.3, exhibits a concerning security posture due to significant oversights in its code implementation and a history of vulnerabilities. While it demonstrates good practice in its SQL query handling by exclusively using prepared statements and avoids external HTTP requests and file operations, these strengths are overshadowed by critical weaknesses. The static analysis reveals a single, unprotected AJAX handler, which represents a direct entry point for attackers. Furthermore, a taint analysis identified a flow with an unsanitized path, indicating potential for manipulation of data that could lead to security issues. The plugin also suffers from a complete lack of output escaping, meaning any data displayed via this handler could be vulnerable to cross-site scripting (XSS) attacks.\n\nThe vulnerability history is particularly alarming, with one unpatched medium-severity CVE specifically related to missing authorization. This pattern of missing authorization is consistent with the identified unprotected AJAX handler, suggesting a recurring and unresolved security flaw. The combination of an unprotected entry point, unsanitized data paths, a lack of output escaping, and a history of authorization vulnerabilities paints a picture of a plugin that is currently a significant risk to WordPress installations. While the absence of dangerous functions and proper SQL handling are positive, they do not mitigate the immediate threats posed by the identified weaknesses.",[213,216,219,222,225,227],{"reason":214,"points":215},"Unprotected AJAX handler (1)",7,{"reason":217,"points":218},"Taint flow with unsanitized paths (1)",10,{"reason":220,"points":221},"No output escaping on outputs (1)",5,{"reason":223,"points":224},"Unpatched medium CVE (1)",15,{"reason":226,"points":221},"No nonce checks on AJAX",{"reason":228,"points":221},"No capability checks","2026-03-16T19:46:46.143Z",{"wat":231,"direct":239},{"assetPaths":232,"generatorPatterns":234,"scriptPaths":235,"versionParams":237},[233],"\u002Fwp-content\u002Fplugins\u002Fdashboard-widget-sidebar\u002Fdashboard-widget-sidebar.js",[],[236],"wp-content\u002Fplugins\u002Fdashboard-widget-sidebar\u002Fdashboard-widget-sidebar.js",[238],"dashboard-widget-sidebar\u002Fdashboard-widget-sidebar.js?ver=",{"cssClasses":240,"htmlComments":242,"htmlAttributes":243,"restEndpoints":244,"jsGlobals":246,"shortcodeOutput":248},[241],"dws-settings",[],[],[245],"\u002Fwp-json\u002Fdws-ajax-update",[247],"dwsWidgetSettings",[]]