WP-Safety

Dashboard Widgets Suite Security & Risk Analysis

wordpress.org/plugins/dashboard-widgets-suite

Adds 9 awesome widgets to your WP Dashboard. Includes User Notes, Social Buttons, System Info, Debug/Error Logs, and more!

4K active installs v3.5 PHP 5.6.20+ WP 4.7+ Updated Jan 28, 2026
dashboarddebuglognoteswidget
98
A · Safe
CVEs total3
Unpatched0
Last CVEJun 12, 2024
Plugin page Download
Safety Verdict

Is Dashboard Widgets Suite Safe to Use in 2026?

Generally Safe

Score 98/100

Dashboard Widgets Suite has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 12, 2024Updated 2mo ago
Risk Assessment

The "dashboard-widgets-suite" v3.5 plugin exhibits a mixed security posture. On the positive side, there are no reported unpatched CVEs, and the static analysis indicates a strong adherence to secure coding practices regarding SQL queries, which are all prepared. The plugin also implements a reasonable number of nonce and capability checks, suggesting an awareness of common WordPress security vulnerabilities. The absence of critical or high-severity taint flows is also reassuring.

However, a significant concern arises from the output escaping. With only 41% of outputs properly escaped, there's a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of three medium-severity XSS CVEs. While the last known vulnerability was recently patched, this pattern indicates a recurring weakness in sanitizing user-supplied data before it's displayed. The presence of unsanitized paths in taint analysis, although not classified as critical or high, warrants attention as it could be a vector for other types of injection attacks.

In conclusion, while the plugin has a good track record of addressing vulnerabilities and employs secure practices for database interactions, the persistent issue with output escaping is a notable weakness. The historical prevalence of XSS vulnerabilities, even if currently patched, suggests that developers should prioritize rigorous output sanitization to mitigate future risks and improve the overall security posture.

Key Concerns

  • Significant portion of outputs not properly escaped
  • Taint analysis found unsanitized paths
  • History of medium severity XSS vulnerabilities
Vulnerabilities
3

Dashboard Widgets Suite Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-0979medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dashboard Widgets Suite <= 3.4.3 - Reflected Cross-Site Scripting

Jun 12, 2024 Patched in 3.4.4 (1d)
CVE-2023-49743medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dashboard Widgets Suite <= 3.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 4, 2023 Patched in 3.4.2 (50d)
CVE-2023-26517medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Feb 27, 2023 Patched in 3.2.2 (330d)
Code Analysis
Analyzed Mar 16, 2026

Dashboard Widgets Suite Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
159
111 escaped
Nonce Checks
7
Capability Checks
9
File Operations
4
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

41% escaped270 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths
dashboard_widgets_suite_admin_notice (inc\settings-reset.php:5)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Dashboard Widgets Suite Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[dws_feed_box] dashboard-widgets.php:82
[dws_social_box] dashboard-widgets.php:83
[dws_user_notes] dashboard-widgets.php:84
WordPress Hooks 23
actionadmin_initdashboard-widgets.php:55
actionadmin_initdashboard-widgets.php:56
actioninitdashboard-widgets.php:57
filterplugin_action_linksdashboard-widgets.php:58
filterplugin_row_metadashboard-widgets.php:59
filteradmin_footer_textdashboard-widgets.php:60
filterget_user_option_screen_layout_dashboarddashboard-widgets.php:62
filterscreen_layout_columnsdashboard-widgets.php:63
actionadmin_head-index.phpdashboard-widgets.php:64
actionadmin_enqueue_scriptsdashboard-widgets.php:66
actionadmin_noticesdashboard-widgets.php:67
actionadmin_menudashboard-widgets.php:68
actionadmin_initdashboard-widgets.php:70
actionadmin_initdashboard-widgets.php:71
actionadmin_initdashboard-widgets.php:72
actionadmin_initdashboard-widgets.php:73
actionadmin_initdashboard-widgets.php:74
actionadmin_initdashboard-widgets.php:75
actionadmin_initdashboard-widgets.php:76
actionwp_enqueue_scriptsdashboard-widgets.php:78
actionwidgets_initdashboard-widgets.php:79
actioninitdashboard-widgets.php:80
actionwp_dashboard_setupinc\widgets-enable.php:207
Maintenance & Trust

Dashboard Widgets Suite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 28, 2026
PHP min version5.6.20
Downloads153K

Community Trust

Rating98/100
Number of ratings36
Active installs4K
Alternatives

Dashboard Widgets Suite Alternatives

Simple Log Viewer

Simple Log Viewer

simple-log-viewer

A
100

A simple plugin to log errors in real time in a metabox in the admin panel, too integrated with WP-CLI

10 No CVEs
Dashboard Notepad

Dashboard Notepad

dashboard-notepad

C
63

The very simplest of notepads for your Dashboard.

10K 1 unpatched
Admin Users Logged In

Admin Users Logged In

admin-users-logged-in

A
100

Dashboard widget that shows admin users and when they were last logged in.

100 No CVEs
JS Error Logger

JS Error Logger

js-error-logger

A
100

Logs front-end javascript errors, and displays them in a dashboard widget

10 No CVEs
Dashboard Scratch Pad

Dashboard Scratch Pad

dashboard-scratch-pad

A
92

A plugin that adds a scratch pad to your dashboard

0 No CVEs
Developer Profile

Dashboard Widgets Suite Developer Profile

Jeff Starr

30 plugins · 1.2M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
345 days
View full developer profile
Detection Fingerprints

How We Detect Dashboard Widgets Suite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dashboard-widgets-suite/css/dws-admin.css/wp-content/plugins/dashboard-widgets-suite/css/dws-frontend.css/wp-content/plugins/dashboard-widgets-suite/js/dws-admin.js
Script Paths
/wp-content/plugins/dashboard-widgets-suite/js/dws-admin.js
Version Parameters
dashboard-widgets-suite/css/dws-admin.css?ver=dashboard-widgets-suite/css/dws-frontend.css?ver=dashboard-widgets-suite/js/dws-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
dws-feed-boxdws-social-boxdws-user-notesdws-admin-notice
HTML Comments
<!-- Dashboard Widgets Suite --><!-- END Dashboard Widgets Suite -->
Data Attributes
data-dws-widget-iddata-dws-widget-type
JS Globals
dws_admin_params
Shortcode Output
[dws_feed_box][dws_social_box][dws_user_notes]
FAQ

Frequently Asked Questions about Dashboard Widgets Suite