Does Dashi have any unpatched vulnerabilities?

No. All known vulnerabilities in Dashi have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dashi compatible with WordPress 6.9.4?

According to WordPress.org data, Dashi 3.4.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Dashi compatible with PHP 7.0+?

Dashi requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Dashi updated?

Dashi was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Dashi's security score?

Dashi has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dashi Security & Risk Analysis

wordpress.org/plugins/dashi

Useful classes for creating a custom post type. Creates Page Parts custom post type. Designed for theme developers.

100 active installs v3.4.6 PHP 7.0+ WP + Updated Mar 12, 2026

custom-fieldcustom-post-type

A · Safe

CVEs total1

Unpatched0

Last CVEApr 17, 2025

Plugin page Download

Safety Verdict

Is Dashi Safe to Use in 2026?

Generally Safe

Score 99/100

Dashi has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 17, 2025Updated 23d ago

Risk Assessment

The 'dashi' v3.4.6 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by extensively using prepared statements for SQL queries and implementing nonce checks. The absence of dangerous functions, critical/high taint flows, and unpatched CVEs are also strengths. However, a significant concern lies in its attack surface, specifically one AJAX handler lacking authorization checks. While the taint analysis found no unsanitized paths, the presence of unauthenticated entry points always poses a risk. The vulnerability history indicates a past medium-severity issue, likely related to missing authorization, which aligns with the current static analysis finding. While the plugin has addressed past vulnerabilities and shows good internal code practices, the identified unprotected AJAX endpoint warrants attention.

Key Concerns

Unprotected AJAX handler
Medium severity vulnerability history (Missing Authorization)
Moderate output escaping (68% properly escaped)

Vulnerabilities

Dashi Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-39580medium · 5.3Missing Authorization

Dashi <= 3.1.8 - Missing Authorization

Apr 17, 2025 Patched in 3.1.9 (5d)

Code Analysis

Analyzed Mar 16, 2026

Dashi Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

122

261 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared15 total queries

Output Escaping

68% escaped383 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

editFormAfterTitle (classes\Posttype\Copy.php:228)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Dashi Attack Surface

Entry Points7

Unprotected1

AJAX Handlers 3

authwp_ajax_custom_referencerclasses\Posttype\Posttype.php:320

authwp_ajax_public_uploader_ajaxclasses\Posttype\PublicForm.php:28

noprivwp_ajax_public_uploader_ajaxclasses\Posttype\PublicForm.php:32

Shortcodes 4

[dashi_sitemap] classes\Posttype\Posttype.php:309

[dashi_public_form] classes\Posttype\Posttype.php:315

[loggedin] dashi.php:179

[get_pagepart] posttype\Pagepart.php:39

WordPress Hooks 100

actionadmin_post_dashi_cf7_ack_warningclasses\Notation.php:20

filterdashboard_glance_itemsclasses\Notation.php:38

actionadmin_noticesclasses\Notation.php:100

actionadmin_noticesclasses\Notation.php:115

actionadmin_noticesclasses\Notation.php:130

actionadmin_noticesclasses\Notation.php:145

actionadmin_noticesclasses\Notation.php:163

actionadmin_noticesclasses\Notation.php:179

actionadmin_noticesclasses\Notation.php:195

actionadmin_noticesclasses\Notation.php:211

actionadmin_noticesclasses\Notation.php:227

actionadmin_noticesclasses\Notation.php:243

actionadmin_noticesclasses\Notation.php:262

actionadmin_noticesclasses\Notation.php:285

actionwp_dashboard_setupclasses\Notation.php:299

actionadmin_noticesclasses\Notation.php:323

actionwp_dashboard_setupclasses\NotationDomain.php:100

actionadmin_initclasses\NotationDomain.php:110

actionwp_dashboard_setupclasses\NotationDomain.php:132

actionadmin_noticesclasses\NotationDomain.php:243

actionadmin_noticesclasses\NotationDomain.php:278

actionadmin_noticesclasses\NotationDomain.php:294

actionadmin_noticesclasses\NotationHeavey.php:55

actionadmin_noticesclasses\NotationHeavey.php:86

actionadmin_noticesclasses\NotationHeavey.php:114

actionadmin_noticesclasses\NotationHeavey.php:137

actionadmin_noticesclasses\NotationHeavey.php:160

actionadmin_noticesclasses\NotationHeavey.php:195

actionwp_loadedclasses\Posttype\Another.php:35

filterinitclasses\Posttype\Another.php:60

filteradmin_head-post-new.phpclasses\Posttype\Another.php:66

actionedit_form_after_titleclasses\Posttype\Another.php:72

actionsave_postclasses\Posttype\Another.php:78

actionpre_get_postsclasses\Posttype\Another.php:84

actionadmin_head-post.phpclasses\Posttype\Another.php:101

filterpost_date_column_timeclasses\Posttype\Another.php:107

actionsave_postclasses\Posttype\Another.php:732

filteradmin_head-post-new.phpclasses\Posttype\Copy.php:38

actionedit_form_after_titleclasses\Posttype\Copy.php:42

actionadmin_head-post.phpclasses\Posttype\Copy.php:48

actionsave_postclasses\Posttype\Copy.php:53

actionwp_dashboard_setupclasses\Posttype\Csv.php:54

actionadmin_initclasses\Posttype\Csv.php:65

actionedit_form_after_titleclasses\Posttype\CustomFields.php:171

actionadmin_print_footer_scriptsclasses\Posttype\CustomFields.php:675

actionwidgets_initclasses\Posttype\Posttype.php:44

actionadmin_menuclasses\Posttype\Posttype.php:47

actionmanage_posts_columnsclasses\Posttype\Posttype.php:53

actionrestrict_manage_postsclasses\Posttype\Posttype.php:77

actionpre_get_postsclasses\Posttype\Posttype.php:81

actiontemplate_redirectclasses\Posttype\Posttype.php:87

actiontemplate_includeclasses\Posttype\Posttype.php:92

actionsave_postclasses\Posttype\Posttype.php:100

actionedited_termclasses\Posttype\Posttype.php:101

filterpre_wp_unique_post_slugclasses\Posttype\Posttype.php:104

actionadmin_noticesclasses\Posttype\Posttype.php:107

actionadmin_noticesclasses\Posttype\Posttype.php:112

actioncurrent_screenclasses\Posttype\Posttype.php:116

actionposts_requestclasses\Posttype\Posttype.php:121

actionposts_joinclasses\Posttype\Posttype.php:122

filterposts_searchclasses\Posttype\Posttype.php:123

filterposts_distinctclasses\Posttype\Posttype.php:124

actionposts_whereclasses\Posttype\Posttype.php:125

actionposts_orderbyclasses\Posttype\Posttype.php:126

actiondashi_cron_hookclasses\Posttype\Posttype.php:140

actionwp_enqueue_scriptsclasses\Posttype\Posttype.php:150

actionadmin_enqueue_scriptsclasses\Posttype\Posttype.php:199

actionadmin_bar_menuclasses\Posttype\Posttype.php:265

filterwp_terms_checklist_argsclasses\Posttype\Posttype.php:278

filterenter_title_hereclasses\Posttype\Posttype.php:290

actionedited_termclasses\Posttype\Posttype.php:859

filterget_post_metadataclasses\Posttype\Preview.php:14

filterwp_insert_postclasses\Posttype\Preview.php:22

actionedit_form_after_titleclasses\Posttype\Preview.php:28

filterpending_to_publishclasses\Posttype\PublicForm.php:21

actiondashi_public_form_gc_hookclasses\Posttype\PublicForm.php:39

filterwp_save_post_revision_check_for_changesclasses\Posttype\Revisions.php:14

filterwp_save_post_revision_post_has_changedclasses\Posttype\Revisions.php:22

filter_wp_post_revision_fieldsclasses\Posttype\Revisions.php:30

actionwp_restore_post_revisionclasses\Posttype\Revisions.php:36

actionpre_get_postsclasses\Posttype\Workflow.php:26

actionpre_get_postsclasses\Posttype\Workflow.php:31

actiontemplate_redirectclasses\Security.php:21

actionadmin_enqueue_scriptsclasses\Zip.php:47

actionwp_enqueue_scriptsclasses\Zip.php:48

actionadmin_print_footer_scriptsclasses\Zip.php:90

actionwp_print_footer_scriptsclasses\Zip.php:96

actionadmin_noticesdashi.php:40

actiontemplate_redirectdashi.php:54

actionadmin_menudashi.php:76

actiontemplate_redirectdashi.php:154

actionpost_date_column_statusdashi.php:185

filteradmin_body_classdashi.php:194

actionadmin_bar_menudashi.php:209

filterallow_major_auto_core_updatesdashi.php:231

filterauto_update_themedashi.php:236

filterauto_update_plugindashi.php:241

filterauto_update_translationdashi.php:246

actioninitdashi.php:252

actionwp_enqueue_scriptsposttype\Pagepart.php:42

Scheduled Events 3

dashi_cron_hook

dashi_public_form_gc_hook

dashi_cron_hook

Maintenance & Trust

Dashi Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.0

Downloads15K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Dashi Alternatives

Meta Box

meta-box

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs

Pods – Custom Content Types and Fields

pods

Pods is a framework for creating, managing, and deploying customized content types and fields for any project.

100K 14 CVEs

Sydney Toolbox

sydney-toolbox

Registers custom post types and custom fields for the Sydney theme

60K 5 CVEs

Custom Post Types and Custom Fields creator – WCK

wck-custom-fields-and-custom-post-types-creator

100

A must have tool for creating custom fields, custom post types and taxonomies, fast and without any programming knowledge.

10K 1 CVE

CubeWP Framework

cubewp-framework

CubeWP is an end-to-end dynamic content framework for WordPress to help you shrink time and cut cost of development up to 90%.

4K 1 unpatched

Developer Profile

Dashi Developer Profile

jidaikobo

5 plugins · 210 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

1109 days

View full developer profile

Detection Fingerprints

How We Detect Dashi

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/dashi/js/jquery.jscroll-master/jquery.jscroll.min.js/wp-content/plugins/dashi/js/dashi.js

HTML / DOM Fingerprints

CSS Classes

dashi-options-pagedashi-admin-body-classdashi-table

Data Attributes

data-dashi-id

JS Globals

dashi_ajaxurl

Shortcode Output

[loggedin]

FAQ