WP-Safety

Frontend Dashboard Security & Risk Analysis

wordpress.org/plugins/frontend-dashboard

Frontend Dashboard is bundled with huge list of custom features which can easily customise the User profile, Posts, Login, Register, Custom roles.

500 active installs v2.2.10 PHP + WP 5.8.3+ Updated Jul 7, 2025
custom-logincustom-profilecustom-registerdashboardfrontend-dashboard
87
A · Safe
CVEs total8
Unpatched0
Last CVEJun 5, 2025
Plugin page Download
Safety Verdict

Is Frontend Dashboard Safe to Use in 2026?

Generally Safe

Score 87/100

Frontend Dashboard has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

8 known CVEsLast CVE: Jun 5, 2025Updated 10mo ago
Risk Assessment

The frontend-dashboard plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers and a history of critical and high-severity vulnerabilities. While the static analysis indicates some positive signs like a high percentage of properly escaped output and a moderate use of prepared statements for SQL queries, the sheer volume of unprotected entry points (24 out of 38) represents a substantial attack surface. The taint analysis revealing two high-severity flows with unsanitized paths further amplifies these concerns, suggesting potential for exploits like cross-site scripting or unauthorized actions if not properly mitigated.

The plugin's vulnerability history is a major red flag. With 8 known CVEs, including one critical and four high-severity, it indicates a pattern of past security weaknesses that have been exploited. While there are currently no unpatched vulnerabilities, the recurring nature of significant issues across various types (XSS, authorization, SQL injection, code injection, information exposure) suggests underlying architectural flaws or insufficient security practices during development. The recent vulnerability in 2025 also points to ongoing challenges in maintaining a secure codebase.

In conclusion, while the plugin demonstrates some good security practices like the use of nonces and capability checks, these are overshadowed by the large unprotected attack surface and the plugin's problematic vulnerability history. The high number of unprotected AJAX handlers and the critical taint analysis findings present immediate risks that require careful attention. Organizations using this plugin should proceed with extreme caution, prioritize regular security audits, and consider alternative solutions if the risks cannot be adequately mitigated.

Key Concerns

  • Large attack surface without auth
  • High severity taint flow with unsanitized paths
  • Critical vulnerability in history
  • Multiple high severity vulnerabilities in history
  • Unsanitized paths in taint analysis
  • Use of 'unserialize' dangerous function
  • Low percentage of prepared statements for SQL
Vulnerabilities
8 published

Frontend Dashboard Security Vulnerabilities

CVEs by Year

3 CVEs in 2024
2024
5 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
4
Medium
3

8 total CVEs

CVE-2025-49310medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Frontend Dashboard <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 5, 2025 Patched in 2.2.9 (7d)
CVE-2025-4474high · 8.8Improper Authorization

Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function

May 12, 2025 Patched in 2.2.8 (1d)
CVE-2025-4473high · 8.8Improper Authorization

Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function

May 12, 2025 Patched in 2.2.8 (1d)
CVE-2025-4104critical · 9.8Improper Authorization

Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function

May 6, 2025 Patched in 2.2.7 (1d)
CVE-2025-46248high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Frontend Dashboard <= 2.2.5 - Unauthenticated SQL Injection

Apr 22, 2025 Patched in 2.2.6 (9d)
CVE-2024-8268high · 8.8Improper Control of Generation of Code ('Code Injection')

Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call

Sep 9, 2024 Patched in 2.2.5 (1d)
CVE-2024-32726medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Frontend Dashboard <= 2.2.2 - Sensitive Information Exposure

Apr 22, 2024 Patched in 2.2.4 (361d)
CVE-2024-29775medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Frontend Dashboard <= 2.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 2.2.2 (8d)
Version History

Frontend Dashboard Release Timeline

v2.2.10Current
v2.2.9
v2.2.81 CVE
CVE-2025-49310
v2.2.73 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4474
v2.2.64 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +1 more
v2.2.55 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +2 more
v2.2.46 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +3 more
v2.2.27 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +4 more
v2.2.18 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.28 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.1.248 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.1.238 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.1.228 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.1.218 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.1.208 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.1.198 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.1.188 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.1.178 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.1.168 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
v2.1.158 CVEs
CVE-2025-49310 CVE-2025-4473 CVE-2025-4104 +5 more
Code Analysis
Analyzed Mar 16, 2026

Frontend Dashboard Code Analysis

Dangerous Functions
15
Raw SQL Queries
45
19 prepared
Unescaped Output
202
1033 escaped
Nonce Checks
7
Capability Checks
16
File Operations
2
External Requests
1
Bundled Libraries
2

Dangerous Functions Found

unserialize$extended = isset( $options['extended'] ) ? ( is_string( $options['extended'] ) ? unserialize( includes\admin\fields\fed-form-checkbox.php:28
unserialize) ) ? unserialize( $row['user_role'] ) : serialize( array_keys( $row['user_role'] ) ) : array(),includes\admin\function-admin.php:428
unserialize$default['extended'] = unserialize( $row['extended'] );includes\admin\function-admin.php:439
unserialize$default['extended'] = unserialize( $row['extended'] );includes\admin\function-admin.php:460
unserialize$default['extended'] = unserialize( $row['extended'] );includes\admin\function-admin.php:475
unserialize$default['extended'] = unserialize( $row['extended'] );includes\admin\function-admin.php:500
unserialize) ? unserialize( $row['user_role'] ) : serialize( array_keys( $row['user_role'] ) ) ) : '',includes\admin\function-admin.php:551
unserialize$extended = isset( $field['extended'] ) ? is_string( $field['extended'] ) ? unserialize( $fieincludes\admin\layout\class-fed-admin-user-profile.php:45
unserializeunserialize( $res ),includes\admin\menu\items\dashboard-menu.php:515
unserializeif ( ! in_array( $user_role, unserialize( $res ), true ) &&includes\admin\model\menu.php:64
unserialize$item = unserialize( $items['object_items'] );includes\admin\payment\class-fed-invoice.php:430
unserialize$item = unserialize( $products['object_items'] );includes\admin\payment\payment.php:316
unserializearray_intersect( $user->roles, unserialize( $single_item['user_role'] ) )includes\frontend\controller\profile.php:102
unserialize$extended = is_string( $single_item['extended'] ) ? unserialize(includes\frontend\function-frontend.php:279
unserializeunserialize( $single_item['user_role'] )includes\frontend\function-frontend.php:844

Bundled Libraries

DataTablesSelect2

SQL Query Safety

30% prepared64 total queries

Output Escaping

84% escaped1235 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

8 flows2 with unsanitized paths
body_content (includes\admin\payment\class-fed-payment-menu.php:145)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
24 unprotected

Frontend Dashboard Attack Surface

Entry Points38
Unprotected24

AJAX Handlers 29

authwp_ajax_fed_get_taxonomy_by_post_typeincludes\admin\controllers\class-fed-taxonomy.php:17
noprivwp_ajax_fed_get_taxonomy_by_post_typeincludes\admin\controllers\class-fed-taxonomy.php:18
authwp_ajax_fed_get_terms_by_taxonomyincludes\admin\controllers\class-fed-terms.php:17
noprivwp_ajax_fed_get_terms_by_taxonomyincludes\admin\controllers\class-fed-terms.php:18
authwp_ajax_fed_admin_script_menuincludes\admin\layout\settings_tab\general\class-fed-admin-general.php:25
authwp_ajax_fed_admin_setting_formincludes\admin\request\admin.php:16
authwp_ajax_fed_admin_setting_up_formincludes\admin\request\admin.php:17
authwp_ajax_fed_admin_setting_form_dashboard_menuincludes\admin\request\admin.php:18
authwp_ajax_fed_user_profile_deleteincludes\admin\request\admin.php:19
authwp_ajax_fed_message_formincludes\admin\request\admin.php:20
authwp_ajax_fed_is_registeredincludes\admin\request\admin.php:21
authwp_ajax_fed_menu_sorting_itemsincludes\admin\request\menu.php:125
authwp_ajax_fed_admin_ordersincludes\admin\request\orders.php:11
authwp_ajax_fed_admin_order_deleteincludes\admin\request\orders.php:12
authwp_ajax_fed_order_search_addincludes\admin\request\orders.php:13
authwp_ajax_fed_admin_add_ordersincludes\admin\request\orders.php:14
authwp_ajax_fed_status_delete_tableincludes\admin\request\status.php:12
authwp_ajax_fed_status_empty_tableincludes\admin\request\status.php:13
authwp_ajax_fed_status_delete_optionincludes\admin\request\status.php:14
authwp_ajax_fed_status_delete_all_optionincludes\admin\request\status.php:15
noprivwp_ajax_fed_status_delete_tableincludes\admin\request\status.php:16
noprivwp_ajax_fed_status_empty_tableincludes\admin\request\status.php:17
noprivwp_ajax_fed_status_delete_optionincludes\admin\request\status.php:18
noprivwp_ajax_fed_status_delete_all_optionincludes\admin\request\status.php:19
authwp_ajax_fed_admin_menu_sortingincludes\admin\request\user-profile.php:132
authwp_ajax_fed_login_form_postincludes\frontend\request\login\index.php:15
noprivwp_ajax_fed_login_form_postincludes\frontend\request\login\index.php:16
authwp_ajax_fed_ajax_requestroute\class-fed-request.php:26
authwp_ajax_fed_api_ajax_requestroute\class-fed-request.php:27

Shortcodes 9

[fed_dashboard] includes\shortcodes\dashboard\dashboard-shortcode.php:24
[fed_forgot_password_only] includes\shortcodes\login\forgot-password-only-shortcode.php:28
[fed_login_only] includes\shortcodes\login\login-only-shortcode.php:28
[fed_login] includes\shortcodes\login\login-shortcode.php:28
[fed_register_only] includes\shortcodes\login\register-only-shortcode.php:28
[fed_transactions] includes\shortcodes\payments\transactions.php:23
[fed_user] includes\shortcodes\user-role.php:34
[fed_list_posts] includes\shortcodes\widget\posts.php:10
[fed_list_taxonomy] includes\shortcodes\widget\taxonomy.php:12
WordPress Hooks 60
filterarchive_templateincludes\admin\function-admin.php:641
actionadmin_initincludes\admin\function-admin.php:1842
filtermedia_upload_tabsincludes\admin\function-admin.php:1858
actionpre_get_postsincludes\admin\function-admin.php:1863
actionadmin_footer_textincludes\admin\function-admin.php:3637
filterwp_nav_menu_itemsincludes\admin\function-admin.php:3811
actionadmin_bar_menuincludes\admin\hooks\class-fed-action-hooks.php:22
actioninitincludes\admin\hooks\class-fed-action-hooks.php:23
actionfed_add_inline_css_at_headincludes\admin\hooks\class-fed-action-hooks.php:24
actionwp_before_admin_bar_renderincludes\admin\hooks\class-fed-action-hooks.php:25
actionplugin_row_metaincludes\admin\hooks\class-fed-action-hooks.php:26
actionadmin_footer_textincludes\admin\hooks\class-fed-action-hooks.php:27
actionphpmailer_initincludes\admin\hooks\class-fed-action-hooks.php:35
filterwp_mail_fromincludes\admin\hooks\class-fed-action-hooks.php:51
filterwp_mail_from_nameincludes\admin\hooks\class-fed-action-hooks.php:54
actionactivated_pluginincludes\admin\install\class-fed-install-addons.php:18
actionadmin_initincludes\admin\install\install.php:12
actionfed_upgrade_actionincludes\admin\install\install.php:31
filterauto_update_pluginincludes\admin\install\install.php:595
actionshow_user_profileincludes\admin\layout\class-fed-admin-user-profile.php:21
actionedit_user_profileincludes\admin\layout\class-fed-admin-user-profile.php:22
actionpersonal_options_updateincludes\admin\layout\class-fed-admin-user-profile.php:26
actionedit_user_profile_updateincludes\admin\layout\class-fed-admin-user-profile.php:27
actionwp_headincludes\admin\layout\custom_layout\fed-custom-css.php:22
actionwp_footerincludes\admin\layout\custom_layout\fed-custom-css.php:23
actionadmin_initincludes\admin\layout\metabox\post-meta-box.php:16
actionsave_postincludes\admin\layout\metabox\post-meta-box.php:59
actionadmin_menuincludes\admin\layout\metabox\post-meta-box.php:114
actionadmin_menuincludes\admin\menu\class-fed-admin-menu.php:21
actionwp_dashboard_setupincludes\admin\payment\class-fed-payment-widgets.php:20
actionadmin_enqueue_scriptsincludes\admin\payment\class-fed-payment-widgets.php:21
filterfed_add_main_sub_menuincludes\admin\payment\class-fed-payment.php:21
filterfed_add_main_sub_menuincludes\admin\pro\plugins\class-fed-mp-pro.php:20
filterfed_admin_script_loading_pagesincludes\admin\pro\plugins\class-fed-mp-pro.php:26
filterfed_payment_menuincludes\admin\pro\plugins\class-fed-pp-pro.php:21
filterfed_admin_dashboard_settings_menu_headerincludes\admin\pro\plugins\class-fed-sc-pro.php:21
filterlogin_urlincludes\admin\request\tabs\login.php:109
filterlogin_redirectincludes\admin\request\tabs\login.php:129
filterlogout_redirectincludes\admin\request\tabs\login.php:150
actioninitincludes\admin\request\tabs\login.php:196
actionwp_dashboard_setupincludes\admin\widgets\class-fed-user-count-widget.php:20
actionadmin_enqueue_scriptsincludes\admin\widgets\class-fed-user-count-widget.php:21
actioninitincludes\common\function-common.php:569
actionadmin_noticesincludes\common\function-common.php:575
actionfed_register_below_form_fieldincludes\common\function-common.php:846
actionadmin_enqueue_scriptsincludes\common\script.php:15
actionwp_enqueue_scriptsincludes\common\script.php:16
filterlostpassword_urlincludes\frontend\request\login\forgot.php:98
filterinsert_user_metaincludes\frontend\request\login\register.php:70
filterpre_user_loginincludes\frontend\request\login\register.php:71
actionadmin_post_fed_save_user_profileincludes\frontend\request\user_profile\user-profile.php:16
actionadmin_post_nopriv_fed_save_user_profileincludes\frontend\request\user_profile\user-profile.php:17
actiontemplate_redirectincludes\shortcodes\dashboard\dashboard-shortcode.php:30
filterwidget_textincludes\shortcodes\dashboard\dashboard-shortcode.php:49
actiontemplate_redirectincludes\shortcodes\login\login-shortcode.php:34
filterwidget_textincludes\shortcodes\widget\taxonomy.php:10
actionwidgets_initincludes\widgets\class-fed-post-widget.php:22
actionwp_print_stylesincludes\widgets\class-fed-post-widget.php:26
actionadmin_post_fed_requestroute\class-fed-request.php:28
actionadmin_post_fed_api_requestroute\class-fed-request.php:29
Maintenance & Trust

Frontend Dashboard Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 7, 2025
PHP min version
Downloads145K

Community Trust

Rating98/100
Number of ratings134
Active installs500
Alternatives

Frontend Dashboard Alternatives

Frontend Dashboard Notification

Frontend Dashboard Notification

frontend-dashboard-notification

A
85

Frontend Dashboard Notification is an add-on for Frontend Dashboard WordPress plugin which allows user to show notification in Frontend Dashboard page &hellip;

60 No CVEs
Ultimate Dashboard – Custom WordPress Dashboard

Ultimate Dashboard – Custom WordPress Dashboard

ultimate-dashboard

A
95

The #1 Plugin to Customize the WordPress Dashboard!

60K 9 CVEs
AGCA – Custom Dashboard & Login Page

AGCA – Custom Dashboard & Login Page

ag-custom-admin

A
99

CHANGE: admin menu, login page, admin bar, dashboard widgets, custom colors, custom CSS & JS, logo & images

20K 5 CVEs
Branda – White Label & Branding, Free Login Page Customizer

Branda – White Label & Branding, Free Login Page Customizer

branda-white-labeling

A
89

White label & rebrand your login page & WordPress dashboard. Customize system emails & get everything to rebrand WordPress with Branda.

20K 7 CVEs
White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard

White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard

white-label

A
100

Our White Label WordPress plugin lets you make a custom admin experience. Create a custom login page, a custom dashboard, and much more.

10K 1 CVE
Developer Profile

Frontend Dashboard Developer Profile

M A Vinoth Kumar

21 plugins · 4K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
462 days
View full developer profile
Detection Fingerprints

How We Detect Frontend Dashboard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/frontend-dashboard/assets/css/frontend-dashboard.css/wp-content/plugins/frontend-dashboard/assets/css/fed-admin-menu.css/wp-content/plugins/frontend-dashboard/assets/css/fed-dashboard.css/wp-content/plugins/frontend-dashboard/assets/css/fed-font.css/wp-content/plugins/frontend-dashboard/assets/css/fed-style.css/wp-content/plugins/frontend-dashboard/assets/css/font-awesome.min.css/wp-content/plugins/frontend-dashboard/assets/css/jquery.dataTables.min.css/wp-content/plugins/frontend-dashboard/assets/css/responsive.dataTables.min.css+7 more
Script Paths
frontend-dashboard/assets/js/frontend-dashboard.min.jsfrontend-dashboard/assets/js/frontend-dashboard.jsfrontend-dashboard/assets/js/admin-setting.jsfrontend-dashboard/assets/js/setting.jsfrontend-dashboard/assets/js/admin-dashboard-menu.jsfrontend-dashboard/assets/js/jquery.dataTables.min.js+1 more
Version Parameters
frontend-dashboard/assets/css/frontend-dashboard.css?ver=frontend-dashboard/assets/css/fed-admin-menu.css?ver=frontend-dashboard/assets/css/fed-dashboard.css?ver=frontend-dashboard/assets/css/fed-font.css?ver=frontend-dashboard/assets/css/fed-style.css?ver=frontend-dashboard/assets/css/font-awesome.min.css?ver=frontend-dashboard/assets/css/jquery.dataTables.min.css?ver=frontend-dashboard/assets/css/responsive.dataTables.min.css?ver=frontend-dashboard/assets/js/admin-dashboard-menu.js?ver=frontend-dashboard/assets/js/admin-setting.js?ver=frontend-dashboard/assets/js/frontend-dashboard.js?ver=frontend-dashboard/assets/js/frontend-dashboard.min.js?ver=frontend-dashboard/assets/js/jquery.dataTables.min.js?ver=frontend-dashboard/assets/js/responsive.dataTables.min.js?ver=frontend-dashboard/assets/js/setting.js?ver=

HTML / DOM Fingerprints

CSS Classes
bc_fedfed_dashboard_menu_sort_wrapperfed_loaderfed_add_new_menu_containerfed_admin_menufed_menu_ajaxfed_menu_namefed_menu_slug+349 more
HTML Comments
Show Empty form to add Dashboard Menu
Data Attributes
data-fed_menu_box_iddata-fed_dashboard_setting_iddata-fed_user_profile_iddata-fed_post_iddata-fed_payment_id
JS Globals
fed_loaderfed_fetch_table_rows_with_keyfed_get_user_rolesfed_get_dashboard_menu_items_sortfed_get_dashboard_menu_items_addfed_get_dashboard_menu_items_list+8 more
REST Endpoints
/wp-json/fed/v1/dashboard/menu/list/wp-json/fed/v1/dashboard/menu/save/wp-json/fed/v1/dashboard/menu/update/wp-json/fed/v1/dashboard/menu/delete/wp-json/fed/v1/dashboard/menu/get/wp-json/fed/v1/dashboard/user-profile/list/wp-json/fed/v1/dashboard/user-profile/save/wp-json/fed/v1/dashboard/user-profile/update/wp-json/fed/v1/dashboard/user-profile/delete/wp-json/fed/v1/dashboard/user-profile/get/wp-json/fed/v1/dashboard/post/list/wp-json/fed/v1/dashboard/post/save/wp-json/fed/v1/dashboard/post/update/wp-json/fed/v1/dashboard/post/delete/wp-json/fed/v1/dashboard/post/get/wp-json/fed/v1/dashboard/payment/list/wp-json/fed/v1/dashboard/payment/save/wp-json/fed/v1/dashboard/payment/update/wp-json/fed/v1/dashboard/payment/delete/wp-json/fed/v1/dashboard/payment/get/wp-json/fed/v1/dashboard/setting/list/wp-json/fed/v1/dashboard/setting/save/wp-json/fed/v1/dashboard/setting/update/wp-json/fed/v1/dashboard/setting/delete/wp-json/fed/v1/dashboard/setting/get
FAQ

Frequently Asked Questions about Frontend Dashboard