Last-USERS-Dashboard-Widget Security & Risk Analysis

wordpress.org/plugins/last-users-dashboard-widget

Widget for Dashboard WP. Shows last (10) registered users and their activity. (shown for role 'admin' or 'editor') Russian: Дат …

0 active installs v0.305 PHP + WP 3.6+ Updated Oct 23, 2019
admindashboardtooluserswidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Last-USERS-Dashboard-Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Last-USERS-Dashboard-Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The 'last-users-dashboard-widget' plugin version 0.305 exhibits a generally strong security posture from a static analysis perspective, with no identified attack surface through common entry points like AJAX, REST API, shortcodes, or cron events. The absence of dangerous functions, file operations, and external HTTP requests further contributes to this positive assessment. The code also shows a commitment to security by implementing capability checks on its SQL queries.

However, a significant concern arises from the complete lack of output escaping. This means that any data rendered by the plugin could potentially be manipulated by an attacker, leading to cross-site scripting (XSS) vulnerabilities. The 50% of SQL queries not using prepared statements also represent a potential SQL injection risk, although the total number of queries is low. The absence of nonce checks, while not directly linked to an exposed attack surface in this specific analysis, is generally a good practice for securing AJAX actions and could be a missed opportunity for layered security.

The plugin's vulnerability history is a significant strength, with zero recorded CVEs of any severity. This suggests a history of responsible development and a lack of exploitable vulnerabilities discovered to date. In conclusion, while the plugin benefits from a minimal attack surface and a clean vulnerability history, the critical lack of output escaping and the presence of non-prepared SQL queries are notable weaknesses that require immediate attention.

Key Concerns

  • All output is unescaped
  • 50% of SQL queries not using prepared statements
  • No nonce checks
Vulnerabilities
None known

Last-USERS-Dashboard-Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Last-USERS-Dashboard-Widget Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Last-USERS-Dashboard-Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
1 prepared
Unescaped Output
7
0 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared2 total queries

Output Escaping

0% escaped7 total outputs
Attack Surface

Last-USERS-Dashboard-Widget Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwp_dashboard_setuplast-users-dashboard-widget.php:53
Maintenance & Trust

Last-USERS-Dashboard-Widget Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedOct 23, 2019
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Developer Profile

Last-USERS-Dashboard-Widget Developer Profile

n4me

2 plugins · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Last-USERS-Dashboard-Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/last-users-dashboard-widget/last-users-dashboard-widget.php

HTML / DOM Fingerprints

Shortcode Output
Да, ты админ или редактор!<br>У нас на сайте пользователей,. Вот.<br>
FAQ

Frequently Asked Questions about Last-USERS-Dashboard-Widget