
Last-USERS-Dashboard-Widget Security & Risk Analysis
wordpress.org/plugins/last-users-dashboard-widgetWidget for Dashboard WP. Shows last (10) registered users and their activity. (shown for role 'admin' or 'editor') Russian: Дат …
Is Last-USERS-Dashboard-Widget Safe to Use in 2026?
Generally Safe
Score 85/100Last-USERS-Dashboard-Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'last-users-dashboard-widget' plugin version 0.305 exhibits a generally strong security posture from a static analysis perspective, with no identified attack surface through common entry points like AJAX, REST API, shortcodes, or cron events. The absence of dangerous functions, file operations, and external HTTP requests further contributes to this positive assessment. The code also shows a commitment to security by implementing capability checks on its SQL queries.
However, a significant concern arises from the complete lack of output escaping. This means that any data rendered by the plugin could potentially be manipulated by an attacker, leading to cross-site scripting (XSS) vulnerabilities. The 50% of SQL queries not using prepared statements also represent a potential SQL injection risk, although the total number of queries is low. The absence of nonce checks, while not directly linked to an exposed attack surface in this specific analysis, is generally a good practice for securing AJAX actions and could be a missed opportunity for layered security.
The plugin's vulnerability history is a significant strength, with zero recorded CVEs of any severity. This suggests a history of responsible development and a lack of exploitable vulnerabilities discovered to date. In conclusion, while the plugin benefits from a minimal attack surface and a clean vulnerability history, the critical lack of output escaping and the presence of non-prepared SQL queries are notable weaknesses that require immediate attention.
Key Concerns
- All output is unescaped
- 50% of SQL queries not using prepared statements
- No nonce checks
Last-USERS-Dashboard-Widget Security Vulnerabilities
Last-USERS-Dashboard-Widget Release Timeline
Last-USERS-Dashboard-Widget Code Analysis
SQL Query Safety
Output Escaping
Last-USERS-Dashboard-Widget Attack Surface
WordPress Hooks 1
Maintenance & Trust
Last-USERS-Dashboard-Widget Maintenance & Trust
Maintenance Signals
Community Trust
Last-USERS-Dashboard-Widget Alternatives
Admin Users Logged In
admin-users-logged-in
Dashboard widget that shows admin users and when they were last logged in.
Error Log Monitor
error-log-monitor
Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.
Hide Admin Bar from Non-Admins
hide-admin-bar-from-non-admins
Hides the WordPress toolbar (admin bar) for all non-admin users. Simple plugin with no settings to configure.
Widget Disable
wp-widget-disable
Disable sidebar and dashboard widgets with an easy to use interface.
Admin Bar & Dashboard Access Control
admin-bar-dashboard-control
Disable admin bar and control users access to WordPress dashboard.
Last-USERS-Dashboard-Widget Developer Profile
2 plugins · 10 total installs
How We Detect Last-USERS-Dashboard-Widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/last-users-dashboard-widget/last-users-dashboard-widget.phpHTML / DOM Fingerprints
Да, ты админ или редактор!<br>У нас на сайте пользователей,. Вот.<br>