WP-Safety

MM Dashboard Customizer Security & Risk Analysis

wordpress.org/plugins/mm-dashboard-customizer

A (really) easy/simple plugin that allows multiple dashboard customization options including: Login page, Dashboard widgets, Header (top bar), Footer …

100 active installs v1.2 PHP + WP 3.0.0+ Updated Jul 27, 2017
adminimizecustomizerdashboarddashboard-customizermm-dashboard-customizer
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MM Dashboard Customizer Safe to Use in 2026?

Generally Safe

Score 85/100

MM Dashboard Customizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The mm-dashboard-customizer v1.2 plugin exhibits a generally good security posture with no known vulnerabilities and robust handling of SQL queries. The absence of dangerous functions, file operations, and external HTTP requests, along with a lack of reported CVEs, are positive indicators. The plugin also implements a nonce check on one of its entry points.

However, a significant concern arises from the complete lack of proper output escaping across all identified output points. This means that any data processed or displayed by the plugin is susceptible to cross-site scripting (XSS) attacks, as malicious scripts could be injected and executed in the user's browser. Furthermore, while there are no explicitly unprotected AJAX handlers or REST API routes listed, the lack of capability checks for the identified AJAX handlers means that any authenticated user could potentially trigger these actions, regardless of their role or permissions. This creates a potential for privilege escalation or unauthorized actions if these handlers are not designed with implicit authorization in mind.

In conclusion, while the plugin benefits from a clean vulnerability history and secure data handling for SQL, the critical issue of unescaped output and the potential for unauthorized access to AJAX handlers present significant security risks that must be addressed.

Key Concerns

  • 0% of output properly escaped
  • No capability checks on AJAX handlers
Vulnerabilities
None known

MM Dashboard Customizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MM Dashboard Customizer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
32
0 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped32 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
mmdc_reset_settings (includes\ajax\ajax.php:20)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MM Dashboard Customizer Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_mmdc_reset_settingsincludes\ajax\ajax.php:18
noprivwp_ajax_mmdc_reset_settingsincludes\ajax\ajax.php:19
WordPress Hooks 31
actionlogin_enqueue_scriptsincludes\main\main-functions.php:34
actionlogin_enqueue_scriptsincludes\main\main-functions.php:57
filterlogin_headerurlincludes\main\main-functions.php:71
filterlogin_headertitleincludes\main\main-functions.php:85
actionlogin_enqueue_scriptsincludes\main\main-functions.php:105
filterlogin_messageincludes\main\main-functions.php:123
actionlogin_enqueue_scriptsincludes\main\main-functions.php:143
actionlogin_enqueue_scriptsincludes\main\main-functions.php:173
filtercontextual_helpincludes\main\main-functions.php:189
filterscreen_options_show_screenincludes\main\main-functions.php:198
actionload-index.phpincludes\main\main-functions.php:208
actionwp_dashboard_setupincludes\main\main-functions.php:232
actionwp_dashboard_setupincludes\main\main-functions.php:249
actionwp_dashboard_setupincludes\main\main-functions.php:265
actionwp_dashboard_setupincludes\main\main-functions.php:281
actionwp_dashboard_setupincludes\main\main-functions.php:296
actionadmin_menuincludes\main\main-functions.php:303
actionwp_dashboard_setupincludes\main\main-functions.php:317
actionwp_before_admin_bar_renderincludes\main\main-functions.php:333
actionwp_before_admin_bar_renderincludes\main\main-functions.php:349
actionwp_before_admin_bar_renderincludes\main\main-functions.php:364
filteradmin_bar_menuincludes\main\main-functions.php:383
filteradmin_footer_textincludes\main\main-functions.php:395
actionadmin_initincludes\main\main-functions.php:403
filteradmin_footer_textincludes\main\main-functions.php:414
actionadmin_initincludes\main\main-functions.php:422
actionadmin_menuincludes\main\main-functions.php:436
actionadmin_menuincludes\options\options-functions.php:30
actionadmin_initincludes\options\options-functions.php:452
actionadmin_enqueue_scriptsincludes\src\src-functions.php:19
actionadmin_enqueue_scriptsincludes\src\src-functions.php:40
Maintenance & Trust

MM Dashboard Customizer Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJul 27, 2017
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

MM Dashboard Customizer Alternatives

WP Custom Admin Dashboard

WP Custom Admin Dashboard

wp-custom-admin-dashboard

A
100

Custom Admin Dashboard Plugin Description A basic All-in-one plugin that allows users to customize the Wordpress Administration dashboard.

50 No CVEs
Branda – White Label & Branding, Free Login Page Customizer

Branda – White Label & Branding, Free Login Page Customizer

branda-white-labeling

A
89

White label & rebrand your login page & WordPress dashboard. Customize system emails & get everything to rebrand WordPress with Branda.

20K 7 CVEs
WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer

WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer

adminify

A
95

Transform your WordPress admin into a fully white-labeled, organized client dashboard. Customize, Dark mode, Secure, Boost productivity, and more.

7K 7 CVEs
Easy WP Admin Customizer

Easy WP Admin Customizer

easy-wp-admin-customizer

A
100

Faster and simple way to clean and customize your admin dashboard!

10 No CVEs
Dashboard Plus

Dashboard Plus

dashboardplus

A
100

Everything you need to customize your WordPress Dashboard , Login Page.

0 No CVEs
Developer Profile

MM Dashboard Customizer Developer Profile

Maroun Melhem

2 plugins · 130 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MM Dashboard Customizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mm-dashboard-customizer/includes/libraries/spectrum/spectrum.css/wp-content/plugins/mm-dashboard-customizer/includes/libraries/switchery/switchery.min.css/wp-content/plugins/mm-dashboard-customizer/includes/src/css/styles.css/wp-content/plugins/mm-dashboard-customizer/includes/libraries/spectrum/spectrum.js/wp-content/plugins/mm-dashboard-customizer/includes/libraries/switchery/switchery.min.js/wp-content/plugins/mm-dashboard-customizer/includes/src/js/scripts.js
Script Paths
/wp-content/plugins/mm-dashboard-customizer/includes/libraries/spectrum/spectrum.js/wp-content/plugins/mm-dashboard-customizer/includes/libraries/switchery/switchery.min.js/wp-content/plugins/mm-dashboard-customizer/includes/src/js/scripts.js
Version Parameters
mm-dashboard-customizer/includes/libraries/spectrum/spectrum.css?ver=1.0mm-dashboard-customizer/includes/libraries/switchery/switchery.min.css?ver=1.0mm-dashboard-customizer/includes/src/css/styles.css?ver=1.0mm-dashboard-customizer/includes/libraries/spectrum/spectrum.js?ver=1.0mm-dashboard-customizer/includes/libraries/switchery/switchery.min.js?ver=1.0mm-dashboard-customizer/includes/src/js/scripts.js?ver=1.0

HTML / DOM Fingerprints

CSS Classes
mmdc_login_custom_message
JS Globals
plugin_obj
FAQ

Frequently Asked Questions about MM Dashboard Customizer