Does Sortable Dashboard To-Do List have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Sortable Dashboard To-Do List compatible with WordPress 6.9.4?

According to WordPress.org data, Sortable Dashboard To-Do List 2.4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Sortable Dashboard To-Do List compatible with PHP 7.4.0+?

Sortable Dashboard To-Do List requires PHP 7.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sortable Dashboard To-Do List updated?

Sortable Dashboard To-Do List was last updated on Nov 30, 2025. Frequent updates are generally a positive security signal.

What is Sortable Dashboard To-Do List's security score?

Sortable Dashboard To-Do List has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sortable Dashboard To-Do List Security & Risk Analysis

wordpress.org/plugins/sortable-dashboard-to-do-list

Adds a sortable to-do list widget to your WP dashboard. Useful for developers, content writers, and team tasks. Easily assign tasks to other users.

90 active installs v2.4.1 PHP 7.4.0+ WP 5.0+ Updated Nov 30, 2025

dashboard-widgettasktask-managementto-dotodo-list

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Sortable Dashboard To-Do List Safe to Use in 2026?

Generally Safe

Score 100/100

Sortable Dashboard To-Do List has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The 'sortable-dashboard-to-do-list' v2.4.1 plugin exhibits a concerning security posture primarily due to its unprotected AJAX endpoints. While the plugin demonstrates good practices in its use of prepared statements for SQL queries and output escaping, the presence of 7 AJAX handlers without authentication checks presents a significant attack surface. This means that any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure.

The taint analysis further highlights this concern, revealing 3 flows with unsanitized paths. Although classified as high severity rather than critical, these flows indicate potential vulnerabilities where user-supplied data could be manipulated to execute unintended code or access sensitive information within the application. The use of the `unserialize` function, known to be dangerous if handling untrusted input, exacerbates these risks.

The plugin's vulnerability history is a positive indicator, showing no known CVEs. This suggests that the plugin has historically been maintained with security in mind, or that past vulnerabilities (if any) have been addressed promptly. However, the current static analysis reveals significant security gaps that outweigh the clean vulnerability history. Therefore, while the plugin benefits from good coding practices in certain areas, the unprotected AJAX handlers and identified taint flows present a substantial risk that requires immediate attention.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Dangerous function unserialize
Missing nonce checks on AJAX

Vulnerabilities

None known

Sortable Dashboard To-Do List Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Sortable Dashboard To-Do List Release Timeline

v2.4.1Current

v2.4

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1

Code Analysis

Analyzed Mar 16, 2026

Sortable Dashboard To-Do List Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

105 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$completed_by = unserialize($results['completed_by']);classes\sdtdl.php:341

unserialize$completed_by = unserialize($results[0]['completed_by']);classes\sdtdl.php:504

SQL Query Safety

92% prepared12 total queries

Output Escaping

92% escaped114 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

mark_complete (classes\sdtdl.php:314)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Sortable Dashboard To-Do List Attack Surface

Entry Points7

Unprotected7

AJAX Handlers 7

authwp_ajax_sdtdl_add_itemclasses\sdtdl.php:36

authwp_ajax_sdtdl_edit_itemclasses\sdtdl.php:38

authwp_ajax_sdtdl_delete_itemclasses\sdtdl.php:39

authwp_ajax_sdtdl_update_orderclasses\sdtdl.php:40

authwp_ajax_sdtdl_save_settingsclasses\sdtdl.php:41

authwp_ajax_sdtdl_mark_completeclasses\sdtdl.php:42

authwp_ajax_sdtdl_dismissed_notice_handlerclasses\sdtdl.php:43

WordPress Hooks 6

actionwp_footerclasses\sdtdl.php:35

actionadmin_noticesclasses\sdtdl.php:37

actiondeleted_userclasses\sdtdl.php:44

actioninitclasses\sdtdl.php:45

actionadmin_enqueue_scriptsclasses\sdtdl.php:201

actioninitsdtdl.php:21

Maintenance & Trust

Sortable Dashboard To-Do List Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 30, 2025

PHP min version7.4.0

Downloads4K

Community Trust

Rating90/100

Number of ratings4

Active installs90

Alternatives

Sortable Dashboard To-Do List Alternatives

Dashboard To-Do List

dashboard-to-do-list

A dashboard to-do list widget with the option to show the to-do list on the website. This is a great tool for web developers building a new website.

1K 2 CVEs

Todo by Aavoya

todo-by-aavoya

A Simple plugin to manage small projects or can be used as todo list.

0 No CVEs

Todo for BuddyPress & BuddyBoss

bp-user-to-do-list

100

Transform your BuddyPress or BuddyBoss community into a powerful task management platform. Members can create personal todos, collaborate on group tas …

100 1 CVE

NoteFlow – Smart Notes Manager for WordPress Admin

noteflow

100

A simple and efficient notes manager for WordPress admin dashboard. Create, organize, and manage your notes directly from WordPress.

10 No CVEs

To Do List Member

todo-lists-for-membership-sites

To Do List Member adds todolists and tasks using custom taxonomy and post type to your blog.

10 No CVEs

Developer Profile

Sortable Dashboard To-Do List Developer Profile

JFG Media

3 plugins · 200 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sortable Dashboard To-Do List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sortable-dashboard-to-do-list/css/sdtdl-front.css/wp-content/plugins/sortable-dashboard-to-do-list/js/sdtdl-front.min.js

Script Paths

/wp-content/plugins/sortable-dashboard-to-do-list/js/sdtdl-front.min.js

Version Parameters

sortable-dashboard-to-do-list/css/sdtdl-front.css?ver=sortable-dashboard-to-do-list/js/sdtdl-front.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

sdtdl-list-headersdtdl-add-item-wrapsdtdl-list-itemsdtdl-item-contentsdtdl-item-detailssdtdl-item-usersdtdl-item-due-datesdtdl-item-actions+22 more

Data Attributes

data-sdtdl-iddata-sdtdl-taskdata-sdtdl-due-datedata-sdtdl-assigned-to

JS Globals

sdtdl_varssdtdl_ajax_urlsdtdl_current_user_idsdtdl_noncesdtdl_strings

REST Endpoints

/wp-json/sdtdl/v1/add-item/wp-json/sdtdl/v1/edit-item/wp-json/sdtdl/v1/delete-item/wp-json/sdtdl/v1/update-order/wp-json/sdtdl/v1/save-settings/wp-json/sdtdl/v1/mark-complete/wp-json/sdtdl/v1/dismiss-notice

FAQ