Does SureDash have any unpatched vulnerabilities?

No. All known vulnerabilities in SureDash have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SureDash compatible with WordPress 6.9.4?

According to WordPress.org data, SureDash 1.6.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is SureDash compatible with PHP 7.4+?

SureDash requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SureDash updated?

SureDash was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is SureDash's security score?

SureDash has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SureDash Security & Risk Analysis

wordpress.org/plugins/suredash

SureDash makes WordPress a community hub with unified login, custom dashboard, and total control over your data.

900 active installs v1.6.3 PHP 7.4+ WP 5.6+ Updated Mar 12, 2026

customerdashboarduser-dashboard

A · Safe

CVEs total2

Unpatched0

Last CVEJul 31, 2025

Plugin page Download

Safety Verdict

Is SureDash Safe to Use in 2026?

Generally Safe

Score 97/100

SureDash has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jul 31, 2025Updated 22d ago

Risk Assessment

The "suredash" v1.6.3 plugin demonstrates several positive security practices, including a high percentage of properly escaped output and SQL queries utilizing prepared statements. The absence of unprotected entry points and a significant number of nonce and capability checks are commendable. However, concerns arise from the taint analysis, which identified four high-severity flows with unsanitized paths. This suggests that user-supplied data might be processed in ways that could lead to vulnerabilities if not handled carefully, despite the overall effort to sanitize outputs.

The plugin's vulnerability history, with two known CVEs including one high and one medium severity, points to past issues related to "Exposure of Sensitive Information to an Unauthorized Actor" and "Incorrect Privilege Assignment." While there are currently no unpatched vulnerabilities, the presence of past serious flaws is a warning sign. The most recent vulnerability dated July 31, 2025, indicates that these issues have been addressed, but the historical pattern suggests a need for continued vigilance and thorough code auditing to prevent recurrence.

In conclusion, "suredash" v1.6.3 exhibits a mixed security posture. Strengths lie in its defensive coding practices against common web vulnerabilities like SQL injection and XSS. However, the identified high-severity taint flows and the history of significant vulnerabilities indicate potential weaknesses that require careful monitoring and potentially more robust input validation and sanitization, especially concerning data originating from external sources or user input.

Key Concerns

High severity taint flows with unsanitized paths
Past high severity vulnerability
Past medium severity vulnerability

Vulnerabilities

SureDash Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-54685medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

SureDash <= 1.1.0 - Authenticated (Subscriber+) Information Disclosure

Jul 31, 2025 Patched in 1.2.0 (5d)

CVE-2025-48164high · 8.8Incorrect Privilege Assignment

SureDash <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation

Jul 28, 2025 Patched in 1.1.0 (8d)

Code Analysis

Analyzed Mar 16, 2026

SureDash Code Analysis

Dangerous Functions

Raw SQL Queries

86 prepared

Unescaped Output

170

1712 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

99% prepared87 total queries

Output Escaping

91% escaped1882 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

12 flows5 with unsanitized paths

<post> (templates\quick-view\post.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

SureDash Attack Surface

Entry Points18

Unprotected0

AJAX Handlers 4

authwp_ajax_suredash_lost_passwordcore\blocks\login.php:40

noprivwp_ajax_suredash_lost_passwordcore\blocks\login.php:41

authwp_ajax_suredash_reset_passwordcore\blocks\login.php:43

noprivwp_ajax_suredash_reset_passwordcore\blocks\login.php:44

Shortcodes 14

[archive_content] core\shortcodes\archive-content.php:31

[content_header] core\shortcodes\content-header.php:32

[endpoint_navigation] core\shortcodes\endpoint-navigation.php:32

[home_content] core\shortcodes\home-content.php:35

[menu] core\shortcodes\menu.php:30

[navigation] core\shortcodes\navigation.php:34

[notification] core\shortcodes\notification.php:29

[responsive_navigation] core\shortcodes\responsive-navigation.php:38

[search] core\shortcodes\search.php:32

[sidebar_widgets] core\shortcodes\sidebar-widgets.php:39

[single_comments] core\shortcodes\single-comments.php:39

[single_content] core\shortcodes\single-content.php:34

[single_endpoint_content] core\shortcodes\single-endpoint-content.php:30

[user_profile] core\shortcodes\user-profile.php:31

WordPress Hooks 156

actioninitadmin\api.php:55

actionrest_api_initadmin\api.php:56

actionenqueue_block_editor_assetsadmin\editor.php:48

filterblock_categories_alladmin\editor.php:51

filterblock_categoriesadmin\editor.php:53

actionadmin_initadmin\menu.php:46

actionenqueue_block_editor_assetsadmin\menu.php:47

actionadmin_menuadmin\menu.php:49

actionadmin_headadmin\menu.php:52

actionadmin_enqueue_scriptsadmin\menu.php:73

actionadmin_headadmin\menu.php:77

actionadmin_initadmin\notices.php:28

actionadmin_initadmin\notices.php:29

actionadmin_footeradmin\notices.php:30

actionadmin_bar_menuadmin\setup.php:46

filterdisplay_post_statesadmin\setup.php:47

filterwp_dropdown_pagesadmin\setup.php:48

actioninitcore\blocks\do-blocks.php:60

actioninitcore\blocks\do-blocks.php:61

filterblock_type_metadata_settingscore\blocks\do-blocks.php:261

actionwpcore\blocks\dynamic.php:76

actionwp_headcore\blocks\dynamic.php:78

actionsuredash_footercore\blocks\dynamic.php:79

actionsuredash_enqueue_login_block_scriptscore\blocks\login.php:151

actionsuredash_enqueue_register_block_scriptscore\blocks\register.php:33

actionuser_registercore\blocks\social-login.php:120

actionuser_registercore\blocks\social-login.php:234

filterpost_type_linkcore\cpt\content.php:80

actionrestrict_manage_postscore\cpt\content.php:103

actionpre_get_postscore\cpt\content.php:104

actionwp_after_insert_postcore\cpt\portal.php:148

actionset_object_termscore\cpt\posts.php:147

actionsuredash_process_fontscore\font-manager.php:83

actionsuredash_footercore\integrations\feeds.php:62

actionsuredash_footercore\integrations\feeds.php:63

actionsuredash_footercore\integrations\feeds.php:375

filtersuredash_skip_restricted_postcore\integrations\feeds.php:416

filterpre_option_surecart_dashboard_page_idcore\integrations\sure-cart.php:86

filtersuremembers_login_wrapper_classcore\integrations\sure-members.php:52

actionsuredash_before_title_blockcore\integrations\sure-members.php:54

actionsuredash_after_title_blockcore\integrations\sure-members.php:55

actionsuredash_before_aside_navigation_itemcore\integrations\sure-members.php:56

actionsuredash_after_aside_navigation_itemcore\integrations\sure-members.php:57

filtersuredash_post_backend_restriction_detailscore\integrations\sure-members.php:59

actiontemplate_redirectcore\integrations\sure-members.php:61

actionsuredash_post_restriction_before_checkcore\integrations\sure-members.php:69

actionsuredash_post_restriction_after_checkcore\integrations\sure-members.php:70

actionsuremembers_user_access_group_grantedcore\integrations\sure-members.php:78

actionsuremembers_user_access_group_revokedcore\integrations\sure-members.php:79

actionsuredash_user_registeredcore\integrations\sure-members.php:86

filtersuredash_post_restriction_rulesetcore\integrations\sure-members.php:319

filtersuremembers_only_process_redirectioncore\integrations\sure-members.php:421

filtersuremembers_load_restricted_page_templatecore\integrations\sure-members.php:422

actionsuredash_dequeue_assetscore\renderer.php:37

actionwp_enqueue_scriptscore\renderer.php:38

actionwp_print_stylescore\renderer.php:39

actionsuredash_enqueue_scriptscore\renderer.php:41

filtersuredash_page_headingcore\renderer.php:42

filtersuredash_title_block_setcore\renderer.php:43

filterpre_get_document_titlecore\renderer.php:44

actionwpcore\renderer.php:46

actionwpcore\renderer.php:47

actiontemplate_redirectcore\renderer.php:48

actiontemplate_redirectcore\renderer.php:49

filtertemplate_includecore\renderer.php:50

filterbody_classcore\renderer.php:51

filtershow_admin_barcore\renderer.php:54

filterthe_contentcore\renderer.php:57

actionadmin_bar_menucore\renderer.php:60

actionwp_headcore\renderer.php:61

actionadmin_bar_menucore\renderer.php:64

actionwpcore\renderer.php:67

actionwp_footercore\renderer.php:660

actioninitcore\rewrite-rules.php:71

filterquery_varscore\rewrite-rules.php:72

filterrewrite_rules_arraycore\rewrite-rules.php:75

actionsuredashboard_single_post_templatecore\rewrite-rules.php:78

actionsuredashboard_quick_view_post_contentcore\rewrite-rules.php:81

actionsuredash_footercore\rewrite-rules.php:83

actionsuredash_footercore\rewrite-rules.php:84

actionsuredash_footercore\rewrite-rules.php:85

actionsuredash_footercore\rewrite-rules.php:86

filterthe_contentcore\rewrite-rules.php:248

actioninitcore\roles.php:32

filterposts_searchcore\routers\backend.php:809

filterposts_searchcore\routers\backend.php:1183

filtersuredash_skip_restricted_postcore\routers\misc.php:268

filtersuredash_post_enforce_excerpt_contentcore\routers\misc.php:289

filterwp_new_user_notification_emailcore\routers\social-logins.php:490

actionuser_registercore\routers\social-logins.php:505

actionrest_api_initcore\routes.php:38

filterthe_contentcore\shortcodes\archive-content.php:53

filtersuredash_skip_restricted_postcore\shortcodes\home-content.php:635

actionwp_footercore\shortcodes\responsive-navigation.php:67

filterastra_get_option_enable-comments-areacore\shortcodes\single-comments.php:62

actionsuredash_footercore\shortcodes\single-content.php:168

filterthe_contentcore\shortcodes\single-content.php:188

actiondeleted_commentinc\compatibility\comment.php:32

actiondeleted_postinc\compatibility\comment.php:43

filterrender_blockinc\compatibility\layout.php:28

filterbody_classinc\compatibility\page-builder.php:315

actionwp_enqueue_scriptsinc\compatibility\page-builder.php:316

actionwp_enqueue_scriptsinc\compatibility\page-builder.php:320

actionwp_headinc\compatibility\page-builder.php:326

actionadmin_bar_menuinc\compatibility\page-builder.php:338

actionwp_headinc\compatibility\page-builder.php:381

actionwp_footerinc\compatibility\page-builder.php:392

actionwp_enqueue_scriptsinc\compatibility\plugin.php:30

actionsuredash_after_plugin_activationinc\compatibility\plugin.php:31

actionwpinc\compatibility\plugin.php:32

filtertemplate_includeinc\compatibility\plugin.php:158

actionwpinc\compatibility\theme.php:36

filterastra_get_option_scroll-to-top-enableinc\compatibility\theme.php:101

filterastra_block_based_legacy_setupinc\compatibility\theme.php:104

filtercomment_textinc\functions\functions.php:866

actionsuredash_send_email_batchinc\modules\email-notifications\email-dispatcher.php:160

actionuser_registerinc\modules\email-notifications\email-triggers.php:182

actiontransition_post_statusinc\modules\email-notifications\email-triggers.php:185

actiontransition_post_statusinc\modules\email-notifications\email-triggers.php:188

actionenqueue_block_editor_assetsinc\templator\block-supports-extended.php:29

filterrender_blockinc\templator\block-supports-extended.php:30

filterpre_render_blockinc\templator\block-supports-extended.php:31

filterblock_type_metadatainc\templator\block-supports-extended.php:32

filterget_block_templatesinc\templator\service.php:68

filterpre_get_block_file_templateinc\templator\service.php:69

filterget_block_templatesinc\templator\service.php:72

actioninitinc\templator\service.php:76

filtertemplate_includeinc\templator\service.php:77

filterthe_contentinc\templator\service.php:80

filterrender_blockinc\templator\service.php:81

actionwp_footerinc\templator\service.php:84

filterblock_editor_settings_allinc\templator\service.php:166

filterwp_theme_json_data_themeinc\templator\service.php:169

filtertheme_page_templatesinc\templator\service.php:409

filtertheme_post_templatesinc\templator\service.php:411

filterbody_classinc\templator\utility.php:63

actioninitinc\traits\post-type.php:65

actioninitinc\traits\post-type.php:75

actionparse_queryinc\traits\post-type.php:85

actionrestrict_manage_postsinc\traits\post-type.php:86

filterbsf_core_statsinc\utils\analytics.php:28

actionadmin_initinc\utils\maintenance.php:28

actioninitinc\utils\maintenance.php:30

filterupload_dirinc\utils\uploader.php:65

actionadmin_initloader.php:71

actioninitloader.php:79

actionplugins_loadedloader.php:80

actionafter_setup_themeloader.php:82

filterwp_kses_allowed_htmlloader.php:83

filterpre_comment_contentloader.php:86

filterdoing_it_wrong_trigger_errorloader.php:89

actiondoing_it_wrong_runloader.php:92

actionsuredash_initloader.php:94

filterplugin_row_metaloader.php:96

actionshutdownloader.php:155

actiondoing_it_wrong_runloader.php:159

Maintenance & Trust

SureDash Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.4

Downloads18K

Community Trust

Rating94/100

Number of ratings20

Active installs900

Alternatives

SureDash Alternatives

ACL – Woo Advanced Customer Dashboard

acl-woo-advanced-customer-dashboard

Customer Dashboard Plugin is the most Advanced Award Wining WooCommerce plugin that lets you create the decorative users end dashboard with many inter …

10 No CVEs

AffiliateWP – Order Details For Affiliates

affiliatewp-order-details-for-affiliates

100

Allow affiliates to see order details on referrals they generated

2K No CVEs

WP Frontend Admin – Display WP Admin Pages in the Frontend

display-admin-page-on-frontend

Show Gutenberg Editor in the Frontend. Display WP Admin Pages in the Frontend. Create custom dashboards in the front end, Allow to Edit in the Fronten …

600 1 CVE

CITS My Account Customize for WooCommerce

my-account-customize-for-wp

Customize your WooCommerce 'My Account' page with ease! Adjust menus, pick designs, and enhance user experience effortlessly.

500 No CVEs

Ni WooCommerce Dashboard Sales Report

ni-woocommerce-dashboard-report

Enhance your WooCommerce store with the "Ni WooCommerce Dashboard Report" plugin. Gain insights, track sales, and optimize your business.

50 No CVEs

Developer Profile

SureDash Developer Profile

Brainstorm Force

32 plugins · 8.6M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

196 days

View full developer profile

Detection Fingerprints

How We Detect SureDash

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/suredash/assets/build/editor-app.css/wp-content/plugins/suredash/assets/build/editor-app-rtl.css/wp-content/plugins/suredash/assets/css/blocks.css/wp-content/plugins/suredash/assets/css/blocks-rtl.css/wp-content/plugins/suredash/assets/css/font.css/wp-content/plugins/suredash/assets/css/font-rtl.css

Script Paths

/wp-content/plugins/suredash/assets/build/editor-app.js

Version Parameters

suredash/assets/build/editor-app.js?ver=suredash/assets/build/editor-app-rtl.css?ver=suredash/assets/css/blocks.css?ver=suredash/assets/css/blocks-rtl.css?ver=suredash/assets/css/font.css?ver=suredash/assets/css/font-rtl.css?ver=

HTML / DOM Fingerprints

CSS Classes

suredash-editor-wrapper

Data Attributes

data-portal-namedata-portal-logodata-user-display-namedata-user-emaildata-user-avatar

JS Globals

portal_blocks

FAQ