WP-Safety

SureDash – Community, Courses & Member Dashboard Security & Risk Analysis

wordpress.org/plugins/suredash

Build a community right inside WordPress. Discussion spaces, courses, member profiles, and a beautiful dashboard — no coding needed.

1K active installs v1.7.2 PHP 7.4+ WP 5.6+ Updated Apr 15, 2026
communitycoursesdiscussion-forummembershipuser-dashboard
97
A · Safe
CVEs total2
Unpatched0
Last CVEJul 31, 2025
Plugin page Download
Safety Verdict

Is SureDash – Community, Courses & Member Dashboard Safe to Use in 2026?

Generally Safe

Score 97/100

SureDash – Community, Courses & Member Dashboard has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Jul 31, 2025Updated 1mo ago
Risk Assessment

The "suredash" v1.6.3 plugin demonstrates several positive security practices, including a high percentage of properly escaped output and SQL queries utilizing prepared statements. The absence of unprotected entry points and a significant number of nonce and capability checks are commendable. However, concerns arise from the taint analysis, which identified four high-severity flows with unsanitized paths. This suggests that user-supplied data might be processed in ways that could lead to vulnerabilities if not handled carefully, despite the overall effort to sanitize outputs.

The plugin's vulnerability history, with two known CVEs including one high and one medium severity, points to past issues related to "Exposure of Sensitive Information to an Unauthorized Actor" and "Incorrect Privilege Assignment." While there are currently no unpatched vulnerabilities, the presence of past serious flaws is a warning sign. The most recent vulnerability dated July 31, 2025, indicates that these issues have been addressed, but the historical pattern suggests a need for continued vigilance and thorough code auditing to prevent recurrence.

In conclusion, "suredash" v1.6.3 exhibits a mixed security posture. Strengths lie in its defensive coding practices against common web vulnerabilities like SQL injection and XSS. However, the identified high-severity taint flows and the history of significant vulnerabilities indicate potential weaknesses that require careful monitoring and potentially more robust input validation and sanitization, especially concerning data originating from external sources or user input.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Past high severity vulnerability
  • Past medium severity vulnerability
Vulnerabilities
2 published

SureDash – Community, Courses & Member Dashboard Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-54685medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

SureDash <= 1.1.0 - Authenticated (Subscriber+) Information Disclosure

Jul 31, 2025 Patched in 1.2.0 (5d)
CVE-2025-48164high · 8.8Incorrect Privilege Assignment

SureDash <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation

Jul 28, 2025 Patched in 1.1.0 (8d)
Version History

SureDash – Community, Courses & Member Dashboard Release Timeline

v1.7.2Current
v1.7.1
v1.7.0
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.2
v1.3.1
v1.3.0
v1.2.1
Code Analysis
Analyzed Mar 16, 2026

SureDash – Community, Courses & Member Dashboard Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
86 prepared
Unescaped Output
170
1712 escaped
Nonce Checks
70
Capability Checks
15
File Operations
6
External Requests
10
Bundled Libraries
0

SQL Query Safety

99% prepared87 total queries

Output Escaping

91% escaped1882 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

12 flows5 with unsanitized paths
<post> (templates\quick-view\post.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SureDash – Community, Courses & Member Dashboard Attack Surface

Entry Points18
Unprotected0

AJAX Handlers 4

authwp_ajax_suredash_lost_passwordcore\blocks\login.php:40
noprivwp_ajax_suredash_lost_passwordcore\blocks\login.php:41
authwp_ajax_suredash_reset_passwordcore\blocks\login.php:43
noprivwp_ajax_suredash_reset_passwordcore\blocks\login.php:44

Shortcodes 14

[archive_content] core\shortcodes\archive-content.php:31
[content_header] core\shortcodes\content-header.php:32
[endpoint_navigation] core\shortcodes\endpoint-navigation.php:32
[home_content] core\shortcodes\home-content.php:35
[menu] core\shortcodes\menu.php:30
[navigation] core\shortcodes\navigation.php:34
[notification] core\shortcodes\notification.php:29
[responsive_navigation] core\shortcodes\responsive-navigation.php:38
[search] core\shortcodes\search.php:32
[sidebar_widgets] core\shortcodes\sidebar-widgets.php:39
[single_comments] core\shortcodes\single-comments.php:39
[single_content] core\shortcodes\single-content.php:34
[single_endpoint_content] core\shortcodes\single-endpoint-content.php:30
[user_profile] core\shortcodes\user-profile.php:31
WordPress Hooks 156
actioninitadmin\api.php:55
actionrest_api_initadmin\api.php:56
actionenqueue_block_editor_assetsadmin\editor.php:48
filterblock_categories_alladmin\editor.php:51
filterblock_categoriesadmin\editor.php:53
actionadmin_initadmin\menu.php:46
actionenqueue_block_editor_assetsadmin\menu.php:47
actionadmin_menuadmin\menu.php:49
actionadmin_headadmin\menu.php:52
actionadmin_enqueue_scriptsadmin\menu.php:73
actionadmin_headadmin\menu.php:77
actionadmin_initadmin\notices.php:28
actionadmin_initadmin\notices.php:29
actionadmin_footeradmin\notices.php:30
actionadmin_bar_menuadmin\setup.php:46
filterdisplay_post_statesadmin\setup.php:47
filterwp_dropdown_pagesadmin\setup.php:48
actioninitcore\blocks\do-blocks.php:60
actioninitcore\blocks\do-blocks.php:61
filterblock_type_metadata_settingscore\blocks\do-blocks.php:261
actionwpcore\blocks\dynamic.php:76
actionwp_headcore\blocks\dynamic.php:78
actionsuredash_footercore\blocks\dynamic.php:79
actionsuredash_enqueue_login_block_scriptscore\blocks\login.php:151
actionsuredash_enqueue_register_block_scriptscore\blocks\register.php:33
actionuser_registercore\blocks\social-login.php:120
actionuser_registercore\blocks\social-login.php:234
filterpost_type_linkcore\cpt\content.php:80
actionrestrict_manage_postscore\cpt\content.php:103
actionpre_get_postscore\cpt\content.php:104
actionwp_after_insert_postcore\cpt\portal.php:148
actionset_object_termscore\cpt\posts.php:147
actionsuredash_process_fontscore\font-manager.php:83
actionsuredash_footercore\integrations\feeds.php:62
actionsuredash_footercore\integrations\feeds.php:63
actionsuredash_footercore\integrations\feeds.php:375
filtersuredash_skip_restricted_postcore\integrations\feeds.php:416
filterpre_option_surecart_dashboard_page_idcore\integrations\sure-cart.php:86
filtersuremembers_login_wrapper_classcore\integrations\sure-members.php:52
actionsuredash_before_title_blockcore\integrations\sure-members.php:54
actionsuredash_after_title_blockcore\integrations\sure-members.php:55
actionsuredash_before_aside_navigation_itemcore\integrations\sure-members.php:56
actionsuredash_after_aside_navigation_itemcore\integrations\sure-members.php:57
filtersuredash_post_backend_restriction_detailscore\integrations\sure-members.php:59
actiontemplate_redirectcore\integrations\sure-members.php:61
actionsuredash_post_restriction_before_checkcore\integrations\sure-members.php:69
actionsuredash_post_restriction_after_checkcore\integrations\sure-members.php:70
actionsuremembers_user_access_group_grantedcore\integrations\sure-members.php:78
actionsuremembers_user_access_group_revokedcore\integrations\sure-members.php:79
actionsuredash_user_registeredcore\integrations\sure-members.php:86
filtersuredash_post_restriction_rulesetcore\integrations\sure-members.php:319
filtersuremembers_only_process_redirectioncore\integrations\sure-members.php:421
filtersuremembers_load_restricted_page_templatecore\integrations\sure-members.php:422
actionsuredash_dequeue_assetscore\renderer.php:37
actionwp_enqueue_scriptscore\renderer.php:38
actionwp_print_stylescore\renderer.php:39
actionsuredash_enqueue_scriptscore\renderer.php:41
filtersuredash_page_headingcore\renderer.php:42
filtersuredash_title_block_setcore\renderer.php:43
filterpre_get_document_titlecore\renderer.php:44
actionwpcore\renderer.php:46
actionwpcore\renderer.php:47
actiontemplate_redirectcore\renderer.php:48
actiontemplate_redirectcore\renderer.php:49
filtertemplate_includecore\renderer.php:50
filterbody_classcore\renderer.php:51
filtershow_admin_barcore\renderer.php:54
filterthe_contentcore\renderer.php:57
actionadmin_bar_menucore\renderer.php:60
actionwp_headcore\renderer.php:61
actionadmin_bar_menucore\renderer.php:64
actionwpcore\renderer.php:67
actionwp_footercore\renderer.php:660
actioninitcore\rewrite-rules.php:71
filterquery_varscore\rewrite-rules.php:72
filterrewrite_rules_arraycore\rewrite-rules.php:75
actionsuredashboard_single_post_templatecore\rewrite-rules.php:78
actionsuredashboard_quick_view_post_contentcore\rewrite-rules.php:81
actionsuredash_footercore\rewrite-rules.php:83
actionsuredash_footercore\rewrite-rules.php:84
actionsuredash_footercore\rewrite-rules.php:85
actionsuredash_footercore\rewrite-rules.php:86
filterthe_contentcore\rewrite-rules.php:248
actioninitcore\roles.php:32
filterposts_searchcore\routers\backend.php:809
filterposts_searchcore\routers\backend.php:1183
filtersuredash_skip_restricted_postcore\routers\misc.php:268
filtersuredash_post_enforce_excerpt_contentcore\routers\misc.php:289
filterwp_new_user_notification_emailcore\routers\social-logins.php:490
actionuser_registercore\routers\social-logins.php:505
actionrest_api_initcore\routes.php:38
filterthe_contentcore\shortcodes\archive-content.php:53
filtersuredash_skip_restricted_postcore\shortcodes\home-content.php:635
actionwp_footercore\shortcodes\responsive-navigation.php:67
filterastra_get_option_enable-comments-areacore\shortcodes\single-comments.php:62
actionsuredash_footercore\shortcodes\single-content.php:168
filterthe_contentcore\shortcodes\single-content.php:188
actiondeleted_commentinc\compatibility\comment.php:32
actiondeleted_postinc\compatibility\comment.php:43
filterrender_blockinc\compatibility\layout.php:28
filterbody_classinc\compatibility\page-builder.php:315
actionwp_enqueue_scriptsinc\compatibility\page-builder.php:316
actionwp_enqueue_scriptsinc\compatibility\page-builder.php:320
actionwp_headinc\compatibility\page-builder.php:326
actionadmin_bar_menuinc\compatibility\page-builder.php:338
actionwp_headinc\compatibility\page-builder.php:381
actionwp_footerinc\compatibility\page-builder.php:392
actionwp_enqueue_scriptsinc\compatibility\plugin.php:30
actionsuredash_after_plugin_activationinc\compatibility\plugin.php:31
actionwpinc\compatibility\plugin.php:32
filtertemplate_includeinc\compatibility\plugin.php:158
actionwpinc\compatibility\theme.php:36
filterastra_get_option_scroll-to-top-enableinc\compatibility\theme.php:101
filterastra_block_based_legacy_setupinc\compatibility\theme.php:104
filtercomment_textinc\functions\functions.php:866
actionsuredash_send_email_batchinc\modules\email-notifications\email-dispatcher.php:160
actionuser_registerinc\modules\email-notifications\email-triggers.php:182
actiontransition_post_statusinc\modules\email-notifications\email-triggers.php:185
actiontransition_post_statusinc\modules\email-notifications\email-triggers.php:188
actionenqueue_block_editor_assetsinc\templator\block-supports-extended.php:29
filterrender_blockinc\templator\block-supports-extended.php:30
filterpre_render_blockinc\templator\block-supports-extended.php:31
filterblock_type_metadatainc\templator\block-supports-extended.php:32
filterget_block_templatesinc\templator\service.php:68
filterpre_get_block_file_templateinc\templator\service.php:69
filterget_block_templatesinc\templator\service.php:72
actioninitinc\templator\service.php:76
filtertemplate_includeinc\templator\service.php:77
filterthe_contentinc\templator\service.php:80
filterrender_blockinc\templator\service.php:81
actionwp_footerinc\templator\service.php:84
filterblock_editor_settings_allinc\templator\service.php:166
filterwp_theme_json_data_themeinc\templator\service.php:169
filtertheme_page_templatesinc\templator\service.php:409
filtertheme_post_templatesinc\templator\service.php:411
filterbody_classinc\templator\utility.php:63
actioninitinc\traits\post-type.php:65
actioninitinc\traits\post-type.php:75
actionparse_queryinc\traits\post-type.php:85
actionrestrict_manage_postsinc\traits\post-type.php:86
filterbsf_core_statsinc\utils\analytics.php:28
actionadmin_initinc\utils\maintenance.php:28
actioninitinc\utils\maintenance.php:30
filterupload_dirinc\utils\uploader.php:65
actionadmin_initloader.php:71
actioninitloader.php:79
actionplugins_loadedloader.php:80
actionafter_setup_themeloader.php:82
filterwp_kses_allowed_htmlloader.php:83
filterpre_comment_contentloader.php:86
filterdoing_it_wrong_trigger_errorloader.php:89
actiondoing_it_wrong_runloader.php:92
actionsuredash_initloader.php:94
filterplugin_row_metaloader.php:96
actionshutdownloader.php:155
actiondoing_it_wrong_runloader.php:159
Maintenance & Trust

SureDash – Community, Courses & Member Dashboard Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.4
Downloads21K

Community Trust

Rating86/100
Number of ratings21
Active installs1K
Alternatives

SureDash – Community, Courses & Member Dashboard Alternatives

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

D
40

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 1 unpatched
Ultimate Member – reCAPTCHA

Ultimate Member – reCAPTCHA

um-recaptcha

A
92

Stop bots on your registration & login forms with Google reCAPTCHA

20K No CVEs
WP User Manager – User Profile Builder & Membership

WP User Manager – User Profile Builder & Membership

wp-user-manager

A
89

The most customizable profiles & community builder WordPress plugin with front-end login, registration, profile customization and content restriction.

10K 7 CVEs
ProfileGrid – User Profiles, Groups and Communities

ProfileGrid – User Profiles, Groups and Communities

profilegrid-user-profiles-groups-and-communities

B
76

Custom user profiles plugin ❤ with paid memberships, groups, communities, content restriction, user registration, messaging, WooCommerce memberships, &hellip;

6K 52 CVEs
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

C
52

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched
Developer Profile

SureDash – Community, Courses & Member Dashboard Developer Profile

Brainstorm Force

34 plugins · 8.8M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
185 days
View full developer profile
Detection Fingerprints

How We Detect SureDash – Community, Courses & Member Dashboard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/suredash/assets/build/editor-app.css/wp-content/plugins/suredash/assets/build/editor-app-rtl.css/wp-content/plugins/suredash/assets/css/blocks.css/wp-content/plugins/suredash/assets/css/blocks-rtl.css/wp-content/plugins/suredash/assets/css/font.css/wp-content/plugins/suredash/assets/css/font-rtl.css
Script Paths
/wp-content/plugins/suredash/assets/build/editor-app.js
Version Parameters
suredash/assets/build/editor-app.js?ver=suredash/assets/build/editor-app-rtl.css?ver=suredash/assets/css/blocks.css?ver=suredash/assets/css/blocks-rtl.css?ver=suredash/assets/css/font.css?ver=suredash/assets/css/font-rtl.css?ver=

HTML / DOM Fingerprints

CSS Classes
suredash-editor-wrapper
Data Attributes
data-portal-namedata-portal-logodata-user-display-namedata-user-emaildata-user-avatar
JS Globals
portal_blocks
FAQ

Frequently Asked Questions about SureDash – Community, Courses & Member Dashboard