WP-Safety

Dashboard Beacon Security & Risk Analysis

wordpress.org/plugins/wp-dashboard-beacon

Easily integrate a Help Scout beacon in your site's dashboard.

10 active installs v1.2.0 PHP + WP 3.5.0+ Updated May 14, 2016
clientdashboarddocumentationhelpscoutsupport
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is Dashboard Beacon Safe to Use in 2026?

Use With Caution

Score 63/100

Dashboard Beacon has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Dec 31, 2025Updated 10yr ago
Risk Assessment

The wp-dashboard-beacon plugin v1.2.0 presents a mixed security posture. On the positive side, the static analysis reveals no identified dangerous functions, no direct SQL queries outside of prepared statements, and a complete absence of file operations or external HTTP requests. The attack surface is reported as zero entry points, and importantly, zero unprotected entry points, suggesting a generally secure design in these areas. However, a significant concern arises from the low rate of output escaping (27%), indicating a high likelihood of cross-site scripting (XSS) vulnerabilities, especially when considering the plugin's vulnerability history. The absence of nonce and capability checks on the identified entry points is also a notable weakness, despite the zero count, as it suggests a lack of built-in protective measures for potential future entry points.

Key Concerns

  • Unpatched CVEs
  • Low output escaping percentage
  • No nonce checks
  • No capability checks
Vulnerabilities
1 published

Dashboard Beacon Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-49337medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dashboard Beacon <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 31, 2025Unpatched
Version History

Dashboard Beacon Release Timeline

v1.2.0Current1 CVE
CVE-2025-49337
v1.1.01 CVE
CVE-2025-49337
v1.0.01 CVE
CVE-2025-49337
Code Analysis
Analyzed Mar 16, 2026

Dashboard Beacon Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

27% escaped15 total outputs
Attack Surface

Dashboard Beacon Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
actionplugins_loadedincludes\class-wp-dashboard-beacon.php:140
actionadmin_enqueue_scriptsincludes\class-wp-dashboard-beacon.php:155
actionadmin_enqueue_scriptsincludes\class-wp-dashboard-beacon.php:156
actionadmin_enqueue_scriptsincludes\class-wp-dashboard-beacon.php:157
actionadmin_menuincludes\class-wp-dashboard-beacon.php:158
actionadmin_initincludes\class-wp-dashboard-beacon.php:159
actionwp_enqueue_scriptsincludes\class-wp-dashboard-beacon.php:173
actionwp_enqueue_scriptsincludes\class-wp-dashboard-beacon.php:174
Maintenance & Trust

Dashboard Beacon Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedMay 14, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Dashboard Beacon Alternatives

WP Dash Support

WP Dash Support

wp-dash-support

A
85

A plugin that adds a contact form on the dashboard for developers to use to give clients an easier way to contact them.

10 No CVEs
Display PHP Version

Display PHP Version

display-php-version

A
85

Displays the currently installed PHP/MySQL version in the "At a Glance" admin dashboard widget.

30K No CVEs
WP Help

WP Help

wp-help

A
85

Site operators can create detailed, hierarchical documentation for the site's authors, editors, and contributors, viewable in the WordPress admin &hellip;

10K No CVEs
WP Client Reports

WP Client Reports

wp-client-reports

A
91

The best maintenance reporting tool for WordPress professionals. Display update statistics directly in the WordPress admin or send reports via email.

6K 2 CVEs
WP PHP Version Display

WP PHP Version Display

wp-php-version-display

A
92

Displays the current running PHP/MySQL version inside "At a Glance" admin dashboard widget.

3K No CVEs
Developer Profile

Dashboard Beacon Developer Profile

janhenckens

3 plugins · 50 total installs

63
trust score
Avg Security Score
77/100
Avg Patch Time
2188 days
View full developer profile
Detection Fingerprints

How We Detect Dashboard Beacon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-dashboard-beacon/admin/css/wp-dashboard-beacon-admin.css/wp-content/plugins/wp-dashboard-beacon/admin/js/wp-dashboard-beacon-beacon.js
Version Parameters
wp-dashboard-beacon-admin.css?ver=wp-dashboard-beacon-beacon.js?ver=

HTML / DOM Fingerprints

Data Attributes
hsb_allowed_user_roleshsb_helpscout_form_idhsb_helpscout_subdomainhsb_beacon_optionshsb_beacon_iconhsb_beacon_colour+3 more
JS Globals
hsb_settings
FAQ

Frequently Asked Questions about Dashboard Beacon