WP-Safety

WP Dashboard Messages Security & Risk Analysis

wordpress.org/plugins/wp-dashboard-messages

Show Messages on the WP Admin Dashboard.

400 active installs v1.1.7 PHP 5.6+ WP 4.8+ Updated Dec 5, 2025
admindashboard
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Dashboard Messages Safe to Use in 2026?

Generally Safe

Score 100/100

WP Dashboard Messages has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "wp-dashboard-messages" v1.1.7 plugin exhibits a generally strong security posture based on the provided static analysis. The plugin has no known vulnerabilities (CVEs), which is a significant positive indicator. Furthermore, the code analysis reveals a complete absence of dangerous functions and external HTTP requests, and all SQL queries utilize prepared statements. The output escaping is also remarkably high at 98%, and critical/high severity taint flows are non-existent. The presence of nonce and capability checks, although limited in number, demonstrates an awareness of secure coding practices.

However, the analysis does reveal a potential area of concern: the plugin performs file operations. While the static analysis doesn't indicate any immediate threats related to this, file operations can be a vector for vulnerabilities if not handled with extreme care, especially concerning user-supplied input or paths. The attack surface is reported as zero, meaning no direct entry points like AJAX, REST API, or shortcodes were detected. This, combined with the lack of known vulnerabilities, paints a picture of a well-developed and secure plugin. The absence of bundled libraries also removes a common source of security issues from outdated dependencies.

Key Concerns

  • File operations detected
Vulnerabilities
None known

WP Dashboard Messages Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Dashboard Messages Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
51 escaped
Nonce Checks
2
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

98% escaped52 total outputs
Attack Surface

WP Dashboard Messages Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actionwp_dashboard_setupinclude\DashboardMessages\Admin\Admin.php:29
actionadmin_enqueue_scriptsinclude\DashboardMessages\Admin\Admin.php:31
actionsave_post_dashboard_messageinclude\DashboardMessages\Compat\WPMU.php:38
actionadd_meta_boxesinclude\DashboardMessages\Compat\WPMU.php:40
filtermanage_dashboard_message_posts_columnsinclude\DashboardMessages\Compat\WPMU.php:42
filtermanage_dashboard_message_posts_custom_columninclude\DashboardMessages\Compat\WPMU.php:43
filtermap_meta_capinclude\DashboardMessages\Compat\WPMU.php:47
filterdashboard_messagesinclude\DashboardMessages\Compat\WPMU.php:48
filterdashboard_messages_queryinclude\DashboardMessages\Compat\WPMU.php:227
actionplugins_loadedinclude\DashboardMessages\Core\Core.php:26
actionadmin_initinclude\DashboardMessages\Core\Plugin.php:45
actionplugins_loadedinclude\DashboardMessages\Core\Plugin.php:47
actioninitinclude\DashboardMessages\PostType\PostType.php:43
filteruse_block_editor_for_post_typeinclude\DashboardMessages\PostType\PostType.php:47
actionadd_meta_boxesinclude\DashboardMessages\PostType\PostTypeDashboardMessage.php:42
filtermanage_dashboard_message_posts_columnsinclude\DashboardMessages\PostType\PostTypeDashboardMessage.php:46
filtermanage_dashboard_message_posts_custom_columninclude\DashboardMessages\PostType\PostTypeDashboardMessage.php:48
Maintenance & Trust

WP Dashboard Messages Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 5, 2025
PHP min version5.6
Downloads6K

Community Trust

Rating100/100
Number of ratings3
Active installs400
Alternatives

WP Dashboard Messages Alternatives

Admin Menu Editor

Admin Menu Editor

admin-menu-editor

A
96

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 3 CVEs
White Label CMS

White Label CMS

white-label-cms

A
93

Customise dashboard panels and branding, hide menus plus lots more.

200K 7 CVEs
Ultimate Dashboard – Custom WordPress Dashboard

Ultimate Dashboard – Custom WordPress Dashboard

ultimate-dashboard

A
97

The #1 Plugin to Customize the WordPress Dashboard!

60K 8 CVEs
Display PHP Version

Display PHP Version

display-php-version

A
85

Displays the currently installed PHP/MySQL version in the "At a Glance" admin dashboard widget.

30K No CVEs
Remove Dashboard Access

Remove Dashboard Access

remove-dashboard-access-for-non-admins

A
92

Disable Dashboard access for users of a specific role or capability. Disallowed users are redirected to a chosen URL. Get set up in seconds.

30K No CVEs
Developer Profile

WP Dashboard Messages Developer Profile

podpirate

6 plugins · 51K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
345 days
View full developer profile
Detection Fingerprints

How We Detect WP Dashboard Messages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-dashboard-messages/css/admin/edit-legacy.css/wp-content/plugins/wp-dashboard-messages/css/admin/edit.css/wp-content/plugins/wp-dashboard-messages/js/admin/edit.js
Version Parameters
wp-dashboard-messages/css/admin/edit.css?ver=wp-dashboard-messages/css/admin/edit-legacy.css?ver=wp-dashboard-messages/js/admin/edit.js?ver=

HTML / DOM Fingerprints

CSS Classes
dashboard-message-thumbnaildashboard-message-dismissnotice-dismiss
Data Attributes
data-uid
FAQ

Frequently Asked Questions about WP Dashboard Messages