Description
Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar dashboard-widget-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Widget Sidebar: from n/a through <= 1.2.3.
Published: 2025-06-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the Dashboard Widget Sidebar plugin caused by incorrectly configured access control security levels. It can allow users who do not have permission to access certain dashboard features, potentially exposing sensitive configuration data or permitting unauthorized modifications.

Affected Systems

All versions of Morten Dalgaard Johansen’s Dashboard Widget Sidebar plugin up through 1.2.3 are affected.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate risk level, while the EPSS score of less than 1% suggests that exploitation is currently not a common occurrence. The plugin is not listed in the CISA KEV catalog. The likely attack vector is remote, wherein an attacker may craft requests to the plugin’s exposed endpoints to bypass the intended role checks. A successful exploitation would provide unauthorized access to dashboard operations, leading to potential data exposure or configuration changes.

Generated by OpenCVE AI on April 30, 2026 at 17:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Dashboard Widget Sidebar plugin to the latest version (≥ 1.2.4 if available) to apply the vendor‑issued fix targeting the missing authorization flaw.
  • If an upgrade is not immediately feasible, disable the plugin completely to prevent access to its dashboard‑related functionality until a patch can be applied.
  • Review and adjust user role definitions for the WordPress dashboard, ensuring that only authorized roles are granted access to dashboard features and that role checks are enforced consistently across all plugins.

Generated by OpenCVE AI on April 30, 2026 at 17:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28503 Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3. Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar dashboard-widget-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Widget Sidebar: from n/a through <= 1.2.3.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Fri, 27 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Jun 2025 13:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3.
Title WordPress Dashboard Widget Sidebar plugin <= 1.2.3 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:22.841Z

Reserved: 2025-06-27T11:58:59.924Z

Link: CVE-2025-53293

cve-icon Vulnrichment

Updated: 2025-06-27T17:01:11.625Z

cve-icon NVD

Status : Deferred

Published: 2025-06-27T14:15:50.973

Modified: 2026-04-23T15:32:26.427

Link: CVE-2025-53293

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T17:15:42Z

Weaknesses