CVE-2026-3140

Name of the Vulnerable Software and Affected Versions The Ultimate Dashboard versions prior to 3.8.15

Description Cross-Site Request Forgery occurs due to a flawed nonce validation conditional in the handle module actions() function. This allows unauthenticated attackers to toggle plugin modules on or off by tricking a site administrator into clicking a forged link.

Recommendations Update to a version later than 3.8.14.