A vulnerability classified as problematic was found in davidvongries Ultimate Dashboard Plugin up to 3.8.14 on WordPress. Affected by this issue is the function handle_module_actions. The manipulation results in cross-site request forgery.

This vulnerability is known as CVE-2026-3140. It is possible to launch the attack remotely. No exploit is available.