Vulnerabilities and security researches fordisable-admin-notices disable-admin-notices

Apr 15, 2026

CVE, Research URL: CVE-2026-2410
Home page URL: Security reports for Disable Admin Notices individually
Application: Disable Admin Notices individually
Date: Feb 25, 2026
Research Description: The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the `showPageContent()` function. This makes it possible for unauthenticated attackers to add arbitrary URLs to the blocked redirects list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.4.3.
Status: vulnerable

Nov 16, 2024

CVE, Research URL: CVE-2024-52420
Home page URL: Security reports for Disable Admin Notices individually
Application: Disable Admin Notices individually
Date: Nov 19, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Disable Admin Notices individually allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through 1.3.5.
Affected versions: max 1.3.6.
Status: vulnerable