cleantalk
Vulnerabilities and Security Researches

Disable Admin Notices individually, CVE-2026-2410

CVE, Research URL

CVE-2026-2410

Home page URL

Security reports for Disable Admin Notices individually

Application

Disable Admin Notices individually

Published on
Feb 25, 2026
Research Description
The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the `showPageContent()` function. This makes it possible for unauthenticated attackers to add arbitrary URLs to the blocked redirects list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.4.3.
Status
vulnerable
Previous vulnerability researches
Disable Admin Notices individually (CVE-2026-2410) , Apr 15, 2026
Disable Admin Notices individually (CVE-2024-52420) , Nov 16, 2024
New vulnerability
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2026-1277) , Apr 15, 2026
FlatPM – Ad Manager, AdSense and Custom Code (CVE-2026-0690) , Apr 15, 2026
Spectra – WordPress Gutenberg Blocks (CVE-2026-0950) , Apr 15, 2026
Snow Monkey Forms (CVE-2026-1056) , Apr 15, 2026
Timeline Event History (CVE-2026-1127) , Apr 15, 2026