cleantalk
Vulnerabilities and Security Researches

Disable Admin Notices individually, CVE-2026-2410

CVE, Research URL

CVE-2026-2410

Home page URL

Security reports for Disable Admin Notices individually

Application

Disable Admin Notices individually

Published on
Feb 25, 2026
Research Description
The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the `showPageContent()` function. This makes it possible for unauthenticated attackers to add arbitrary URLs to the blocked redirects list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.4.3.
Status
vulnerable
Previous vulnerability researches
Doofinder WP & WooCommerce Search (CVE-2023-40602) , Jun 07, 2024
Doofinder WP & WooCommerce Search (CVE-2023-49185) , Jun 07, 2024
Doofinder WP & WooCommerce Search (CVE-2023-51678) , Jun 07, 2024
Doofinder WP & WooCommerce Search (CVE-2024-25596) , Jun 07, 2024
Doofinder WP & WooCommerce Search (CVE-2026-39542) , Apr 14, 2026
New vulnerability
EmailKit -WooCommerce Email Customizer (CVE-2026-1925) , Apr 15, 2026
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2026-1651) , Apr 15, 2026
Contact Form builder with drag & drop for WordPress – Kali Forms (CVE-2026-1860) , Apr 15, 2026
Related Posts by Taxonomy (CVE-2026-0916) , Apr 15, 2026
Ivory Search – WordPress Search Plugin (CVE-2026-1053) , Apr 15, 2026