cleantalk
Vulnerabilities and Security Researches

Disable Admin Notices individually, CVE-2026-2410

CVE, Research URL

CVE-2026-2410

Home page URL

Security reports for Disable Admin Notices individually

Application

Disable Admin Notices individually

Published on
Feb 25, 2026
Research Description
The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing nonce validation in the `showPageContent()` function. This makes it possible for unauthenticated attackers to add arbitrary URLs to the blocked redirects list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.4.3.
Status
vulnerable
Previous vulnerability researches
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-2263) , Apr 13, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-0368) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2019-11872) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-24998) , Feb 27, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2018-18576) , Jun 07, 2024
New vulnerability
Membership Plugin – Restrict Content (CVE-2026-1321) , Apr 15, 2026
Membership Plugin – Restrict Content (CVE-2026-1304) , Apr 15, 2026
Document Embedder (CVE-2026-1389) , Apr 15, 2026
Easy Voice Mail (CVE-2026-1164) , Apr 15, 2026
Blocksy (CVE-2026-2583) , Apr 15, 2026