PT-2026-21895 · WordPress · Disable Admin Notices – Hide Dashboard Notifications

Lukasz Sobanski

Publicado

2026-02-25

Atualizado

2026-02-25

CVE-2026-2410

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress versions up to and including 1.4.2

Description The Disable Admin Notices – Hide Dashboard Notifications plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is because of a lack of nonce validation in the showPageContent() function. An unauthenticated attacker could potentially add arbitrary URLs to the blocked redirects list by forging a request, provided they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update the Disable Admin Notices – Hide Dashboard Notifications plugin to a version newer than 1.4.2.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2026-2410

Produtos afetados

Disable Admin Notices – Hide Dashboard Notifications

PT-2026-21895 · WordPress · Disable Admin Notices – Hide Dashboard Notifications

CVE-2026-2410

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8