A new security vulnerability has been discovered in the widely used WordPress plugin, Disable Admin Notices Individually, affecting versions up to 1.3.5.
The flaw stems from missing or improper nonce validation in one of its functions, leaving it susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows attackers to exploit site administrators by tricking them into clicking malicious links, potentially performing unauthorized actions on their websites.
The plugin, known for helping users hide unwanted admin notifications in WordPress, has over 100,000 active installations. It offers features like selectively disabling notices for themes and plugins, as well as premium options such as ad redirect blocking, a compact notification panel, and the ability to hide admin bar items. However, this security lapse highlights a significant risk for its users.
Administrators using this plugin are advised to exercise caution and avoid clicking on unverified links in their WordPress dashboards. Developers are encouraged to release a patch promptly to address the issue. In the meantime, users should explore alternative security measures, such as installing security plugins or temporarily deactivating the affected plugin.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.