• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

BUG Security Issue with Disable Admin Notices Individually Plugin

Edeas

New member
Messages
1
Likes
0
Points
0
#1
I've recently seen the following security message regarding this plugin. Any ideas on if a fix is coming soon or an alternative plugin.

Disable Admin Notices individually <= 1.3.5 - Cross-Site Request Forgery


The Disable Admin Notices individually plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
 

timarion

New member
Messages
1
Likes
0
Points
0
#2
Came here to write about this vulnerability. I'm considering purchasing a lifetime product, but I'm wondering if these plugins get updated regularly.

How long has "Disable Admini Notices Individually" been at 1.3.5?