Cross-Site Request Forgery - [Disable Admin Notices - Hide Dashboard Notifications] Review | ww.wp.xz.cn

Celestial Petals
(@celestial-petals)

9 months, 3 weeks ago

Is there going to be a fix for the security risk? “The Disable Admin Notices individually plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.”

The topic ‘Cross-Site Request Forgery’ is closed to new replies.

0 replies
1 participant
Last reply from: Celestial Petals
Last activity: 9 months, 3 weeks ago