Wordfence is also warning about a critical security failure with Disable 🙁
Hi @vegancake, @macwillard,
Thank you for taking the time to report this issue and helping us keep the plugin secure. Our development team is working on a fix and will include it in the next release.
Best regards,
I would like to inform you about a security issue reported by my website’s security plugin regarding “Disable Admin Notices individually”. The vulnerability affects all versions up to 1.3.6 and has been publicly disclosed as a Cross Site Request Forgery (CSRF) (CVE-2024-52420).
Currently, there is no fix available for this vulnerability, and the only recommended mitigation is to deactivate the plugin. This situation is concerning for users who rely on your plugin for WordPress administration.
Could you please provide an update on when a security patch will be released, or if there are any temporary mitigation steps we could apply to maintain security while using your plugin?
Best regards,
Antonio
dmac
(@darrenmcentee)
Hi, it’s been over a month now since the vulnerability has been reported. I see a fix has still not been released. Can you please clarify your fixed status urgently.
Hi @vegancake @darrenmcentee @iconet @macwillard,
The vulnerability was already patched with the latest release, we also informed the security channels to verify it so should soon disappear from warnings like those you see from Wordfence.
Thank you for your patience.
