The Post to Google My Business plugin for WordPress, up to version 3.1.14, has a vulnerability that allows attackers to dismiss notifications without being authenticated. This is possible because the ajax_delete_notification function does not have proper nonce (number used once) validation. This means an attacker could trick a site administrator into clicking on a link or performing another action, and then use that action to dismiss notifications.