diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9a60d64d33408087290e887d27ca1deb5066637e..325f248203dd8f5f0ee946b6fef3cee0dc648a25 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,11 @@
+## [3.2.4] - 2024-03-11
+### Fixed
+- permission check on notice dismiss action
+
 ## [3.2.3] - 2023-04-06
 ### Fixed
 - fatal error if get_current_screen function return null
+
 ## [3.2.2] - 2023-03-03
 ### Added
 - security nonce in permanent dismissible notice ajax action
diff --git a/src/WPDesk/Notice/AjaxHandler.php b/src/WPDesk/Notice/AjaxHandler.php
index 263e84b7ff630f977fdbd356c785ffc01792e152..64c871754f1cfab287f9bfaff40f13a22ed72dae 100644
--- a/src/WPDesk/Notice/AjaxHandler.php
+++ b/src/WPDesk/Notice/AjaxHandler.php
@@ -78,25 +78,28 @@ class AjaxHandler implements HookablePluginDependant {
         if ( isset( $_POST[ self::POST_FIELD_NOTICE_NAME ] ) ) {
             $noticeName = sanitize_text_field( $_POST[ self::POST_FIELD_NOTICE_NAME ] );
 
+            $option_name = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName;
+            ajax_check_referer( $option_name, self::POST_FIELD_SECURITY );
+
+            if ( ! current_user_can( 'edit_posts' ) ) {
+                wp_send_json_error();
+            }
+
             if ( isset( $_POST[ self::POST_FIELD_SOURCE ] ) ) {
                 $source = sanitize_text_field( $_POST[ self::POST_FIELD_SOURCE ] );
             } else {
                 $source = null;
             }
 
-            $security = $_POST[ self::POST_FIELD_SECURITY ] ?? '';
-
             $option_name = PermanentDismissibleNotice::OPTION_NAME_PREFIX . $noticeName;
 
-            if ( wp_verify_nonce( $security, $option_name ) ) {
-                update_option(
-                    $option_name,
-                    PermanentDismissibleNotice::OPTION_VALUE_DISMISSED
-                );
-                do_action( 'wpdesk_notice_dismissed_notice', $noticeName, $source );
-                if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
-                    wp_send_json_success();
-                }
+            update_option(
+                $option_name,
+                PermanentDismissibleNotice::OPTION_VALUE_DISMISSED
+            );
+            do_action( 'wpdesk_notice_dismissed_notice', $noticeName, $source );
+            if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
+                wp_send_json_success();
             }
         }
         if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
@@ -105,4 +108,3 @@ class AjaxHandler implements HookablePluginDependant {
     }
 
 }
-