Plattform
wordpress
Komponente
star-review-manager
Behoben in
1.2.3
CVE-2026-1076 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Star Review Manager plugin for WordPress. This flaw allows unauthenticated attackers to modify the plugin's CSS settings by crafting malicious requests, potentially impacting site aesthetics and user experience. The vulnerability impacts versions 0.0.0 through 1.2.2, and a patch is expected to be released by the plugin developer.
The primary impact of this CSRF vulnerability lies in the ability of an attacker to manipulate the Star Review Manager plugin's CSS settings. While this might seem cosmetic, it could be leveraged for more malicious purposes. An attacker could alter the plugin's appearance to mislead users, potentially concealing legitimate content or injecting malicious elements. Furthermore, if the CSS settings control other aspects of the plugin's functionality, an attacker could potentially gain further control. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized modifications.
This vulnerability was publicly disclosed on January 24, 2026. No public proof-of-concept (PoC) code has been released at the time of writing. The EPSS score is pending evaluation, but the relatively straightforward nature of CSRF exploitation suggests a potential for medium-level exploitation probability. Monitor CISA and WordPress security advisories for updates.
WordPress websites utilizing the Star Review Manager plugin, particularly those with shared hosting environments or lacking robust access controls, are at increased risk. Sites where administrators frequently click on links from untrusted sources are also more vulnerable.
• wordpress / composer / npm:
grep -r 'settings_update' /var/www/html/wp-content/plugins/star-review-manager/• wordpress / composer / npm:
wp plugin list --status=inactive | grep 'star-review-manager'• wordpress / composer / npm:
wp plugin list --status=active | grep 'star-review-manager'disclosure
Exploit-Status
EPSS
0.01% (0% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-1076 is to upgrade the Star Review Manager plugin to a version that includes the necessary nonce validation. Until an updated version is available, consider implementing a Web Application Firewall (WAF) rule to block requests to the plugin's settings page that lack proper authentication. Additionally, restrict access to the settings page to authorized administrators only. Monitor WordPress logs for suspicious activity related to the plugin’s settings, looking for unexpected changes to CSS files.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerability im Detail und setzen Sie Mitigationen basierend auf der Risikobereitschaft Ihrer Organisation ein. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-1076 is a Cross-Site Request Forgery (CSRF) vulnerability in the Star Review Manager WordPress plugin, allowing attackers to modify CSS settings without authentication.
You are affected if your WordPress site uses the Star Review Manager plugin in versions 0.0.0 through 1.2.2.
Upgrade the Star Review Manager plugin to a patched version that includes nonce validation. Until then, use a WAF or restrict access to the settings page.
There is no confirmed active exploitation of CVE-2026-1076 at this time, but the vulnerability's nature suggests potential for exploitation.
Check the Star Review Manager plugin's official website or WordPress plugin repository for the latest advisory and patch information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.