Plattform
wordpress
Komponente
add-google-social-profiles-to-knowledge-graph-box
Behoben in
1.0.1
CVE-2026-1393 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Add Google Social Profiles to Knowledge Graph Box plugin for WordPress. This vulnerability allows unauthenticated attackers to manipulate the plugin's settings by tricking an administrator into performing actions. The vulnerability impacts versions 1.0.0 through 1.0, and a fix is expected in a future plugin release.
An attacker can exploit this CSRF vulnerability to modify the plugin's Knowledge Graph settings without authentication. This could involve altering the displayed social profiles, potentially leading to misinformation or phishing attacks targeting site visitors. Successful exploitation requires the attacker to convince a site administrator to click a malicious link containing the forged request. While the direct impact is limited to the plugin's settings, a compromised Knowledge Graph box could damage a website's credibility and user trust. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized modifications.
CVE-2026-1393 was publicly disclosed on 2026-03-21. No public proof-of-concept exploits are currently known. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
WordPress websites using the Add Google Social Profiles to Knowledge Graph Box plugin, particularly those with administrator accounts that do not have strong passwords or multi-factor authentication enabled, are at risk. Shared hosting environments where multiple websites share the same server resources are also potentially vulnerable.
• wordpress / composer / npm:
grep -r 'settings_update' /var/www/html/wp-content/plugins/add-google-social-profiles-to-knowledge-graph-box/• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=add_google_social_profiles_to_knowledge_graph_box_settings_update | grep -i 'referer'disclosure
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-1393 is to upgrade to a patched version of the Add Google Social Profiles to Knowledge Graph Box plugin once available. Until a patch is released, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, enforce strong password policies and multi-factor authentication for all administrator accounts to reduce the risk of successful exploitation. Regularly review plugin settings for any unauthorized changes.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerability ausführlich und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-1393 is a Cross-Site Request Forgery (CSRF) vulnerability in the Add Google Social Profiles to Knowledge Graph Box WordPress plugin, allowing attackers to modify plugin settings via forged requests.
If you are using the Add Google Social Profiles to Knowledge Graph Box plugin in versions 1.0.0–1.0, you are potentially affected by this vulnerability.
Upgrade to a patched version of the plugin as soon as it becomes available. Until then, implement a WAF with CSRF protection or enforce strong admin passwords.
As of now, there are no confirmed reports of active exploitation of CVE-2026-1393, but it is important to mitigate the risk proactively.
Check the plugin developer's website or WordPress plugin repository for updates and advisories related to CVE-2026-1393.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.