Platform
wordpress
Component
add-google-social-profiles-to-knowledge-graph-box
Fixed in
1.0.1
CVE-2026-1393 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Add Google Social Profiles to Knowledge Graph Box plugin for WordPress. This vulnerability allows unauthenticated attackers to manipulate the plugin's settings by tricking an administrator into performing actions. The vulnerability impacts versions 1.0.0 through 1.0, and a fix is expected in a future plugin release.
An attacker can exploit this CSRF vulnerability to modify the plugin's Knowledge Graph settings without authentication. This could involve altering the displayed social profiles, potentially leading to misinformation or phishing attacks targeting site visitors. Successful exploitation requires the attacker to convince a site administrator to click a malicious link containing the forged request. While the direct impact is limited to the plugin's settings, a compromised Knowledge Graph box could damage a website's credibility and user trust. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized modifications.
CVE-2026-1393 was publicly disclosed on 2026-03-21. No public proof-of-concept exploits are currently known. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-1393 is to upgrade to a patched version of the Add Google Social Profiles to Knowledge Graph Box plugin once available. Until a patch is released, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, enforce strong password policies and multi-factor authentication for all administrator accounts to reduce the risk of successful exploitation. Regularly review plugin settings for any unauthorized changes.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-1393 is a Cross-Site Request Forgery (CSRF) vulnerability in the Add Google Social Profiles to Knowledge Graph Box WordPress plugin, allowing attackers to modify plugin settings via forged requests.
If you are using the Add Google Social Profiles to Knowledge Graph Box plugin in versions 1.0.0–1.0, you are potentially affected by this vulnerability.
Upgrade to a patched version of the plugin as soon as it becomes available. Until then, implement a WAF with CSRF protection or enforce strong admin passwords.
As of now, there are no confirmed reports of active exploitation of CVE-2026-1393, but it is important to mitigate the risk proactively.
Check the plugin developer's website or WordPress plugin repository for updates and advisories related to CVE-2026-1393.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.