प्लेटफ़ॉर्म
wordpress
घटक
star-review-manager
में ठीक किया गया
1.2.3
CVE-2026-1076 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Star Review Manager plugin for WordPress. This flaw allows unauthenticated attackers to modify the plugin's CSS settings by crafting malicious requests, potentially impacting site aesthetics and user experience. The vulnerability impacts versions 0.0.0 through 1.2.2, and a patch is expected to be released by the plugin developer.
The primary impact of this CSRF vulnerability lies in the ability of an attacker to manipulate the Star Review Manager plugin's CSS settings. While this might seem cosmetic, it could be leveraged for more malicious purposes. An attacker could alter the plugin's appearance to mislead users, potentially concealing legitimate content or injecting malicious elements. Furthermore, if the CSS settings control other aspects of the plugin's functionality, an attacker could potentially gain further control. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized modifications.
This vulnerability was publicly disclosed on January 24, 2026. No public proof-of-concept (PoC) code has been released at the time of writing. The EPSS score is pending evaluation, but the relatively straightforward nature of CSRF exploitation suggests a potential for medium-level exploitation probability. Monitor CISA and WordPress security advisories for updates.
WordPress websites utilizing the Star Review Manager plugin, particularly those with shared hosting environments or lacking robust access controls, are at increased risk. Sites where administrators frequently click on links from untrusted sources are also more vulnerable.
• wordpress / composer / npm:
grep -r 'settings_update' /var/www/html/wp-content/plugins/star-review-manager/• wordpress / composer / npm:
wp plugin list --status=inactive | grep 'star-review-manager'• wordpress / composer / npm:
wp plugin list --status=active | grep 'star-review-manager'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.01% (0% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-1076 is to upgrade the Star Review Manager plugin to a version that includes the necessary nonce validation. Until an updated version is available, consider implementing a Web Application Firewall (WAF) rule to block requests to the plugin's settings page that lack proper authentication. Additionally, restrict access to the settings page to authorized administrators only. Monitor WordPress logs for suspicious activity related to the plugin’s settings, looking for unexpected changes to CSS files.
कोई ज्ञात पैच उपलब्ध नहीं है। कृपया भेद्यता (vulnerability) के विवरण की गहराई से समीक्षा करें और अपने संगठन के जोखिम सहनशीलता के आधार पर शमन (mitigations) लागू करें। प्रभावित सॉफ़्टवेयर को अनइंस्टॉल करना और एक प्रतिस्थापन खोजना सबसे अच्छा हो सकता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-1076 is a Cross-Site Request Forgery (CSRF) vulnerability in the Star Review Manager WordPress plugin, allowing attackers to modify CSS settings without authentication.
You are affected if your WordPress site uses the Star Review Manager plugin in versions 0.0.0 through 1.2.2.
Upgrade the Star Review Manager plugin to a patched version that includes nonce validation. Until then, use a WAF or restrict access to the settings page.
There is no confirmed active exploitation of CVE-2026-1076 at this time, but the vulnerability's nature suggests potential for exploitation.
Check the Star Review Manager plugin's official website or WordPress plugin repository for the latest advisory and patch information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।