プラットフォーム
wordpress
コンポーネント
star-review-manager
修正版
1.2.3
CVE-2026-1076 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Star Review Manager plugin for WordPress. This flaw allows unauthenticated attackers to modify the plugin's CSS settings by crafting malicious requests, potentially impacting site aesthetics and user experience. The vulnerability impacts versions 0.0.0 through 1.2.2, and a patch is expected to be released by the plugin developer.
The primary impact of this CSRF vulnerability lies in the ability of an attacker to manipulate the Star Review Manager plugin's CSS settings. While this might seem cosmetic, it could be leveraged for more malicious purposes. An attacker could alter the plugin's appearance to mislead users, potentially concealing legitimate content or injecting malicious elements. Furthermore, if the CSS settings control other aspects of the plugin's functionality, an attacker could potentially gain further control. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized modifications.
This vulnerability was publicly disclosed on January 24, 2026. No public proof-of-concept (PoC) code has been released at the time of writing. The EPSS score is pending evaluation, but the relatively straightforward nature of CSRF exploitation suggests a potential for medium-level exploitation probability. Monitor CISA and WordPress security advisories for updates.
WordPress websites utilizing the Star Review Manager plugin, particularly those with shared hosting environments or lacking robust access controls, are at increased risk. Sites where administrators frequently click on links from untrusted sources are also more vulnerable.
• wordpress / composer / npm:
grep -r 'settings_update' /var/www/html/wp-content/plugins/star-review-manager/• wordpress / composer / npm:
wp plugin list --status=inactive | grep 'star-review-manager'• wordpress / composer / npm:
wp plugin list --status=active | grep 'star-review-manager'disclosure
エクスプロイト状況
EPSS
0.01% (0% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-1076 is to upgrade the Star Review Manager plugin to a version that includes the necessary nonce validation. Until an updated version is available, consider implementing a Web Application Firewall (WAF) rule to block requests to the plugin's settings page that lack proper authentication. Additionally, restrict access to the settings page to authorized administrators only. Monitor WordPress logs for suspicious activity related to the plugin’s settings, looking for unexpected changes to CSS files.
既知の修正パッチはありません。脆弱性の詳細を詳細に検討し、組織のリスク許容度に基づいて軽減策を実施してください。影響を受けるソフトウェアをアンインストールし、代替手段を見つけるのが最善かもしれません。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-1076 is a Cross-Site Request Forgery (CSRF) vulnerability in the Star Review Manager WordPress plugin, allowing attackers to modify CSS settings without authentication.
You are affected if your WordPress site uses the Star Review Manager plugin in versions 0.0.0 through 1.2.2.
Upgrade the Star Review Manager plugin to a patched version that includes nonce validation. Until then, use a WAF or restrict access to the settings page.
There is no confirmed active exploitation of CVE-2026-1076 at this time, but the vulnerability's nature suggests potential for exploitation.
Check the Star Review Manager plugin's official website or WordPress plugin repository for the latest advisory and patch information.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。