Platform
wordpress
Component
add-google-social-profiles-to-knowledge-graph-box
Opgelost in
1.0.1
CVE-2026-1393 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Add Google Social Profiles to Knowledge Graph Box plugin for WordPress. This vulnerability allows unauthenticated attackers to manipulate the plugin's settings by tricking an administrator into performing actions. The vulnerability impacts versions 1.0.0 through 1.0, and a fix is expected in a future plugin release.
An attacker can exploit this CSRF vulnerability to modify the plugin's Knowledge Graph settings without authentication. This could involve altering the displayed social profiles, potentially leading to misinformation or phishing attacks targeting site visitors. Successful exploitation requires the attacker to convince a site administrator to click a malicious link containing the forged request. While the direct impact is limited to the plugin's settings, a compromised Knowledge Graph box could damage a website's credibility and user trust. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized modifications.
CVE-2026-1393 was publicly disclosed on 2026-03-21. No public proof-of-concept exploits are currently known. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
WordPress websites using the Add Google Social Profiles to Knowledge Graph Box plugin, particularly those with administrator accounts that do not have strong passwords or multi-factor authentication enabled, are at risk. Shared hosting environments where multiple websites share the same server resources are also potentially vulnerable.
• wordpress / composer / npm:
grep -r 'settings_update' /var/www/html/wp-content/plugins/add-google-social-profiles-to-knowledge-graph-box/• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=add_google_social_profiles_to_knowledge_graph_box_settings_update | grep -i 'referer'disclosure
Exploit Status
EPSS
0.01% (2% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-1393 is to upgrade to a patched version of the Add Google Social Profiles to Knowledge Graph Box plugin once available. Until a patch is released, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, enforce strong password policies and multi-factor authentication for all administrator accounts to reduce the risk of successful exploitation. Regularly review plugin settings for any unauthorized changes.
Geen bekende patch beschikbaar. Bestudeer de details van de kwetsbaarheid in detail en pas mitigaties toe op basis van de risicotolerantie van uw organisatie. Het kan het beste zijn om de getroffen software te verwijderen en een vervanging te vinden.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-1393 is a Cross-Site Request Forgery (CSRF) vulnerability in the Add Google Social Profiles to Knowledge Graph Box WordPress plugin, allowing attackers to modify plugin settings via forged requests.
If you are using the Add Google Social Profiles to Knowledge Graph Box plugin in versions 1.0.0–1.0, you are potentially affected by this vulnerability.
Upgrade to a patched version of the plugin as soon as it becomes available. Until then, implement a WAF with CSRF protection or enforce strong admin passwords.
As of now, there are no confirmed reports of active exploitation of CVE-2026-1393, but it is important to mitigate the risk proactively.
Check the plugin developer's website or WordPress plugin repository for updates and advisories related to CVE-2026-1393.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.