平台
wordpress
组件
star-review-manager
修复版本
1.2.3
CVE-2026-1076 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Star Review Manager plugin for WordPress. This flaw allows unauthenticated attackers to modify the plugin's CSS settings by crafting malicious requests, potentially impacting site aesthetics and user experience. The vulnerability impacts versions 0.0.0 through 1.2.2, and a patch is expected to be released by the plugin developer.
The primary impact of this CSRF vulnerability lies in the ability of an attacker to manipulate the Star Review Manager plugin's CSS settings. While this might seem cosmetic, it could be leveraged for more malicious purposes. An attacker could alter the plugin's appearance to mislead users, potentially concealing legitimate content or injecting malicious elements. Furthermore, if the CSS settings control other aspects of the plugin's functionality, an attacker could potentially gain further control. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized modifications.
This vulnerability was publicly disclosed on January 24, 2026. No public proof-of-concept (PoC) code has been released at the time of writing. The EPSS score is pending evaluation, but the relatively straightforward nature of CSRF exploitation suggests a potential for medium-level exploitation probability. Monitor CISA and WordPress security advisories for updates.
WordPress websites utilizing the Star Review Manager plugin, particularly those with shared hosting environments or lacking robust access controls, are at increased risk. Sites where administrators frequently click on links from untrusted sources are also more vulnerable.
• wordpress / composer / npm:
grep -r 'settings_update' /var/www/html/wp-content/plugins/star-review-manager/• wordpress / composer / npm:
wp plugin list --status=inactive | grep 'star-review-manager'• wordpress / composer / npm:
wp plugin list --status=active | grep 'star-review-manager'disclosure
漏洞利用状态
EPSS
0.01% (0% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-1076 is to upgrade the Star Review Manager plugin to a version that includes the necessary nonce validation. Until an updated version is available, consider implementing a Web Application Firewall (WAF) rule to block requests to the plugin's settings page that lack proper authentication. Additionally, restrict access to the settings page to authorized administrators only. Monitor WordPress logs for suspicious activity related to the plugin’s settings, looking for unexpected changes to CSS files.
没有已知的补丁可用。请深入审查漏洞的详细信息,并根据您组织的风险承受能力采取缓解措施。最好卸载受影响的软件并寻找替代方案。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-1076 is a Cross-Site Request Forgery (CSRF) vulnerability in the Star Review Manager WordPress plugin, allowing attackers to modify CSS settings without authentication.
You are affected if your WordPress site uses the Star Review Manager plugin in versions 0.0.0 through 1.2.2.
Upgrade the Star Review Manager plugin to a patched version that includes nonce validation. Until then, use a WAF or restrict access to the settings page.
There is no confirmed active exploitation of CVE-2026-1076 at this time, but the vulnerability's nature suggests potential for exploitation.
Check the Star Review Manager plugin's official website or WordPress plugin repository for the latest advisory and patch information.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。