平台
wordpress
组件
add-google-social-profiles-to-knowledge-graph-box
修复版本
1.0.1
CVE-2026-1393 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Add Google Social Profiles to Knowledge Graph Box plugin for WordPress. This vulnerability allows unauthenticated attackers to manipulate the plugin's settings by tricking an administrator into performing actions. The vulnerability impacts versions 1.0.0 through 1.0, and a fix is expected in a future plugin release.
An attacker can exploit this CSRF vulnerability to modify the plugin's Knowledge Graph settings without authentication. This could involve altering the displayed social profiles, potentially leading to misinformation or phishing attacks targeting site visitors. Successful exploitation requires the attacker to convince a site administrator to click a malicious link containing the forged request. While the direct impact is limited to the plugin's settings, a compromised Knowledge Graph box could damage a website's credibility and user trust. This vulnerability highlights the importance of proper nonce validation in WordPress plugins to prevent unauthorized modifications.
CVE-2026-1393 was publicly disclosed on 2026-03-21. No public proof-of-concept exploits are currently known. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
WordPress websites using the Add Google Social Profiles to Knowledge Graph Box plugin, particularly those with administrator accounts that do not have strong passwords or multi-factor authentication enabled, are at risk. Shared hosting environments where multiple websites share the same server resources are also potentially vulnerable.
• wordpress / composer / npm:
grep -r 'settings_update' /var/www/html/wp-content/plugins/add-google-social-profiles-to-knowledge-graph-box/• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=add_google_social_profiles_to_knowledge_graph_box_settings_update | grep -i 'referer'disclosure
漏洞利用状态
EPSS
0.01% (2% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-1393 is to upgrade to a patched version of the Add Google Social Profiles to Knowledge Graph Box plugin once available. Until a patch is released, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, enforce strong password policies and multi-factor authentication for all administrator accounts to reduce the risk of successful exploitation. Regularly review plugin settings for any unauthorized changes.
没有已知的补丁可用。请深入审查漏洞的详细信息,并根据您组织的风险承受能力采取缓解措施。最好卸载受影响的软件并寻找替代方案。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-1393 is a Cross-Site Request Forgery (CSRF) vulnerability in the Add Google Social Profiles to Knowledge Graph Box WordPress plugin, allowing attackers to modify plugin settings via forged requests.
If you are using the Add Google Social Profiles to Knowledge Graph Box plugin in versions 1.0.0–1.0, you are potentially affected by this vulnerability.
Upgrade to a patched version of the plugin as soon as it becomes available. Until then, implement a WAF with CSRF protection or enforce strong admin passwords.
As of now, there are no confirmed reports of active exploitation of CVE-2026-1393, but it is important to mitigate the risk proactively.
Check the plugin developer's website or WordPress plugin repository for updates and advisories related to CVE-2026-1393.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。