CVE-2026-1393
CSRF Vulnerability in WordPress Add Google Social Profiles Plugin
Publication date: 2026-03-21
Last updated on: 2026-03-21
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wpbeaverbuilder | add_google_social_profiles_to_knowledge_graph_box | to 1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress has a vulnerability known as Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0.
This vulnerability exists because the plugin does not validate a security token (nonce) when updating its settings.
As a result, an attacker who is not authenticated can trick a site administrator into performing an action, such as clicking a malicious link, which causes the plugin's Knowledge Graph settings to be updated without the administrator's consent.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker to change the plugin's Knowledge Graph settings by tricking an administrator into clicking a link.
While it does not directly compromise confidentiality or availability, it can lead to unauthorized changes in the website's configuration, potentially affecting the integrity of the site's data or how information is presented.
The CVSS score of 4.3 indicates a low to medium severity impact, primarily affecting integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update or patch the Add Google Social Profiles to Knowledge Graph Box plugin for WordPress to a version that includes nonce validation on the settings update functionality.
If an update is not available, consider disabling or removing the plugin until a fix is released to prevent unauthenticated attackers from exploiting the Cross-Site Request Forgery vulnerability.
Additionally, educate site administrators to avoid clicking on suspicious links that could trigger forged requests.