PT-2026-47059

We just found and disclosed CVE-2026-10753 in Google's Site Kit, the official Google plugin running on 5M+ WordPress sites. Our team caught a broken access control flaw that slipped past everyone else. One REST API write endpoint checked for view level access when it should have required admin...

EUVD-2020-29765

Malware in sbrugna...

Malicious code in googlesitekit-api (npm)

The package googlesitekit-api was found to contain malicious code...

CVE-2020-8934

The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the adminenqueuescripts action which displays the connection key. This makes it possible for authenticated attacker...

CVE-2020-8934

The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the adminenqueuescripts action which displays the connection key. This makes it possible for authenticated attacker...

CVE-2020-8934

The CVE-2020-8934 entry concerns the Site Kit by Google WordPress plugin. Affected version range includes up to 1.8.0, with the root cause being missing capability checks on the admin_enqueue_scripts action that displays the connection key. This design flaw allowsAuthenticated attackers with any ...

WordPress plugin Site Kit by Google 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search Console Access

This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. PoC Steps to reproduce: 1. Log in as a subscriber on target WordPress site. 2. View the page source of /wp-admin and command+f to search...

Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search Console Access

This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin. Steps to reproduce: 1. Log in as a subscriber on target WordPress site. 2. View the page source of /wp-admin and command+f to search for...

WordPress Site Kit by Google plugin <= 1.7.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability found by Chloe Chamberland in WordPress Site Kit by Google plugin versions = 1.7.1. Solution Update the WordPress Site Kit by Google plugin to the latest available version at least 1.8.0...