|Number of vulnerabilities||1|
|Public exploit||Public exploit code for vulnerability #1 is available.|
Site Kit by Google
Web applications / Modules and components for CMS
|Vendor||google on WordPress.org|
This security bulletin contains one high risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the lack of capability checks on the "admin_enqueue_scripts" action. A remote authenticated attacker can become a Google Search Console owner for any site running the affected plugin.Mitigation
Install updates from vendor's website.Vulnerable software versions
Site Kit by Google: 1.0.0 - 1.7.1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?