Skip to main content

Site Kit By Google

1 CVEs product

Monthly

CVE-2026-10753 LOW POC PATCH Monitor

Insufficient REST API authorization in the Site Kit by Google WordPress plugin before version 1.176.0 permits users with dashboard sharing access - such as those granted the Editor role - to write to a site-wide settings endpoint that should be restricted to administrators. The integrity impact is confined to plugin-level configuration, but the flaw is significant because dashboard sharing is commonly granted to non-admin contributors on multi-author sites. A publicly available proof-of-concept exists per WPScan; exploitation probability remains very low (EPSS 0.13%, 3rd percentile) and the vulnerability is not listed in the CISA KEV catalog.

WordPress Information Disclosure Google Site Kit By Google
NVD WPScan VulDB
CVSS 3.1
2.7
EPSS
0.1%
EPSS 0% CVSS 2.7
LOW POC PATCH Monitor

Insufficient REST API authorization in the Site Kit by Google WordPress plugin before version 1.176.0 permits users with dashboard sharing access - such as those granted the Editor role - to write to a site-wide settings endpoint that should be restricted to administrators. The integrity impact is confined to plugin-level configuration, but the flaw is significant because dashboard sharing is commonly granted to non-admin contributors on multi-author sites. A publicly available proof-of-concept exists per WPScan; exploitation probability remains very low (EPSS 0.13%, 3rd percentile) and the vulnerability is not listed in the CISA KEV catalog.

WordPress Information Disclosure Google +1
NVD WPScan VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy