Description
WordPress Plugin Site Kit by Google is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently become a Google Search Console owner, allowing them to modify sitemaps, remove pages from Google search engine result pages (SERPs), or facilitate black hat SEO campaigns. WordPress Plugin Site Kit by Google version 1.7.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8.0 or latest
References
Related Vulnerabilities
WordPress Plugin Booster for WooCommerce Cross-Site Scripting (5.6.1)
WordPress Plugin jQuery Reply to Comment Cross-Site Request Forgery (1.31)
WordPress Plugin Contact Form 7 Zendesk Cross-Site Scripting (1.0.7)
WordPress Plugin Hellodialog Unspecified Vulnerability (1.0.2)
Jboss EAP Cryptographic Issues Vulnerability (CVE-2012-5575)