Site Kit by Google plugin for WordPress
CVE-2020-8934

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Site Kit By Google
Vendor: CVE Published:; 7 July 2023

What is CVE-2020-8934?

The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_scripts action which displays the connection key. This makes it possible for authenticated attackers with any level of access obtaining owner access to a site in the Google Search Console. We recommend upgrading to V1.8.1 or above.

Affected Version(s)

Site Kit By Google 0 <= 1.8.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/wo...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2023
Vulnerability Reserved
Feb 12, 2020

Credit

Chloe Chamberland - Wordfence

CVE-2020-8934 Data

JSON