GHSA-8rqq-v4wf-9qrmLowCVSS 2.7

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API...

Published
June 24, 2026
Last Modified
June 24, 2026

🔗 CVE IDs covered (1)

📋 Description

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access (such as Editors) to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0 setting that should only be modifiable by administrators.

🔗 References (3)