cleantalk
Vulnerabilities and Security Researches

Site Kit by Google – Analytics, Search Console, AdSense, Speed, 6aac99ec913d183de2f9c4649f2eb663fd071c83

CVE, Research URL

6aac99ec913d183de2f9c4649f2eb663fd071c83

Home page URL

Security reports for Site Kit by Google – Analytics, Search Console, AdSense, Speed

Application

Site Kit by Google – Analytics, Search Console, AdSense, Speed

Published on
May 21, 2020
Research Description
Site Kit by Google &#8211; Analytics, Search Console, AdSense, Speed [google-site-kit] < 1.8.0 Site Kit by Google <= 1.7.1 - Sensitive Information Disclosure The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.7.1. This is due to the lack of capability checks on the admin_enqueue_scripts action which displays the connection key. This makes it possible for authenticated attackers with any level of access obtaining owner access to a site in the Google Search Console.
Affected versions
max 1.8.0.
Status
vulnerable
Previous vulnerability researches
Site Kit by Google &#8211; Analytics, Search Console, AdSense, Speed (CVE-2020-8934) , Jun 07, 2024
Site Kit by Google &#8211; Analytics, Search Console, AdSense, Speed (b9b7ace7c8988b97aac899303cb3b7f012df932f) , Jun 07, 2024
Site Kit by Google &#8211; Analytics, Search Console, AdSense, Speed (CVE-2026-10753) , Jun 25, 2026
Site Kit by Google &#8211; Analytics, Search Console, AdSense, Speed , Jul 24, 2024
Site Kit by Google &#8211; Analytics, Search Console, AdSense, Speed (6aac99ec913d183de2f9c4649f2eb663fd071c83) , Jun 15, 2026
New vulnerability
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026
WP Meta SEO (CVE-2026-9643) , Jun 25, 2026
WP Meta SEO (CVE-2026-11370) , Jun 25, 2026
Bulk SEO Image (CVE-2026-11997) , Jun 25, 2026
URL Preview (CVE-2026-12100) , Jun 25, 2026