cleantalk
Vulnerabilities and Security Researches

Site Kit by Google – Analytics, Search Console, AdSense, Speed, CVE-2026-10753

CVE, Research URL

CVE-2026-10753

Home page URL

Security reports for Site Kit by Google – Analytics, Search Console, AdSense, Speed

Application

Site Kit by Google – Analytics, Search Console, AdSense, Speed

Published on
Jun 24, 2026
Research Description
The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access (such as Editors) to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0 setting that should only be modifiable by administrators.
Affected versions
max 1.176.0.
Status
vulnerable
Previous vulnerability researches
MDTF – Meta Data and Taxonomies Filter (CVE-2024-50451) , Oct 28, 2024
MDTF – Meta Data and Taxonomies Filter (CVE-2024-50450) , Oct 28, 2024
MDTF – Meta Data and Taxonomies Filter (CVE-2026-54843) , Jun 25, 2026
MDTF – Meta Data and Taxonomies Filter (CVE-2026-54845) , Jun 25, 2026
MDTF – Meta Data and Taxonomies Filter (CVE-2025-62069) , Nov 10, 2025
New vulnerability
WP Meta SEO (CVE-2026-9643) , Jun 25, 2026
WP Meta SEO (CVE-2026-11370) , Jun 25, 2026
Bulk SEO Image (CVE-2026-11997) , Jun 25, 2026
URL Preview (CVE-2026-12100) , Jun 25, 2026
24liveblog – live blog tool (CVE-2026-9183) , Jun 25, 2026