A critical vulnerability found in Google’s official WordPress plugin, Site Kit, could allow intruders access to Google Search Console to the targeted site.
The plugin, which has over 400,000 installations, is used to configure various Google products that offer insights like web traffic, revenue from advertisements, website speed and optimization into WordPress.
The Google Search Console Privilege Escalation vulnerability, which has now been fixed, was rated as critical as it could not only let the hackers access the Search Console but also modify sitemaps or tamper with search engine result pages (SERPs).