WordPress plug-in vulnerability gives hackers Google Search Console access

Hack could expose 300,000 WordPress sites to back-hat SEO or complete takedowns

WordPress app icon on iOS device

Earlier this week, WordFence announced its threat intelligence team discovered a vulnerability within Site Kit by Google, a WordPress plugin that provides website owners easy access to critical Google tools and insights. The plug-in is currently installed on upward of 300,000 WordPress sites. The vulnerability allows for any authenticated user to become a Google Search Console owner for sites running the Google-owned plugin. 

WordFence filed a security issue report notifying Google of the issue on April 21, 2020. Google released a patch on May 7, 2020.

The Site Kit vulnerability is a critical security issue, as it could allow attackers to obtain owner access to a site within the Google Search Console. Such high-level access would allow hackers to modify sitemaps, remove pages from Google search engine results and even facilitate black-hat SEO campaigns. For many hackers, the ability to carry out such campaigns is particularly attractive.

Further, should a hacker obtain access to a website’s Google Search Console, they could also do things such as gaining access to a site’s Google Analytics data.

All in all, hackers being provided with access to a site’s Google Search Console has the potential to hurt a website’s search engine ranking. It could also have an impact on how websites and organizations compete when it comes to their search rankings and overall reputations on the web.

At this time, all Site Kit users have been urged to update the plug-in to the 1.8.0 version. Doing so will help to protect their websites against this critical vulnerability. According to Bleeping Computer, while nearly 200,000 website owners have updated Site Kit since the patch was released, over 100,000 sites have yet to put the patch in place. Meaning, many WordPress websites remain exposed to hackers looking to capitalize on this vulnerability.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Hackers sell $38 million in gift cards on Russian marketplace
hacking

Hackers sell $38 million in gift cards on Russian marketplace

7 Apr 2021
Personal data of 533 million Facebook users found on hacking forum
data protection

Personal data of 533 million Facebook users found on hacking forum

5 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021