Site Kit by Google – Analytics, Search Console, AdSense, Speed < 1.176.0 - Missing Authorization to Authenticated (Editor+) Settings Update

2026-06-25 00:00
Shashank

Strategic Overview

Vulnerability Overview

The Site Kit by Google – Analytics, Search Console, AdSense, Speed plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to 1.176.0 (exclusive). This makes it possible for authenticated attackers, with Editor-level access and above, to perform an unauthorized action.

Technical Analysis

REMEDIATION: Update to version 1.176.0, or a newer patched version --- IDENTIFIER: CWE-862 (Missing Authorization) The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

External References

Vulnerability data © Defiant, Inc., provided under the Wordfence Intelligence T&C

Site Kit by Google – Analytics, Search Console, AdSense, Speed < 1.176.0 - Missing Authorization to Authenticated (Editor+) Settings Update (CVE-2026-10753)