Vulnerability in Google WordPress Plugin Grants Attacker Search Console Access

On April 21st, the WordFence Threat Intelligence team discovered a vulnerability in Site Kit by Google, a WordPress plugin installed on over 300,000 sites. This flaw allows any authenticated user, regardless of capability, to become a Google Search Console owner for any site running the Site Kit by Google plugin.

You can find more information here: