Google WordPress Plugin Bug Allowed Attackers To Access Google Search Console
Google WordPress Plugin Bug Team Wordfence has found a critical security bug with a CVSS score of 9.1 in the official Google plugin for WordPress. According to their blog post, they found that the flaw in Site Kit by Google exposed the website’s Search Console. Site Kit by Google is a dedicated plugin for WordPress allowing the admins to see how the site performs.
Besides showing the stats, the plugin also facilitates the quick setup of Google tools. Presently, the plugin boasts more than 400,000 active installations. Briefly, the bug existed due to a lack of capability check on the admin_enqueue_scripts action. This exposed the proxySetupURL via the HTML source code of admin pages to authorized users with any privileges. Moreover, there also existed a similar lacking while handling verification requests from incoming users.
This allowed any authenticated user to send verification requests regardless of admin privileges. Consequently, an adversary with authenticated user access to the /wp-admin dashboard could gain owner access to the website’s Search Console. Regarding the potential threats associated with the exploitation of this bug, the researchers stated,
"Owner access allows an attacker to modify sitemaps, remove pages from Google search engine result pages (SERPs), or to facilitate black hat SEO campaigns."
Abeerah Hashim Attribution link: https://latesthackingnews.com/2020/05/15/google-wordpress-plugin-bug-allowed-attackers-to-access-google-search-console/