Vulnerability Discovered in Site Kit by Google <= 1.7.1
https://www.wordfence.comSite Kit by Google WordPress plugin has 300,000+ active installations and can be used to display insights on a site’s visitors and search performance as well as advertising performance, page speed insights and other metrics from Google services in the WordPress dashboard. In versions prior to 1.7.1, there is a vulnerability that allows attackers to become a Google Search Console owner for any site running the Site Kit by Google plugin. ?
The issue has been fixed in Version 1.8.0 which is available now from the WordPress Plugin Repo.