CVE-2020-8934

EPSS 0.04%
Veröffentlicht 07.07.2023 12:15:09
Zuletzt bearbeitet 21.11.2024 05:39:41
Quelle cve-coordination@google.com
Teams Watchlist Login
Unerledigt Login

The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_scripts action which displays the connection key. This makes it possible for authenticated attackers with any level of access obtaining owner access to a site in the Google Search Console. We recommend upgrading to V1.8.1 or above.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Site Kit SwPlatformwordpress Version < 1.8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.094

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cve-coordination@google.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/google-site-kit/site-kit-by-google-171-sensitive-information-disclosure

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8934

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8934

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8934

EUVD