Vulnerability Brief

CVE-2026-10753

• Severity: LOW
• CVSS score: 2.7

Technical summary

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access (such as Editors) to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0 setting that should only be modifiable by administrators.