logo

What We Know About The Vulnerability In Google Site Kit WordPress Plugin

Google Site Kit

Just recently, a serious vulnerability in the Google Site Kit WordPress plugin was found, which was fixed later on. This issue enables an attacker to rapidly increase website privileges, as well as change site maps, target a victim’s search visibility, and so on. Now, what more should SEO experts and webmasters understand about this problem?

Google Site Kit WordPress Plugin

Considered as a Google WordPress, the Site Kit is said to be affected by the vulnerability.

Google Site Kit generally shows data about a website in the WordPress Admin dashboard. It gathers the data from Google Analytics, Page Speed Insights, Google Search Console (GSC), AdSense, and other tools by Google.

WordFence’s researchers noticed the said issue and reported it to Google. Prior to updating the plugin, an announcement was released.

The announcement reads:

This is considered a critical security issue that could lead to attackers obtaining owner access to your site in Google Search Console.

Owner access allows an attacker to modify sitemaps, remove pages from Google search engine result pages (SERPs), or to facilitate black hat SEO campaigns

Privilege Escalation Vulnerability

The vulnerability impacting Site Kite is said to be a Privilege Escalation exploit. This particular exploit only works if the attacker is registered, such as a subscriber, on the WordPress site. In such cases, the attacker can find or create a security hole.

Registering as a subscriber such generally provide limited access on websites. Due to the vulnerability, attackers are able to  access admin level website privileges that they are not entitled to.

Chloe Chamberland, security researcher in WordFence, uncovered the issue on 21 April and notified Google right away. Google Google released a security patch to fix it on 7 May.

This is Chamberland’s statement about the issue:

Connecting two systems, like a WordPress site and Google’s site ownership tools, always comes with some degree of risk. Ensuring the integration between both systems is secured is critically important.

When companies like Google have an easy-to-find vulnerability disclosure policy in place, it helps researchers get fixes out quickly to end users.

As the space matures, we’re seeing more developers publishing clear Vulnerability Disclosure Policies, but more needs to be done to ensure that security researchers and developers can quickly connect and make the web safer for us all

Those that subscribe to the WordFence Premium security plugin would have benefited from same day protection from the exploit weeks prior to the patch released by Google.

Versions Of Site Kit Impacted By The Issue

The vulnerability can impact those versions below 1.8.0. As for Site Kit version 1.8.0, it has been completely patched. Nevertheless, it is advised to still update the plugin as soon as possible.

Changelog

Again, the changelog of Google Site Kit WordPress plugin does confirm that the 1.8.0 version now holds a security update.

What Does Google Say About Merging Or Splitting Sites Being A Website Creation

In a tweet, John Mueller of Google stated that merging or splitting a website is like "essentially creating a new site". This raises the question that if the website merge or split is deemed necessary, will Google opt to view it as a new website creation? And perhaps, not carry over all of the sites legacy signals?

This is what Mueller said about such action looking more like a website creation:
Mueller

This SEO blog was based on the news from https://www.searchenginejournal.com/google-site-kit-vulnerability/367970/ and https://www.seroundtable.com/google-merging-or-splitting-sites-29446.html.

With the assistance of the right SEO agency, you can effortlessly improve your website's SERPs rankings. Want to know how our team can help? Visit Position1SEO homepage today.

google-site-kit
Author: Jason Ferry
Jason Ferry is an SEO specialist based in the United Kingdom. Taking pride in his many years of experience in the search engine optimisation industry, he has honed his skills in various digital marketing processes. From keyword marketing, website auditing, and link building campaigns, to social media monitoring, he is well-versed in all of them. Jason Ferry’s excellent skills in SEO, combined with his vast experience, makes him one of the best professionals to work with in the industry today. Not only does he guarantee outstanding output for everyone he works with, but also values a deep relationship with them as well.

Related  Posts

the benefits of an search engine optimisation audit
Search Engine Optimisation (SEO) is an essential ingredient for website success in the digital arena. The process of indexing and ranking websites on Search Engine Results Pages (SERP) requires constant evaluation. Therefore, it is vital to conduct an in-depth SEO audit to identify areas that need improvement. SEO audit is the process of evaluating a […]
search engine optimisation company
Search Engine Optimisation (SEO) is a crucial aspect of building a strong online presence. While many website owners focus on using keywords to rank higher on search engines, an SEO company can optimise your website in more ways than one. In this blog, we will explore the three areas an SEO company can improve upon […]
The importance of hiring a search engine optimisation consultant
Are you struggling to get your business noticed online? Is your website buried under a sea of search results? If your answer is yes, then it might be time to consider hiring an SEO consultant. With the ever-growing importance of online presence for businesses, it has become crucial to employ the right strategies to make […]