cvedb.io
CVE-2026-10753
LOW · CVSS 2.7
EPSS exploitation probability: 3%
Published 2026-06-24T07:16:26.063 · Last modified 2026-06-24T14:17:28.830

Summary

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access (such as Editors) to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0 setting that should only be modifiable by administrators.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.