The plugin, Site Kit by Google, was designed to provide site admins with information on how people find and use their websites, providing insights from critical Google tools, straight to the WordPress dashboard. The plugin has over 400,000 active installations.
The recently identified security flaw, which has already been patched by Google, is rated critical severity and has a CVSS score of 9.1. It could allow an attacker to obtain owner access to the Search Console and modify sitemaps or tamper with search engine result pages (SERPs).
