What is CVE-2026-10753?

CVE-2026-10753 is a low-severity vulnerability in Site Kit By Google, classified under CWE-863 INCORRECT AUTHORIZATION. CVSS score: 2.7/10. Published 2026-06-24.

How severe is CVE-2026-10753?

Low severity. CVSS v3 base score is 2.7 out of 10.

Vulnerability in Site Kit By Google

CVE-2026-10753

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access (such as Editors) to modify a si…

EPSS: 0.001 (3.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N.

Affected products

Unknown Site Kit By Google — versions 0

References

contact@wpscan.com (technical-description, exploit, vdb-entry)

Frequently asked questions

What is CVE-2026-10753?: CVE-2026-10753 is a low-severity vulnerability in Site Kit By Google, classified under CWE-863 INCORRECT AUTHORIZATION. CVSS score: 2.7/10. Published 2026-06-24.
How severe is CVE-2026-10753?: Low severity. CVSS v3 base score is 2.7 out of 10.