CVE-2020-8934

MEDIUM Year: 2020
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-252
View all →

Vulnerability Description

The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_scripts action which displays the connection key. This makes it possible for authenticated attackers with any level of access obtaining owner access to a site in the Google Search Console. We recommend upgrading to V1.8.1 or above.

Related Vulnerabilities

CVE-2021-29853

MEDIUM
CVSS:4.3(Medium)

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.

CWE-2522021

CVE-2023-3247

MEDIUM
CVSS:4.3(Medium)

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower rang...

CWE-2522023

CVE-2023-29243

MEDIUM
CVSS:4.4(Medium)

Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local acc...

CWE-2522023

CVE-2023-3013

MEDIUM
CVSS:4.4(Medium)

Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.

CWE-2522023

CVE-2023-4162

MEDIUM
CVSS:4.4(Medium)

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user l...

CWE-2522023

CVE-2023-23003

MEDIUM
CVSS:4.0(Medium)

In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.

CWE-2522023