A critical bug found in Google’s official WordPress plugin with 300,000 active installations could allow attackers to gain owner access to targeted sites’ Google Search Console. Site Kit is a WordPress plugin designed by Google to help site owners gain insight on how their visitors use and find their website via official stats collected from multiple Google tools and displayed directly in the WordPress dashboard. The vulnerability was discovered by the Wordfence Threat Intelligence team on April 21 and reported to the Google Security team. Google patched the vulnerability on May 7 with the release of Site Kit 1.8.0, after a patch was made public in the plugin’s Github Repository on May 4.
Source: https://www.bleepingcomputer.com/news/security/google-wordpress-plugin-bug-can-be-exploited-for-black-hat-seo/