CVE-2018-3810
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Guideline Violation), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.5+ 1 more
- (no CPE)range: <3.5
- (no CPE)range: <3.5
Patches
Vulnerability mechanics
References
4- limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.htmlnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/43420/nvdExploitThird Party AdvisoryVDB Entry
- wordpress.org/plugins/smart-google-code-inserter/nvdRelease NotesThird Party Advisory
- wpvulndb.com/vulnerabilities/8987nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.