CVE-2018-3811
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Guideline Violation), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.5+ 1 more
- (no CPE)range: <3.5
- (no CPE)range: <3.5
Patches
Vulnerability mechanics
References
4- limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.htmlnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/43420/nvdExploitThird Party AdvisoryVDB Entry
- wordpress.org/plugins/smart-google-code-inserter/nvdRelease NotesThird Party Advisory
- wpvulndb.com/vulnerabilities/8988nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.