Vulnerability Description
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oturia | Smart Google Code Inserter | < 3.5 |
Related Weaknesses (CWE)
References
- https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.htmlExploitThird Party Advisory
- https://wordpress.org/plugins/smart-google-code-inserter/#developersRelease NotesThird Party Advisory
- https://wpvulndb.com/vulnerabilities/8988Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/43420/ExploitThird Party AdvisoryVDB Entry
- https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.htmlExploitThird Party Advisory
- https://wordpress.org/plugins/smart-google-code-inserter/#developersRelease NotesThird Party Advisory
- https://wpvulndb.com/vulnerabilities/8988Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/43420/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-3811?
CVE-2018-3811 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveG...
How severe is CVE-2018-3811?
CVE-2018-3811 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-3811?
Check the references section above for vendor advisories and patch information. Affected products include: Oturia Smart Google Code Inserter.