Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2018-3810

Published: 01/01/2018 Updated: 16/01/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Oturia

Vulnerability Summary

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin prior to 3.5 for WordPress allows unauthenticated malicious users to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.

Vulnerable Product Search on Vulmon Subscribe to Product

oturia smart google code inserter

Vendor Advisories

Check Point Security Alerts: WordPress Oturia Smart Google Code Inserter Plugin Authentication Bypass (CVE-2018-3810)
Check Point Reference: CPAI-2018-2682 Date Published: 28 Feb 2024 Severity: Critical ...

Exploits

Exploit DB: WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection
Exploit Title: Smart Google Code Inserter &lt; 35 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: oturiacom/ Software Link: wordpressorg/plugins/smart-google-code-inserter/ Version: 34 Tested on: Kali Linux 20 CVE : CVE-2018-3810 ( ...
Exploit DB: WordPress Smart Google Code Inserter SQL Injection
WordPress Smart Google Code Inserter plugin versions prior to 35 suffers from a remote SQL injection vulnerability that allows for authentication bypass ...

Github Repositories

https://github.com/cved-sources/cve-2018-3810

cve-2018-3810

CVE-2018-3810 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2018-3810 Image author: githubcom/cved-sources/cve-2018-3810

References

CWE-287https://wordpress.org/plugins/smart-google-code-inserter/#developershttps://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.htmlhttps://www.exploit-db.com/exploits/43420/https://wpvulndb.com/vulnerabilities/8987https://nvd.nist.govhttps://github.com/cved-sources/cve-2018-3810https://www.exploit-db.com/exploits/43420/https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2018-2682.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook