SQL injection (SQLi) vulnerability found by Benjamin Lim in WordPress Smart Google Code Inserter plugin (versions <=3.4). Plugin function saveGoogleAdWords() function in smartgooglecode.php file passes unsanitized $_POST[“oId”] input into the SQL query.
Update the WordPress Smart Google Code Inserter plugin to the latest available version (at least version 3.5).
CPE | Name | Operator | Version |
---|---|---|---|
smart google code inserter | le | 3.4 |