Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass

Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in smartgooglecode.php does not check if the...

WordPress Smart Google Code Inserter plugin <= 3.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found by Benjamin Lim in WordPress Smart Google Code Inserter plugin versions = 3.4. Solution Update the WordPress Smart Google Code Inserter plugin to the latest available version at least 3.5...

WordPress Smart Google Code Inserter plugin <=3.4 - Authorization bypass vulnerability

Authorization bypass vulnerability found by Benjamin Lim in WordPress Smart Google Code Inserter plugin versions =3.4. Solution Update the WordPress Smart Google Code Inserter plugin to the latest available version at least version 3.5...

WordPress Plugin Smart Google Code Inserter 3.5 - Authentication Bypass SQL Injection

WordPress Plugin Smart Google Code Inserter 3.5 - Authentication Bypass SQL Injection Exploit Title: Smart Google Code Inserter 3.5 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: http://oturia.com/...

WordPress Smart Google Code Inserter plugin <=3.4 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability found by Benjamin Lim in WordPress Smart Google Code Inserter plugin versions =3.4. Plugin function saveGoogleAdWords function in smartgooglecode.php file passes unsanitized $POST"oId" input into the SQL query. Solution Update the WordPress Smart Google Code...

WordPress Smart Google Code Inserter Plugin < 3.5 Multiple Vulnerabilities

The WordPress plugin Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

CVE-2018-3811

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords function in smartgooglecode.php did not use prepared statements and did not sanitize...

Sql injection

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords function in smartgooglecode.php did not use prepared statements and did not sanitize...

CVE-2018-3810

CVE-2018-3810 covers the Oturia WordPress Smart Google Code Inserter plugin before 3.5. An authentication bypass allows unauthenticated users to update the sgcgoogleanalytic parameter, causing arbitrary JavaScript/HTML to run on all WordPress pages via saveGoogleCode() which does not verify autho...

CVE-2018-3810

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in...

Smart Google Code Inserter <= 3.4 - Unauthenticated SQL Injection

The Smart Google Code Inserter WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...