Oturia Smart Google Code Inserter vulnerabilities
2 known vulnerabilities affecting oturia/smart_google_code_inserter.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2018-3810P1CRITICALCVSS 9.8ExploitedPoCfixed in 3.52018-01-01
CVE-2018-3810 [CRITICAL] CWE-287 CVE-2018-3810: Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for W
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current
nvd
CVE-2018-3811P2CRITICALCVSS 9.8PoCfixed in 3.52018-01-01
CVE-2018-3811 [CRITICAL] CWE-89 CVE-2018-3811: SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as inpu
nvd