Smart Google Code Inserter <= 3.4 – Unauthenticated SQL Injection | CVE 2018-3811

Affects Plugins

smart-google-code-inserter

Fixed in 3.5

References

CVE

CVE-2018-3811

URL

https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html

URL

https://plugins.trac.wordpress.org/changeset/1777789/smart-google-code-inserter

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.8 (critical)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

4c6e235e-3b22-4097-be03-1e22e31cd280

Timeline

Publicly Published

2018-01-01 (about 8 years ago)

Added

2018-01-08 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2021-08-22

Title

WP iCommerce <= 1.1.1 - Authenticated (contributor+) SQL Injection

Published

2024-09-24

Title

WordPress Simple HTML Sitemap < 3.2 - Authenticated (Admin+) SQL Injection

Published

2025-07-24

Title

WooCommerce Point Of Sale (POS) <= 1.4 - Authenticated (Subscriber+) SQL Injection

Published

2014-08-01

Title

Z-Vote 1.1 - SQL Injection

Published

2014-08-01

Title

Events Calendar - SQL Injection