WordPress Plugin Vulnerabilities

Smart Google Code Inserter <= 3.4 - Unauthenticated Cross-Site Scripting (XSS)

Description

The Smart Google Code Inserter WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
smart-google-code-inserter
Fixed in 3.5

References

CVE
CVE-2018-3810
URL
https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html
URL
https://plugins.trac.wordpress.org/changeset/1777789/smart-google-code-inserter

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
beae6685-b7de-46cb-addc-19cd7fdc4de7

Timeline

Publicly Published
2018-01-01 (about 8 years ago)
Added
2018-01-08 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2020-03-05
Title
Contact Form by WPForms < 1.5.9 - Authenticated Cross-Site Scripting (XSS)
Published
2026-04-03
Title
Royal Elementor Addons < 1.7.1050 - Contributor+ Stored XSS via REST API Meta Bypass
Published
2024-11-08
Title
Featured product by category name <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-06-06
Title
Essential Addons for Elementor < 6.1.13 - Contributor+ Stored XSS via Event Calendar Widget
Published
2023-01-04
Title
Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.3 - Contributor+ Stored XSS via Shortcode