[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80130

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2018-3810

Date: (C)2018-01-02   (M)2018-01-10 


Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.

CVSS Score: 4.3Access Vector:
Exploit Score: Access Complexity:
Impact Score: Authentication:
 Confidentiality:
 Integrity:
 Availability:





Reference:
EXPLOIT-DB-43420
https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html
https://wordpress.org/plugins/smart-google-code-inserter/#developers
https://wpvulndb.com/vulnerabilities/8987

© 2013 SecPod Technologies