Login Sign Up

CVE-2018-3810

9.8 CRITICAL
Cross-Site Scripting Authentication Bypass

📋 TL;DR

CVE-2018-3810 is an authentication bypass vulnerability in the Oturia Smart Google Code Inserter WordPress plugin that allows unauthenticated attackers to inject arbitrary JavaScript or HTML code into all WordPress pages. This affects WordPress sites using vulnerable versions of the plugin, potentially compromising all visitors.

💻 Affected Systems

Products:
  • Oturia Smart Google Code Inserter WordPress Plugin
Versions: Versions before 3.5
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with the vulnerable plugin active.

📦 What is this software?

Smart Google Code Inserter by Oturia

View all CVEs affecting Smart Google Code Inserter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover via malicious JavaScript injection leading to credential theft, malware distribution, or defacement of all pages.

🟠

Likely Case

Attackers inject malicious scripts to steal user sessions, redirect to phishing sites, or display unwanted advertisements.

🟢

If Mitigated

No impact if plugin is updated or disabled; limited impact if web application firewall blocks malicious payloads.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires sending a POST request to the vulnerable endpoint with malicious payload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.5 and later

Vendor Advisory: https://wordpress.org/plugins/smart-google-code-inserter/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Smart Google Code Inserter'. 4. Click 'Update Now' if available, or delete and reinstall latest version.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate smart-google-code-inserter

Block Vulnerable Endpoint

all

Use web server or WAF to block requests to /wp-admin/admin-ajax.php with sgcgoogleanalytic parameter.

🧯 If You Can't Patch

  • Remove plugin files from server completely
  • Implement strict WAF rules to block JavaScript injection patterns

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If version is below 3.5, system is vulnerable.

Check Version:

wp plugin get smart-google-code-inserter --field=version

Verify Fix Applied:

Confirm plugin version is 3.5 or higher and test that unauthenticated POST requests to admin-ajax.php with sgcgoogleanalytic parameter no longer update code.

📡 Detection & Monitoring

Log Indicators:

  • POST requests to /wp-admin/admin-ajax.php with sgcgoogleanalytic parameter from unauthenticated users
  • Unusual JavaScript code in plugin settings

Network Indicators:

  • HTTP POST to admin-ajax.php with sgcgoogleanalytic payload
  • External script loading from unexpected domains

SIEM Query:

source="web_server" AND uri_path="/wp-admin/admin-ajax.php" AND method="POST" AND params="sgcgoogleanalytic" AND user="-"

📊 Metadata

CVE ID: CVE-2018-3810
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: January 1, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-3810, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2019-1867 10.0

This vulnerability allows unauthenticated remote attackers to bypass authentication on Cisco Elastic...

Same vulnerability type (CWE-287)