CVE-2018-3811 – CVE-2018-3811 is an unauthenticated SQL injecti... (How to Fix)

Q: What is the severity of CVE-2018-3811?

CVE-2018-3811 has a CVSS score of 9.8 (CRITICAL). CVE-2018-3811 is an unauthenticated SQL injection vulnerability in the Oturia Smart Google Code Inserter WordPress plugin. It allows attackers to execute arbitrary SQL queries on the database through the saveGoogleAdWords() function. Any WordPress site running the plugin before version 3.5 is affected.

📋 TL;DR

CVE-2018-3811 is an unauthenticated SQL injection vulnerability in the Oturia Smart Google Code Inserter WordPress plugin. It allows attackers to execute arbitrary SQL queries on the database through the saveGoogleAdWords() function. Any WordPress site running the plugin before version 3.5 is affected.

💻 Affected Systems

Products:

Oturia Smart Google Code Inserter WordPress Plugin

Versions: All versions before 3.5

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with the vulnerable plugin active.

📦 What is this software?

Smart Google Code Inserter by Oturia

View all CVEs affecting Smart Google Code Inserter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, remote code execution, or site takeover.

🟠

Likely Case

Data exfiltration, authentication bypass, or modification of site content.

🟢

If Mitigated

Limited impact if database permissions are restricted and web application firewall blocks SQL injection patterns.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing and the exploit requires no authentication.

🏢 Internal Only: LOW - This is a web application vulnerability primarily affecting internet-facing systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available and exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5

Vendor Advisory: https://wordpress.org/plugins/smart-google-code-inserter/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Smart Google Code Inserter'. 4. Click 'Update Now' if available, or delete and reinstall version 3.5+. 5. Verify plugin version is 3.5 or higher.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the Smart Google Code Inserter plugin until patched.

wp plugin deactivate smart-google-code-inserter

Web Application Firewall rule

all

Block requests containing SQL injection patterns targeting the vulnerable endpoint.

🧯 If You Can't Patch

Remove the Smart Google Code Inserter plugin completely
Implement network-level blocking of requests to /wp-admin/admin-ajax.php with suspicious parameters

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Smart Google Code Inserter → Version number. If version is below 3.5, you are vulnerable.

Check Version:

wp plugin get smart-google-code-inserter --field=version

Verify Fix Applied:

Confirm plugin version is 3.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-admin/admin-ajax.php with action=saveGoogleAdWords containing SQL syntax in parameters
Unusual database queries from web server process

Network Indicators:

HTTP requests with SQL injection payloads in POST parameters
Traffic patterns matching known exploit code

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND (param="oId" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|create|alter)")

📊 Metadata

CVE ID: CVE-2018-3811

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 1, 2018

Last Updated: November 21, 2024

🔗 References

https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html Exploit,Third Party Advisory
https://wordpress.org/plugins/smart-google-code-inserter/#developers Release Notes,Third Party Advisory
https://wpvulndb.com/vulnerabilities/8988 Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/43420/ Exploit,Third Party Advisory,VDB Entry
https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html Exploit,Third Party Advisory
https://wordpress.org/plugins/smart-google-code-inserter/#developers Release Notes,Third Party Advisory
https://wpvulndb.com/vulnerabilities/8988 Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/43420/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-3811, you might also want to check these: