What is CVE-2018-3810?

CVE-2018-3810 is a vulnerability in N/a. Published 2018-01-01.

Is CVE-2018-3810 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-3810

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on al…

EPSS: 0.922 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

nth347/CVE-2018-3810_exploit
cved-sources/cve-2018-3810
lucad93/CVE-2018-3810
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
developer3000S/PoC-in-GitHub
hectorgie/PoC-in-GitHub
n0-traces/cve_
nth347/CVE-2018-3810_

References

wordpress.org/plugins/smart-google-code-inserter/ (x_refsource_MISC)
limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html (x_refsource_MISC)
wpvulndb.com/vulnerabilities/8987 (x_refsource_MISC)
43420 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2018-3810?: CVE-2018-3810 is a vulnerability in N/a. Published 2018-01-01.
Is CVE-2018-3810 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.