Description
WordPress Plugin Smart Google Code Inserter is prone to multiple vulnerabilities, including security bypass and SQL injection vulnerabilities. Exploiting these issues could allow an attacker to perform otherwise restricted actions and subsequently insert arbitrary javascript or HTML code, or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Smart Google Code Inserter version 3.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.5 or latest
References
https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html
https://www.exploit-db.com/exploits/43420/
https://packetstormsecurity.com/files/145615/WordPress-Smart-Google-Code-Inserter-SQL-Injection.html
https://plugins.svn.wordpress.org/smart-google-code-inserter/trunk/readme.txt
Related Vulnerabilities
WordPress 4.8.x Denial of Service Vulnerability (4.8 - 4.8.5)
WordPress Plugin Quick Featured Images Cross-Site Scripting (12.3.5)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.10)
WordPress Plugin Booking Calendar Local File Inclusion (7.0)
Oracle Database Server CVE-2007-2114 Vulnerability (CVE-2007-2114)