CVE-2018-3811

Name of the Vulnerable Software and Affected Versions Oturia Smart Google Code Inserter plugin versions prior to 3.5

Description The issue allows unauthenticated attackers to execute SQL queries in the context of the web server due to a lack of prepared statements and sanitization of the oId variable in the saveGoogleAdWords() function.

Recommendations For Oturia Smart Google Code Inserter plugin versions prior to 3.5, update to version 3.5 or later to resolve the issue. As a temporary workaround, consider disabling the saveGoogleAdWords() function until a patch is available. Restrict access to the smartgooglecode.php file to minimize the risk of exploitation. Avoid using the oId variable in the affected SQL query until the issue is resolved.