CVE-2022-4310

🗓️ 09 Jan 2023 22:13:26Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 71 Views🌐 WEB

The Slimstat Analytics WordPress plugin is vulnerable to Stored XSS via unescaped URI in request logging

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2022-4310	10 Jan 202302:27	–	circl
CNNVD	WordPress Plugin Slimstat Analytics 跨站脚本漏洞	9 Jan 202300:00	–	cnnvd
Cvelist	CVE-2022-4310 Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS	9 Jan 202322:13	–	cvelist
EUVD	EUVD-2022-51665	3 Oct 202520:07	–	euvd
NVD	CVE-2022-4310	9 Jan 202323:15	–	nvd
OpenVAS	WordPress Slimstat Analytics Plugin < 4.9.3 XSS Vulnerability	11 Jan 202300:00	–	openvas
Prion	Cross site scripting	9 Jan 202323:15	–	prion
Positive Technologies	PT-2023-14176 · WordPress · Slimstat Analytics	9 Jan 202300:00	–	ptsecurity
RedhatCVE	CVE-2022-4310	23 May 202500:33	–	redhatcve
Vulnrichment	CVE-2022-4310 Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS	9 Jan 202322:13	–	vulnrichment

NVD

Vulners

Node

wp-slimstat slimstat_analyticsRange<4.9.3wordpress

[
  {
    "vendor": "Unknown",
    "product": "Slimstat Analytics",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.9.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/b1aef75d-0c84-4702-83fc-11f0e98a0821

Parameter	Position	Path	Description	CWE
s	query param	/?s=\"><script>alert(/XSS/)</script>	Stored XSS due to unsanitised URI in logging requests; could be triggered when an admin views logs	CWE-79

09 Apr 2025 20:15Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.1

EPSS0.01842

SSVC