EPSS
Percentile
36.2%
The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.
plugins.svn.wordpress.org//wp-slimstat/tags/4.1.6.1/readme.txt
plugins.trac.wordpress.org/changeset/1204104
www.openwall.com/lists/oss-security/2015/07/30/1