Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

WordPress Slimstat Analytics Plugin < 5.0.10 XSS Vulnerability

🗓️ 31 Aug 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 17 Views

WordPress Slimstat Analytics Plugin < 5.0.10 XSS Vulnerability, allows authenticated contributors to inject arbitrary script

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
Prion		Cross site scripting
30 Aug 202302:15
prion
Vulnrichment		CVE-2023-4597
30 Aug 202301:45
vulnrichment
CVE		CVE-2023-4597
30 Aug 202302:15
cve
OSV		CVE-2023-4597
30 Aug 202302:15
osv
WPVulnDB		Slimstat Analytics < 5.0.10 - Contributor+ Stored XSS
30 Aug 202300:00
wpvulndb
Patchstack		WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to Cross Site Scripting (XSS)
29 Aug 202300:00
patchstack
NVD		CVE-2023-4597
30 Aug 202302:15
nvd
Cvelist		CVE-2023-4597
30 Aug 202301:45
cvelist
0day.today		WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection Vulnerabilities
11 Sep 202300:00
zdt
Wordfence Blog		Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin
11 Sep 202313:21
wordfence
Rows per page
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:wp-slimstat:slimstat_analytics";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.124422");
  script_version("2024-11-01T05:05:36+0000");
  script_tag(name:"last_modification", value:"2024-11-01 05:05:36 +0000 (Fri, 01 Nov 2024)");
  script_tag(name:"creation_date", value:"2023-08-31 08:38:00 +0000 (Thu, 31 Aug 2023)");
  script_tag(name:"cvss_base", value:"5.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-09-11 19:15:00 +0000 (Mon, 11 Sep 2023)");

  script_cve_id("CVE-2023-4597");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("WordPress Slimstat Analytics Plugin < 5.0.10 XSS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_wordpress_plugin_http_detect.nasl");
  script_mandatory_keys("wordpress/plugin/wp-slimstat/detected");

  script_tag(name:"summary", value:"The WordPress plugin 'Slimstat Analytics' is prone to
  a cross-site scripting (XSS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Authenticated attackers with contributor-level and above
  permissions are able to inject arbitrary web scripts in pages that will execute whenever a user
  accesses an injected page.");

  script_tag(name:"affected", value:"WordPress Slimstat Analytics plugin prior to version 5.0.10.");

  script_tag(name:"solution", value:"Update to version 5.0.10 or later.");

  script_xref(name:"URL", value:"https://www.wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe: CPE ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_is_less( version: version, test_version: "5.0.10" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "5.0.10", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

exit( 99 );

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
31 Aug 2023 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS35.4 - 6.4
EPSS0.00124
SSVC
wordpressxssvulnerabilitycontributor-levelupdategreenbone
17
.json
Report