CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2026/01/09 7:58 a.m.•7 views

WordPress SlimStat Analytics plugin <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Slimstat Analytics versions = 5.3.3...

7.2CVSS5.8AI score0.00247EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/01/09 7:41 a.m.•6 views

WordPress SlimStat Analytics plugin <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters vulnerability

Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Slimstat Analytics versions = 5.3.4...

7.2CVSS5.8AI score0.00247EPSS

Exploits0References1Affected Software1

NVD•added 2026/01/09 7:16 a.m.•7 views

CVE-2025-15055

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

NVD•added 2026/01/09 7:16 a.m.•3 views

CVE-2025-15057

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fh fingerprint parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the database. This makes it...

Vulnrichment•added 2026/01/09 6:34 a.m.•2 views

CVE-2025-15055 SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters

7.2CVSS4.9AI score0.00247EPSS

Cvelist•added 2026/01/09 6:34 a.m.•23 views

CVE-2025-15057 SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter

Vulnrichment•added 2026/01/09 6:34 a.m.•2 views

CVE-2025-15057 SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter

7.2CVSS4.8AI score0.00247EPSS

CVE•added 2026/01/09 6:34 a.m.•16 views

CVE-2025-15055

CVE-2025-15055 : WordPress SlimStat Analytics plugin is vulnerable to unauthenticated Stored Cross-Site Scripting via the notes and resource parameters in versions up to 5.3.4. The flaw arises from insufficient input sanitization and output escaping, enabling an attacker to inject script that exe...

7.2CVSS4.9AI score0.00247EPSS

Cvelist•added 2026/01/09 6:34 a.m.•24 views

CVE-2025-15055 SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters

CVE•added 2026/01/09 6:34 a.m.•18 views

CVE-2025-15057

CVE-2025-15057 affects the SlimStat Analytics WordPress plugin. It is a stored cross-site scripting vulnerability in the fingerprint parameter (fh) that is stored in the database and executed when an administrator views the Real-time Access Log report. Affected versions are all up to and includin...

7.2CVSS4.8AI score0.00247EPSS

Positive Technologies•added 2026/01/09 12:0 a.m.•6 views

PT-2026-1767

Name of the Vulnerable Software and Affected Versions SlimStat Analytics plugin for WordPress versions through 5.3.3 Description The SlimStat Analytics plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. The issue resides in...

7.2CVSS5.5AI score0.00247EPSS

Exploits0References4

CNNVD•added 2026/01/09 12:0 a.m.•4 views

WordPress plugin SlimStat Analytics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS6AI score0.00247EPSS

Positive Technologies•added 2026/01/09 12:0 a.m.•6 views

PT-2026-1766

Name of the Vulnerable Software and Affected Versions SlimStat Analytics plugin for WordPress versions prior to 5.3.5 Description The SlimStat Analytics plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the...

7.2CVSS6.1AI score0.00247EPSS

Exploits0References4

CNNVD•added 2026/01/09 12:0 a.m.•5 views

WordPress plugin SlimStat Analytics 跨站脚本漏洞

7.2CVSS6AI score0.00247EPSS

NVD•added 2026/01/08 5:15 p.m.•6 views

CVE-2026-22517

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...

5.4CVSS0.0017EPSS

Vulnrichment•added 2026/01/08 4:22 p.m.•3 views

CVE-2026-22517 WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability

5.4CVSS5.9AI score0.0017EPSS

Cvelist•added 2026/01/08 4:22 p.m.•19 views

CVE-2026-22517 WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability

5.4CVSS0.0017EPSS

CVE•added 2026/01/08 4:22 p.m.•10 views

CVE-2026-22517

CVE-2026-22517 : GA4WP (GA4WP – Google Analytics for WordPress) is affected by a Missing Authorization vulnerability. The issue affects GA4WP versions from unknown start up to and including 2.10.0. The CVSS 3.1 metrics published with the entry show a base score of 5.4 (Medium) with network attack...

5.4CVSS5.9AI score0.0017EPSS

NCSC•added 2026/01/08 12:28 p.m.•11 views

Vulnerabilities fixed in Hanwha camera systems

Hanwha has fixed vulnerabilities in several camera systems, including issues with XML validation, certificate validation, permissions management for guest accounts, video analytics and hard-coded encryption key. The vulnerabilities include an issue with the validation of incoming XML requests,...

9.3CVSS7.1AI score0.00369EPSS