Lucene search
K

191 matches found

Prion
Prion
added 2024/02/02 5:15 a.m.15 views

Cross site scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...

4.9CVSS6AI score0.00452EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/02 4:32 a.m.18 views

CVE-2024-1073 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...

6.4CVSS5.8AI score0.00452EPSS
Exploits0References3
OSV
OSV
added 2024/02/02 4:32 a.m.18 views

CVE-2024-1073 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...

6.4CVSS6.9AI score0.00452EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/02/02 4:32 a.m.18 views

CVE-2024-1073 SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-leve...

6.4CVSS6.8AI score0.00452EPSS
Exploits0References3
CVE
CVE
added 2024/02/02 4:32 a.m.54 views

CVE-2024-1073

The CVE-2024-1073 entry concerns the SlimStat Analytics WordPress plugin (versions up to 5.1.3). The root cause is insufficient input sanitization and output escaping in the filter_array parameter, enabling stored Cross-Site Scripting. Authenticated attackers with subscriber-level access and abov...

6.4CVSS5.6AI score0.00452EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/02/02 12:0 a.m.6 views

WordPress plugin SlimStat Analytics security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.4CVSS6AI score0.00452EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.25 views

SlimStat Analytics < 5.1.4 - Subscriber+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'filterarray' parameter due to insufficient input sanitization and output escaping, allowing any authenticated users, such as subscriber, to inject arbitrary web scripts in pages that will execute whenever a user accesses...

4.9CVSS6AI score0.00452EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.4 views

PT-2024-16492 · WordPress · Slimstat Analytics

Name of the Vulnerable Software and Affected Versions: SlimStat Analytics plugin for WordPress versions up to, and including, 5.1.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

6.4CVSS6AI score0.00452EPSS
Exploits0References11
Patchstack
Patchstack
added 2024/02/01 12:0 a.m.11 views

WordPress Slimstat Analytics Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.1.3 Fixed in 5.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1073 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d8755898281f Credits Lucio Sá Requir...

6.4CVSS5.6AI score0.00452EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/11/06 8:15 a.m.18 views

CVE-2022-45373

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4...

9.8CVSS9.8AI score0.00517EPSS
Exploits0References1
Prion
Prion
added 2023/11/06 8:15 a.m.20 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4...

7.5CVSS7.8AI score0.00517EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/06 7:50 a.m.77 views

CVE-2022-45373

The CVE-2022-45373 entry affects the WordPress Slimstat Analytics plugin (vulnerable: 5.0.4, specifically 5.0.5 per Patchstack. Exploitation details are not described in the provided documents; no in-the-wild exploit status is stated. Other connected records corroborate the SQL injection vulnera...

9.8CVSS8.9AI score0.00517EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/06 7:50 a.m.22 views

CVE-2022-45373 WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4...

8.8CVSS7.2AI score0.00517EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/11/06 7:50 a.m.23 views

CVE-2022-45373 WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4...

8.8CVSS10AI score0.00517EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/06 7:50 a.m.19 views

CVE-2022-45373 WordPress Slimstat Analytics plugin <= 5.0.4 - SQL Injection (SQLi) vulnerability

A vulnerability in VeronaLabs Slimstat Analytics wp-slimstat.This issue affects Slimstat Analytics: from n/a through = 5.0.4...

8.8CVSS8.6AI score0.00517EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.5 views

PT-2023-14660 · Unknown · Slimstat Analytics

Name of the Vulnerable Software and Affected Versions: Slimstat Analytics versions n/a through 5.0.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendation...

9.8CVSS9.5AI score0.00517EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/11/06 12:0 a.m.4 views

WordPress Plugin Slimstat Analytics SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Slimstat...

9.8CVSS7.7AI score0.00517EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/10/25 12:0 a.m.28 views

WordPress Slimstat Analytics Plugin < 5.0.10 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wp-slimstat:slimstatanalytics"; ifdescription...

8.8CVSS7.6AI score0.00916EPSS
Exploits4References1
NVD
NVD
added 2023/10/20 7:15 a.m.57 views

CVE-2023-4598

The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.6AI score0.00916EPSS
Exploits4References3
Prion
Prion
added 2023/10/20 7:15 a.m.26 views

Sql injection

The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4CVSS6.4AI score0.00916EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder